BREW IQ — PRIVACY POLICY
This Privacy Policy sets out how LOST IN TOWN BREWERY LTD collects and processes personal data in connection with the BREW IQ Platform. It explains what personal data we collect, how we use it, the lawful bases for processing, how long we retain it, and your rights under applicable data protection law (including UK GDPR and, where applicable, EU GDPR).
This Privacy Policy is provided in a layered format so that you can navigate to the specific sections set out below.
Please select the version that applies to you:
1. IMPORTANT INFORMATION AND WHO WE ARE
This Privacy Policy explains how LOST IN TOWN BREWERY LTD ("Company", "we", "us", "our") collects and uses your personal data when you access or use the BREW IQ mobile application, related web interfaces, and associated services (together, the "Platform").
We collect and process personal data when you:
- create an account or register on the Platform;
- participate in competitions or interactive features;
- make User Payments or receive prizes;
- contact us or submit enquiries;
- interact with us via email, social media or in-app messaging; or
- otherwise use the Platform.
Age Restrictions
The Platform is available to users aged 18 years and over. Individuals under the age of 18 may access the Platform and participate in free competitions only.
Users under 18 are strictly prohibited from paying entry fees, purchasing memberships, or entering any paid competitions. Where required, we may implement age verification measures to ensure compliance with applicable laws.
If we become aware that a user has misrepresented their age in order to access paid features, we reserve the right to suspend the account and take appropriate action, including deletion of personal data where legally required.
Controller
LOST IN TOWN BREWERY LTD (company number 15162932), registered in England and Wales with its registered office at 92 York Street, London, England, W1H 1QX, is the data controller responsible for your personal data for the purposes of UK GDPR, the Data Protection Act 2018, and where applicable, EU GDPR.
LOST IN TOWN BREWERY LTD acts as controller in respect of personal data processed through the BREW IQ Platform, including but not limited to:
- competition participation;
- age verification;
- User Payments made via the Platform;
- marketing and communications;
- platform security, fraud prevention and compliance monitoring; and
- account registration and profile management.
Where such providers process personal data on our behalf, they act as data processors under written agreements compliant with Article 28 UK GDPR. Where a third party processes personal data for its own regulatory or compliance purposes (for example, where an Exchange Partner carries out identity verification, anti-money laundering checks, or financial compliance screening), that third party acts as an independent data controller and will provide its own privacy notice governing that processing.
Blockchain Processing
Where personal data is embedded in or associated with blockchain transactions, such processing may involve decentralised network participants outside our direct control. In such cases, LOST IN TOWN BREWERY LTD determines the purposes and means of the initial processing but does not control the operation of independent blockchain nodes. We design our systems to minimise the use of personal data on-chain wherever possible.
Data Protection Contact
If you have any questions about this Privacy Policy, our data practices, or wish to exercise your legal rights, please contact:
Email: info@lostintown.co.uk
We will respond to all legitimate requests in accordance with applicable data protection law.
2. THE TYPES OF PERSONAL DATA WE COLLECT
Personal data means any information about an individual from which that person can be identified, either directly or indirectly. We may collect, use, store and transfer different kinds of personal data about you through your use of the BREW IQ Platform. We have grouped this data as follows:
- Identity Data: Includes first name, last name, username, display name, date of birth, and any information provided for identity verification purposes where required.
- Contact Data: Includes email address and, where provided, postal address and telephone number.
- Account Data: Includes login credentials, encrypted passwords, authentication data, account preferences.
- Transaction Data: Includes details of User Payments, entry fees, prize allocations, digital asset transfers, smart contract transaction hashes, and related payment history.
- Financial Data and Wallet: Includes blockchain wallet address, transaction identifiers, payment references, Exchange Partner account identifiers, and records of fiat conversion requests. We do not store private wallet keys.
- Technical Data: Includes internet protocol (IP) address, device identifier, login data, browser type and version, time zone setting, device operating system, app version, and other technology on the devices used to access the Platform.
- Profile Data: Includes username, preferences, competition participation history, prize history, and feedback responses.
- Usage Data: Includes information about how you use the Platform, competitions entered, features accessed, time spent within the Platform, and navigation behaviour.
- Compliance and Verification Data: Where required for regulatory or anti-fraud purposes, this may include information provided for identity verification, anti-money laundering (AML) checks, sanctions screening, or financial compliance checks. Such checks may be conducted by regulated Exchange Partners acting as independent data controllers.
