Playing Slot Wanted Dead Or A Wild game means handing over personal data. This document lays out exactly how long we keep it, why, and what technical protections support each category—all aligned with UK GDPR, the Data Protection Act 2018, and PCI DSS. We manage identity documents, financial transactions, gameplay telemetry, responsible gambling markers, and marketing consents, each with its own retention clock. Identity records are kept for five years after account closure. Financial logs are stored for seven, matching HMRC requirements. Gameplay data receives 24 months before anonymisation kicks in. Full card numbers never enter our systems—only tokenised aliases—and every byte is secured. Independent auditors verify our automated deletion routines, and any schedule slip triggers a full incident response. A version-controlled policy log documents every edit, and we provide you 30 days’ notice before material changes become effective. Subject access and deletion requests are managed within statutory deadlines.
Consent for Marketing and Communication Logs
We keep your consent record—time-stamped, IP-stamped, and with capture method—for the duration of our association plus six years after cancellation, to satisfy PECR rules. Send logs for emails, push alerts, and SMS are held for only thirteen months. Cancelling consent right away blocks communications while preserving historical proof. A partitioned database guarantees suppression without latency, and consent logs are kept in a dedicated compliance archive. Dispatch records hold metadata only—topic, time stamp, state—not full message content. The six-year post-withdrawal period mirrors the statute of limitations for regulatory investigations. Quarterly audits verify no expired consents trigger mailings. We never personalise offers with gameplay or financial data beyond explicit permissions.
Core Definitions and Scope of Personal Data
We adopt a comprehensive approach on what counts as personal data. Direct identifiers—name, email, billing address, masked payment details—coexist with indirect signals like hashed IP addresses, device fingerprints, browser agents, and advertising tokens. Behavioural data includes session length, bet sizing, spin velocity, and how often feature triggers fire. Even pseudonymised logs can re-identify a person when stitched together, so we handle them as personal. Our lawful bases are contractual necessity, legitimate interest for fraud prevention, and explicit consent for game-related marketing. Full card numbers get tokenised before storage. We never collect special category data. Encryption and access controls apply uniformly, and retention rules cover live databases, archives, and backups without exception. Each window starts ticking from the last activity or transaction date, spelled out below. We reassess definitions every six months to keep pace with regulatory guidance.
SAR and Deletion Processes
When a subject access request arrives, we generate a organized JSON/CSV export of all non-purged data within one month, extendable by two months for complex cases. The export covers live databases, encrypted archives, and processor tokens, delivered via a one-time secure link that expires in 72 hours. For deletion, we cascade: immediate account suppression and token revocation, then scheduled erasure of all personal data not subject to legal hold. We produce a confirmation report specifying erased versus retained categories and their justifications. This report is kept as auditable proof for as long as the longest surviving data category. All requests are documented immutably for five years.
Technical Infrastructure and Data Location
All data is stored in UK-based ISO 27001 Tier III+ data centres, not copied outside the UK. A hot disaster recovery site in a separate UK zone syncs every six hours. Backups are encrypted client-side and follow identical retention rules. We enforce least privilege with hardware MFA for administrators, capturing their sessions in an immutable three-year audit trail. Multi-factor authentication integrates a hardware token and biometric check. Penetration tests are conducted quarterly, and an independent auditor confirms automated purge schedules. Any deviation raises a Severity 1 incident, reported to our DPO within four hours. We also maintain an air-gapped backup rotated weekly, following the same deletion policies.
Encryption Key Lifecycle Management
Master keys rotate every 90 days automatically inside an HSM. New keys are never exported in plaintext. Rotated keys are retained for the data’s retention period plus 12 months for lawful forensic access. When a data category is purged, its key is removed inside the HSM, making any backups unrecoverable. We assign each key to a single data partition, do not reuse, and conduct quarterly witnessed key ceremonies logged immutably for five years. The offline archive of old keys demands dual control and is stored on write-once media in a fireproof safe. Annual recovery drills guarantee forensic decryption works when needed. No plaintext key material ever exits the HSM boundary.
Gaming Session and Behavioural Analytics Data
Every spin on Wanted Dead Or a Wild records reel positions, RNG seed, and net outcome with microsecond precision. We keep these raw logs for twenty-four months, then condense them into an anonymous statistical digest used for game design. Session behavioural profiles—average bet, spin cadence, feature buy-ins—persist for the same 24-month window and are then deleted. Feature trigger heatmaps stay for 12 months before merging into a global model. RNG seed audit trails receive 36 months. Error diagnostics get 90 days. No individual gameplay data feeds into credit or marketing profiling. All logs are encrypted and off-limits to marketing teams.
- Spin-level logs: 24 months from event date, then anonymized aggregation
- Session behavioural profiles: 24 months from last session, then erased
- RNG seed audit trails: 36 months to comply with technical standards
- Feature trigger heatmaps: 12 months, then combined into global model
- Error and crash diagnostic logs: 90 days, then rotated out
Policy Evaluation and Breach Notification Protocols
We assess this policy every six months or upon material change to the game or regulation. Reviews are documented with DPO, CISO, and legal counsel. A public summary is published in our privacy centre, minus confidential details. Material changes are communicated 30 days ahead. Minor edits are silently recorded. If a breach occurs affecting data under this policy, we inform affected individuals within 72 hours if high risk, file with the ICO, and post a transparency notice. Third-party processor breaches must follow the same protocol. We hold a breach notification log audited quarterly. Post-incident reviews revise controls as needed. Biannual tabletop exercises model misconfigurations and ransomware to test our response.