- Marketing and Communications Data: Includes your preferences in receiving marketing communications from us and your communication preferences.
Blockchain Processing Note
Where User Payments are processed via blockchain infrastructure, certain transaction-related data (such as wallet addresses and transaction hashes) may be recorded on a decentralised ledger. While blockchain data is pseudonymous, it may constitute personal data where it can be linked to an identifiable individual. We design our systems to minimise personal data stored on-chain wherever possible.
Aggregated Data
We also collect, use, and share aggregated data such as statistical or demographic data for analytical and service improvement purposes. Aggregated data does not directly or indirectly identify you and therefore is not personal data under UK GDPR. For example, we may aggregate Usage Data to analyse trends in how users interact with competitions or specific Platform features in order to improve functionality and user experience.
3. HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you including through:
- creating an account on the BREW IQ Platform;
- entering your date of birth upon access to the Platform;
- entering competitions;
- making User Payments;
- participating in prize draws;
- requesting fiat withdrawals or conversions via an Exchange Partner;
- subscribing to updates or marketing communications;
- contacting us by email, in-app messaging, social media or otherwise; or
- providing feedback or responding to surveys.
Where identity verification is required (for example, for regulatory compliance relating to digital asset transactions), you may provide additional verification data either directly to us or to a regulated Exchange Partner.
Automated Technologies and Platform Interactions
As you interact with the BREW IQ Platform, we automatically collect certain Technical and Usage Data, including:
- IP address;
- device identifiers;
- operating system and app version;
- login timestamps;
- in-app activity;
- competition participation;
- wallet interactions;
- transaction metadata.
We collect this data using cookies (where applicable), software development kits (SDKs), server logs, device identifiers, analytics tools and similar technologies. Where blockchain-based payments are made, transaction identifiers and wallet addresses may be recorded on a decentralised ledger.
Blockchain Infrastructure
Where User Payments are processed via smart contracts deployed on blockchain networks, transaction data (including wallet addresses and transaction hashes) is generated and recorded automatically by the relevant blockchain protocol. We do not control independent blockchain nodes but design our systems to minimise personal data stored on-chain.
Third Parties and Service Providers
We may receive personal data about you from third parties including:
- Exchange Partners: Where you use a regulated digital asset exchange provider for wallet services, fiat conversion or compliance verification, that provider may share confirmation data with us (such as verification status or transaction confirmation). Exchange Partners act as independent data controllers for their own regulatory processing.
- Analytics providers: We use analytics providers to understand Platform usage and improve functionality.
- Cloud hosting and infrastructure providers: We use hosting providers to operate the Platform securely.
- App stores: Where you download the BREW IQ mobile application via an app store (e.g. Apple App Store or Google Play), we may receive limited technical and transactional information in accordance with that platform's policies.
- Fraud prevention and compliance providers: Where required, we may receive information from providers assisting with fraud monitoring, sanctions screening, anti-money laundering (AML) checks or regulatory compliance.
- Public sources: We may receive limited Identity or Contact Data from publicly available sources where required for compliance or verification purposes (for example, Companies House in the UK).
4. HOW WE USE YOUR PERSONAL DATA
Legal Basis
Under UK data protection law (UK GDPR and the Data Protection Act 2018), we must have a lawful basis for processing your personal data. We rely on the following legal bases:
- Performance of a contract (Article 6(1)(b) UK GDPR): We process your personal data where such processing is necessary to provide the BREW IQ Platform and related services to you, including registering and maintaining your account, enabling your participation in competitions, processing User Payments, allocating prizes, and providing customer support.
- Legitimate interests (Article 6(1)(f) UK GDPR): We may process your personal data where such processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include operating, maintaining and improving the BREW IQ Platform; detecting and preventing fraud; preventing abuse or misuse of competitions; maintaining Platform and network security; ensuring the integrity and reliability of smart contract functionality; conducting analytics and performance monitoring; and carrying out general business administration and planning.
- Legal obligation (Article 6(1)(c) UK GDPR): We process your personal data where such processing is necessary to comply with legal and regulatory obligations to which we are subject. This includes obligations relating to anti-money laundering requirements, sanctions screening, financial compliance duties, regulatory reporting, and responding to lawful requests, court orders or enquiries from competent authorities.
- Consent (Article 6(1)(a) UK GDPR): We rely on your consent where required by law, including for sending direct marketing communications (where applicable) and for placing non-essential cookies or similar tracking technologies on your device. Where we rely on consent, you have the right to withdraw your consent at any time, and such withdrawal will not affect the lawfulness of processing carried out prior to your withdrawal.
Purposes for Which We Use Your Personal Data
Below is a summary of how we use your personal data, the categories of data involved, and our lawful basis.
| Purpose / Use | Type of Data | Legal Basis & Retention |
|---|---|---|
| To register you as a user and create and maintain your account, and to verify your age (18+) | Identity, Contact, Account Data, Technical Data | Performance of contract (Article 6(1)(b)). Retained for the duration of your account and 6 years after closure. |
| To process User Payments and enable competition participation (entry fees, smart contracts, prizes, debt recovery) | Identity, Contact, Financial & Wallet Data, Transaction Data, Technical Data | Contract (6(1)(b)), Legitimate interests (6(1)(f)), Legal obligation (6(1)(c)). Financial records retained 6 years. Blockchain data may be indefinite. |
| To manage our relationship with you (notifications, support, service updates) | Identity, Contact, Profile Data, Marketing & Communications Data | Contract (6(1)(b)), Legal obligation (6(1)(c)), Legitimate interests (6(1)(f)). Retained up to 6 years after account closure. |
| To enable competition participation, manage entries, validate eligibility, execute smart contracts, allocate prizes | Identity, Contact, Profile Data, Usage Data, Financial & Wallet Data, Marketing & Communications Data | Contract (6(1)(b)), Legitimate interests (6(1)(f)), Legal obligation (6(1)(c)). Retained up to 6 years. Blockchain data may be indefinite. |
| To administer, operate and protect the Platform (maintenance, fraud detection, security, data analysis, hosting) | Identity, Contact, Technical Data, Usage Data, Transaction Data | Legitimate interests (6(1)(f)), Legal obligation (6(1)(c)). Technical logs retained up to 12 months; fraud/legal cases up to 6 years. |
| To deliver content, in-app promotions and measure marketing effectiveness | Identity, Contact, Profile Data, Usage Data, Marketing & Communications Data, Technical Data | Legitimate interests (6(1)(f)), Consent (6(1)(a)) where required. Marketing preferences retained up to 24 months after last interaction; analytics up to 12 months. |
| To use data analytics to improve the Platform and optimise competition mechanics | Technical Data, Usage Data, Profile Data | Legitimate interests (6(1)(f)); Consent (6(1)(a)) where non-essential cookies used. Analytics data retained up to 12 months. |
| To send marketing communications and personalised recommendations | Identity, Contact, Technical Data, Usage Data, Profile Data, Marketing & Communications Data | Consent (6(1)(a) and PECR) or Legitimate interests (6(1)(f)) where soft opt-in applies. Retained until consent withdrawn; suppression data retained indefinitely. |
| To carry out market research through surveys, beta testing, user experience studies | Identity, Contact, Profile Data, Usage Data, Marketing & Communications Data | Legitimate interests (6(1)(f)) or Consent (6(1)(a)). Survey responses retained up to 24 months. |
Direct Marketing
During the registration process on the BREW IQ Platform, you will be given the opportunity to choose whether you would like to receive marketing communications from LOST IN TOWN BREWERY LTD by email, in-app notification, SMS or other electronic means (where available). We will only send you electronic marketing communications where we have obtained your consent or where permitted under the "soft opt-in" rules under the Privacy and Electronic Communications Regulations (PECR).
You can withdraw your consent to marketing at any time. We do not sell your personal data. We will obtain your express opt-in consent before sharing your personal data with any third party for their own direct marketing purposes.
You can opt out of marketing communications at any time by:
- using the unsubscribe link included in any marketing email;
- adjusting your marketing preferences within your account settings; or
- contacting us at info@lostintown.co.uk
Cookies
The BREW IQ Platform and our website use limited technical storage mechanisms to ensure the Platform functions securely and effectively. We use strictly necessary cookies or similar technologies (such as local storage or session tokens) where required to:
- enable secure log-in and account authentication;
- maintain session integrity;
- ensure the proper functioning of competitions and smart contract interactions;
- prevent fraud, abuse, and unauthorised access; and
- support essential Platform security and operational functionality.