Policy Versioning and Change Log
We maintain a version-controlled history of this policy with semantic versioning and plain-English summaries of each change. The log outlines exactly which sections changed and why. Previous versions remain accessible for comparison, so you can see precisely what was added or removed. Material modifications affecting your rights are transmitted via email at least thirty days in advance. Minor typographical fixes are deployed silently but still recorded. Each entry is cryptographically signed to prove integrity, and annual independent audits confirm the log’s accuracy. The log is a living document reflecting our evolving data practices. You can retrieve the full change log through a link in our privacy centre at any time. This transparent approach reflects our commitment to accountable data governance.
Account Registration and Verification of Identity Data
Primary identity records—government ID scans, residence proof, biometric selfie matches—are kept for five years after your last activity or account closure, whichever occurs later. This covers contractual time limits and anti-money laundering responsibilities. We retrieve only the necessary details: document number, expiration date, country of citizenship. The original image gets destroyed immediately after extraction. Once the five-year period pass, all raw data is erased, but a encrypted hash of the verification result remains for an additional two years inside an audit trail. Personal identity information sits stored encrypted with AES-256-GCM, stored away from analytics, and every retrieval is logged for a three-year period. Optional fields like birth location are discarded at verification stage to minimize the data size. Annual reviews verify precision and automatically remove expired entries.
File Upload and Biometric Processing
Upload an ID through our protected portal and automatic verification finishes within 90 seconds. We retrieve the document number, expiration date, nationality, and a trust score, then destroy the full-resolution image immediately—it never touches disk. The initial file stays in an memory buffer and is removed after processing. A reduced, marked small image is created for audit purposes and stored only for the identity verification period. That thumbnail lives in a write-once vault with strict controls and is never shared to support staff. Collected information are encrypted and kept for the five-year plus two-year hash timeframe. All processing runs on ISO 27001 certified UK servers, and every small image access is stored unchangeably.
Biometric Information Details
Liveness checks collect a quick video solely in memory. Images are analysed and discarded within milliseconds of time. Only a numerical vector of facial points persists. This numerical representation has no image data and cannot be reconstructed into a face. It is kept for the duration of identity verification and is irreversibly removed upon account termination or after 5 years. The data set sits in a dedicated HSM with automatic expiration and is never exported. Authentication checks happen inside the HSM’s safe environment without exposing the original vector. The vector is linked to a pseudonymous identifier separated from marketing profiles, which makes re-identifying extremely difficult. Even system administrators are unable to view or reconstruct facial attributes from the saved data.
Controlled Gambling and Self-Exclusion Registers
Stake limits, time checks, and timeout settings are saved for your account’s whole period and never deleted while it stays active. If you self-exclude, your hashed identity and device fingerprints are placed into a specialized exclusion register held without time limit under UKGC licence requirements. The register is encrypted separately, checked only at login or registration, and never used for analytics. Permission is restricted to qualified compliance staff, and all searches are tracked for three years. The register contains only identity blocks—no monetary or gameplay records. We review it annually to rectify errors and remove deceased individuals. If not, it is kept permanent. This retention is required and free from deletion requests.
Session Awareness and Session Limit Enforcement
Reality check timers use short-lived session counters that clear every 24 hours, starting anew from your first spin after midnight. Your preferred interval—say, 30 minutes—is kept persistently and routinely reactivates when you come back, even after a long break. Changing the interval mid-session introduces the new value instantly for the next reminder. These settings are deleted only upon validated account deletion. Session timer data resides in a dedicated, encrypted store separate from gameplay analytics. The 24-hour counter is based on play start, not midnight, for correctness. All timer configurations are auditable through the same three-year access log standard. We at no time profile or promote based on these settings.
Financial Transaction and Settlement Records
Deposit, withdrawal, and wager records are retained for seven years from the transaction date, per HMRC and FCA rules. We do not store full PANs or CVVs. We collect only the BIN, last four digits, and a tokenised identifier. Chargeback disputes suspend the contested record until final outcome, after which the seven-year clock restarts. Data is partitioned quarterly so automated purging operates cleanly, with monthly deletion runs verified by auditors. Tokenised card references stay valid only while your account is live and are erased within thirty days of termination. Combined, anonymised totals endure for financial reporting without any personal information. All financial data is secured and separated from marketing systems.
Tokenised Payment Instruments and Processor References
Payment gateways create vaulted tokens that map your card to a non-sensitive identifier. We keep them for the account lifetime plus a thirty-day grace period, then issue deletion commands to the processor and wipe our own mapping. The only trace left behind is an anonymised transaction hash used in aggregate reports, themselves removed after seven years. No usable credentials ever exist on our systems. We track token revocation daily and raise incidents if deletion is unsuccessful. Tokens are linked to our merchant code and cannot be used elsewhere. Weekly reconciliation validates authenticity, and tokens tied to lost or stolen cards are invalidated immediately. All token operations are recorded and auditable. Aggregate reports never expose individual transaction hashes.