These technologies are necessary for the operation of the Platform and do not require your consent under UK law. We do not use analytics, tracking, advertising, or behavioural marketing cookies. You may configure your browser to block cookies; however, doing so may affect your ability to use certain core features of the Platform.
5. DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data where necessary and in accordance with applicable data protection law for the purposes set out in the section above. We may share your personal data with the following categories of recipients:
Service Providers (Data Processors)
Third-party providers who process personal data on our behalf in connection with operating and supporting the BREW IQ Platform, including:
- cloud hosting and infrastructure providers;
- IT support and cybersecurity providers;
- analytics and performance monitoring providers;
- customer support providers;
- payment service providers and digital asset infrastructure providers;
- Exchange Partners facilitating the conversion of digital assets into fiat currency;
- identity verification, fraud prevention, anti-money laundering (AML) and sanctions screening providers.
These third parties act as our data processors and are contractually required to process personal data only on our documented instructions and in accordance with applicable data protection law.
Professional Advisers
Lawyers, accountants, auditors, insurers and other professional advisers who provide professional services to us.
Regulators and Authorities
HM Revenue & Customs (HMRC), the Information Commissioner's Office (ICO), law enforcement bodies, courts, regulators or other authorities where disclosure is required by law or necessary to establish, exercise or defend legal claims.
Corporate Transaction Parties
Third parties to whom we may choose to sell, transfer, assign or merge parts of our business or our assets.
6. INTERNATIONAL TRANSFERS
Some of our third-party service providers, infrastructure providers and digital asset service partners may be located outside the United Kingdom. In addition, where blockchain infrastructure is used, transaction data may be recorded on decentralised networks that operate globally. This means your personal data may be transferred to, stored in, or accessed from countries outside the UK.
Where we transfer personal data outside the UK to countries that do not benefit from UK adequacy regulations, we ensure that a similar degree of protection is afforded to it by implementing appropriate safeguards, which may include:
- transferring personal data to countries that have been deemed by the UK Government to provide an adequate level of protection;
- entering into the UK International Data Transfer Agreement (IDTA);
- entering into the International Data Transfer Addendum to the European Commission's Standard Contractual Clauses;
- implementing additional technical and organisational safeguards where necessary.
Where we transfer personal data from the EEA to a country outside the EEA that is not subject to an adequacy decision of the European Commission, we implement appropriate safeguards including Standard Contractual Clauses (SCCs), the UK IDTA where applicable, or the UK Addendum to the SCCs.
You may request further information about the specific safeguards used for international transfers by contacting us at info@lostintown.co.uk.
Blockchain-Specific Note
Where User Payments are processed via blockchain infrastructure, transaction-related data (such as wallet addresses and transaction identifiers) may be recorded on decentralised networks that are not limited to a single geographic jurisdiction. We do not control the geographic location of independent blockchain nodes, and once recorded, blockchain data may be publicly accessible and immutable. We design our systems to minimise personal data stored on-chain wherever possible.
7. DATA SECURITY
We have implemented appropriate technical and organisational measures designed to protect your personal data in accordance with Article 32 UK GDPR. Our security measures include, where appropriate:
- encryption of data in transit and at rest;
- secure authentication and access controls;
- role-based access restrictions;
- secure cloud infrastructure;
- monitoring and logging of system activity;
- cybersecurity controls and vulnerability management processes;
- regular review of smart contract deployment and infrastructure integrity; and
- contractual security obligations imposed on third-party service providers.
Access to personal data is restricted to employees, contractors, service providers and advisers who have a legitimate business need to access it. We have procedures in place to detect, investigate and respond to suspected personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) and affected individuals where required by law.
8. DATA RETENTION
We will retain your personal data only for as long as reasonably necessary to fulfil the purposes for which we collected it. In general:
- Account information (including Identity, Contact and Profile Data) is retained for as long as your account remains active.
- If you close your account, we will delete or anonymise your personal data within a reasonable period unless we are required to retain it for legal or regulatory purposes.
- Transaction, Financial and Payment Data may be retained for up to six (6) years after the end of our relationship with you in order to comply with tax, accounting, anti-money laundering and financial reporting obligations.
- Technical and Usage Data may be retained for a shorter period unless required for security, fraud prevention, regulatory or evidential purposes.
- Marketing data is retained until you withdraw consent or opt out.
We may retain personal data for longer where necessary to establish, exercise or defend legal claims; in response to regulatory requests; or where we reasonably believe there is a prospect of litigation.
Where blockchain infrastructure is used, certain transaction-related records may be recorded on decentralised networks. Due to the immutable nature of blockchain technology, such records cannot be altered or deleted. However, we design our systems to minimise personal data stored on-chain and, where possible, personal data is stored off-chain and can be deleted or anonymised.
9. YOUR LEGAL RIGHTS
Under applicable data protection law (including UK GDPR and, where applicable, EU GDPR), you have a number of rights in relation to your personal data. These rights are not absolute and may be subject to certain conditions or exemptions. You have the right to:
- Access: Request access to your personal data (commonly known as a "subject access request"). This enables you to receive a copy of the personal data we hold about you and to understand how and why we are processing it.
- Rectification: Request correction of inaccurate or incomplete personal data that we hold about you.
- Erasure: Request erasure of your personal data in certain circumstances. Please note we may need to retain certain information to comply with legal, regulatory, tax, accounting, or anti-money laundering obligations. Where personal data has been recorded on blockchain infrastructure, certain transaction records may be technically immutable; in such cases, we will take reasonable steps to minimise the association of that data with you.
- Restriction of Processing: Request restriction of processing of your personal data in certain circumstances, for example if you contest the accuracy of the data; where the processing is unlawful but you do not want us to erase it; where we no longer require the data but you need it for legal claims; or while we verify overriding legitimate grounds following an objection.
- Object: Object to the processing of your personal data where we rely on legitimate interests as the legal basis, including certain types of profiling. You have an absolute right to object at any time to the processing of your personal data for direct marketing purposes.
- Data portability: Request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format. This right applies only to information you have provided to us where processing is based on consent or performance of a contract and carried out by automated means.
- Withdraw consent: Where we rely on consent as the legal basis for processing, you may withdraw your consent at any time. Withdrawal will not affect the lawfulness of processing carried out before consent was withdrawn.
No fee is usually required to exercise your rights. However, we may charge a reasonable fee or refuse to act if a request is manifestly unfounded, repetitive or excessive. We may request specific information from you to confirm your identity before responding to your request. We aim to respond to all valid requests within one month.
10. CONTACT DETAILS
If you have any questions about this privacy policy, about how we use your personal data, or if you wish to exercise any of your data protection rights, please contact us:
Data Protection / Privacy Enquiries
Email: info@lostintown.co.uk
Postal Address:
LOST IN TOWN BREWERY LTD
92 York Street
London, England
W1H 1QX
United Kingdom
We do not currently provide dedicated telephone support for data protection enquiries. Please contact us by email in the first instance.
11. COMPLAINTS
If you have concerns about how we handle your personal data, we encourage you to contact us first at info@lostintown.co.uk so that we can investigate and try to resolve your concerns promptly and fairly.
You also have the right to lodge a complaint at any time with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection matters:
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
United Kingdom
Telephone: 0303 123 1113
Website: www.ico.org.uk
If you are located in the European Union, you also have the right to lodge a complaint with the supervisory authority in your Member State of habitual residence, place of work, or place of the alleged infringement.
12. CHANGES TO THE PRIVACY POLICY
We keep this Privacy Policy under regular review to ensure it remains accurate and reflects how we process personal data. This version was last updated on 4th March 2026.
We may update this Privacy Policy from time to time to reflect changes in law, regulatory guidance, our business practices, or the functionality of the BREW IQ Platform. Where changes are material, we will take reasonable steps to notify you.
The personal data we hold about you must be accurate and up to date. Please inform us promptly if your personal data changes during your relationship with us, for example if you change your email address, wallet details, or other contact information.
13. THIRD-PARTY LINKS
The BREW IQ Platform and our website may contain links to third-party websites, applications, plug-ins, blockchain explorers, exchange providers, social media platforms, or other external services. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you. We do not control these third-party websites or services and are not responsible for their content, security, or privacy practices.
We encourage you to read the privacy notice of every third-party website or service you access before submitting any personal data.
14. ENGLISH LANGUAGE
Any translation of this policy is provided for convenience only. In the event of any inconsistency, discrepancy or conflict between the English version and any translated version, the English version shall prevail and be binding on the Parties.
1. IMPORTANT INFORMATION AND WHO WE ARE
This Privacy Policy explains how LOST IN TOWN BREWERY LTD ("Company", "we", "us", "our") collects and uses your personal data when you access or use the BREW IQ mobile application, related web interfaces, and associated services (together, the "Platform").
* The BREW IQ Platform operates free skill-based competitions. Participation in competitions does not require payment or entry fees.
We collect and process personal data when you:
- create an account or register on the Platform;
- participate in competitions, quizzes or other interactive features;
- receive prizes or rewards where applicable;
- contact us or submit enquiries;
- interact with us via email, social media or in-app messaging; or
- otherwise use the Platform.
Age Restrictions *
The Platform is intended for users aged 18 years and over. Individuals under the age of 18 may access the Platform and participate in free competitions only, subject to parental or legal guardian consent where required under applicable law. Participation in competitions on the BREW IQ Platform is free of charge and does not require the payment of entry fees.
If we become aware that a user has misrepresented their age or has accessed the Platform in breach of these age restrictions, we reserve the right to suspend or terminate the account and take appropriate action, including deletion of personal data where legally required.
Controller
LOST IN TOWN BREWERY LTD (company number 15162932), registered in England and Wales with its registered office at 92 York Street, London, England, W1H 1QX, is the data controller responsible for your personal data for the purposes of UK GDPR, the Data Protection Act 2018, and where applicable, EU GDPR.
LOST IN TOWN BREWERY LTD acts as controller in respect of personal data processed through the BREW IQ Platform, including but not limited to: competition participation; age verification; * prize allocation and distribution (no User Payments apply); marketing and communications; platform security, fraud prevention and compliance monitoring; and account registration and profile management.
Blockchain Processing
Where personal data is embedded in or associated with blockchain transactions, such processing may involve decentralised network participants outside our direct control. In such cases, LOST IN TOWN BREWERY LTD determines the purposes and means of the initial processing but does not control the operation of independent blockchain nodes. We design our systems to minimise the use of personal data on-chain wherever possible.
Data Protection Contact
Email: info@lostintown.co.uk
2. THE TYPES OF PERSONAL DATA WE COLLECT
We may collect, use, store and transfer different kinds of personal data about you. We have grouped this data as follows:
- Identity Data: Includes first name, last name, username, display name, date of birth, and any information provided for identity verification purposes where required.
- Contact Data: Includes email address and, where provided, postal address and telephone number.
- Account Data: Includes login credentials, encrypted passwords, authentication data, account preferences.
- Transaction Data *: Transaction Data includes details relating to competition participation, prize allocations, digital asset transfers (where prizes are distributed using blockchain infrastructure), and associated activity records.
- Financial Data and Wallet: Includes blockchain wallet address, transaction identifiers, payment references, Exchange Partner account identifiers, and records of fiat conversion requests. We do not store private wallet keys.
- Technical Data: Includes IP address, device identifier, login data, browser type and version, time zone setting, device operating system, app version, and other technology on the devices used to access the Platform.
- Profile Data: Includes username, preferences, competition participation history, prize history, and feedback responses.
- Usage Data: Includes information about how you use the Platform, competitions entered, features accessed, time spent within the Platform, and navigation behaviour.
- Compliance and Verification Data *: Where required for regulatory or anti-fraud purposes, this may include information provided for identity verification and fraud prevention checks. Such checks may be conducted by regulated Exchange Partners acting as independent data controllers.
- Marketing and Communications Data: Includes your preferences in receiving marketing communications from us and your communication preferences.
3. HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you including through:
- creating an account on the BREW IQ Platform;
- entering your date of birth upon access to the Platform;
- entering competitions;
- participating in competitions or prize draws;
- requesting fiat withdrawals or conversions via an Exchange Partner;
- subscribing to updates or marketing communications;
- contacting us by email, in-app messaging, social media or otherwise; or
- providing feedback or responding to surveys.
Blockchain Infrastructure *
Where prizes are distributed using blockchain infrastructure or smart contracts, transaction data (including wallet addresses and transaction identifiers) may be generated and recorded by the relevant blockchain protocol. We do not control independent blockchain nodes but design our systems to minimise personal data stored on-chain.
Third Parties and Service Providers
We may receive personal data about you from Exchange Partners, analytics providers, cloud hosting providers, app stores, and * identity verification and fraud prevention providers (note: for the free version, the scope of AML/sanctions screening is narrower as no paid participation fees apply).
4. HOW WE USE YOUR PERSONAL DATA
We rely on the same four legal bases as the paid version: performance of contract, legitimate interests, legal obligation, and consent. The purposes are largely the same, with the following key difference:
Processing for Competition Administration *
For the free version, the purpose of data processing for competition administration focuses on: managing free competitions and participation; executing smart contract transactions where prizes are distributed via blockchain; allocating prizes where applicable; and fraud prevention. There are no entry fees to collect or refund.
| Purpose / Use | Key Difference from Paid Version |
|---|---|
| Account registration and age verification | No change — same as paid version. |
| Competition administration and prizes * | No entry fees or User Payments processed. Prize allocation and blockchain prize distribution only. |
| Relationship management | No change — same as paid version. |
| Platform administration and security | No change — same as paid version. |
| Marketing and analytics | No change — same as paid version. |
| Compliance and regulatory * | Narrower scope — no AML obligations related to entry fee payments. Anti-fraud and identity verification for prize distribution only. |
Direct Marketing, Cookies, and Opt-Out
These provisions are identical to the paid version. Please refer to the paid version section above for full details on direct marketing, cookie usage, and opting out of communications.
5. DISCLOSURES OF YOUR PERSONAL DATA
We share your personal data with the same categories of recipients as the paid version, with one difference:
* For the free version, the list of service providers does not include AML and sanctions screening providers in relation to entry fees (as no entry fees apply). It does include identity verification and fraud prevention providers in relation to prize distribution where applicable.
The same professional advisers, regulators, authorities, and corporate transaction parties apply as described in the paid version.
6. INTERNATIONAL TRANSFERS
International transfer provisions are identical to the paid version. We apply the same UK adequacy, IDTA, and SCC safeguards. Please refer to the paid version section above for full details.
7. DATA SECURITY
Our security measures are identical to the paid version: encryption in transit and at rest, secure authentication, role-based access controls, secure cloud infrastructure, monitoring and logging, cybersecurity controls, smart contract review, and contractual security obligations on third-party service providers.
8. DATA RETENTION *
Retention periods are largely the same as the paid version, with the following difference:
- Account information retained for as long as your account remains active.
- If you close your account, we will delete or anonymise your personal data within a reasonable period unless we are required to retain it for legal or regulatory purposes.
- * Competition participation records, prize allocation records and associated activity logs may be retained for up to six (6) years for legal, contractual and regulatory compliance purposes. (Note: there are no User Payment records for the free version.)
- Technical and Usage Data may be retained for a shorter period unless required for security, fraud prevention, regulatory or evidential purposes.
- Marketing data is retained until you withdraw consent or opt out.
9. YOUR LEGAL RIGHTS
Your legal rights are identical to those described in the paid version: access, rectification, erasure, restriction of processing, objection, data portability, and withdrawal of consent. Please refer to the paid version section above for full details, including the blockchain limitation on erasure rights and the one-month response time limit.
10. CONTACT DETAILS
Data Protection / Privacy Enquiries
Email: info@lostintown.co.uk
Postal Address:
LOST IN TOWN BREWERY LTD
92 York Street
London, England
W1H 1QX
United Kingdom
We do not currently provide dedicated telephone support for data protection enquiries. Please contact us by email in the first instance.
11. COMPLAINTS
If you have concerns about how we handle your personal data, contact us first at info@lostintown.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
United Kingdom
Telephone: 0303 123 1113
Website: www.ico.org.uk
If you are located in the European Union, you also have the right to lodge a complaint with the supervisory authority in your Member State of habitual residence, place of work, or place of the alleged infringement.
12. CHANGES TO THE PRIVACY POLICY
This Privacy Policy is kept under regular review. This version was last updated on 4th March 2026. We may update this Privacy Policy from time to time. Where changes are material, we will take reasonable steps to notify you. Please inform us promptly if your personal data changes during your relationship with us.
13. THIRD-PARTY LINKS
The BREW IQ Platform and our website may contain links to third-party websites, applications, plug-ins, blockchain explorers, exchange providers, social media platforms, or other external services. We are not responsible for their content, security, or privacy practices. We encourage you to read the privacy notice of every third-party website or service you access before submitting any personal data.
14. ENGLISH LANGUAGE
Any translation of this policy is provided for convenience only. In the event of any inconsistency, discrepancy or conflict between the English version and any translated version, the English version shall prevail and be binding on the Parties.