Playing Wanted Dead Or a Wild Slot Wanted Dead Or A Wild Website game means providing personal data. This document lays out exactly how long we retain it, why, and what technical protections support each category—all built around UK GDPR, the Data Protection Act 2018, and PCI DSS. We process identity documents, financial transactions, gameplay telemetry, responsible gambling markers, and marketing consents, each with its specific retention clock. Identity records are kept for five years after account closure. Financial logs stay for seven, satisfying HMRC requirements. Gameplay data undergoes 24 months before anonymisation is applied. Full card numbers never enter our systems—only tokenised aliases—and every byte is secured. Independent auditors verify our automated deletion routines, and any schedule slip initiates a full incident response. A version-controlled policy log tracks every edit, and we provide you 30 days’ notice before material changes become effective. Subject access and deletion requests are managed within statutory deadlines.
Essential Definitions and Range of Personal Data
We adopt a comprehensive approach on what counts as personal data. Direct identifiers—name, email, billing address, masked payment details—sit alongside indirect signals like hashed IP addresses, device fingerprints, browser agents, and advertising tokens. Behavioural data covers session length, bet sizing, spin velocity, and how often feature triggers fire. Even pseudonymised logs can link back to a person when stitched together, so we handle them as personal. Our lawful bases are contractual necessity, legitimate interest for fraud prevention, and explicit consent for game-related marketing. Full card numbers get tokenised before storage. We never collect special category data. Encryption and access controls apply uniformly, and retention rules extend across live databases, archives, and backups without exception. Each window starts ticking from the last activity or transaction date, spelled out below. We reassess definitions every six months to stay aligned with regulatory guidance.
Consent for Marketing and Communication Logs
We keep your consent document—with time stamp, with IP address, and method-captured—for the duration of our partnership plus six years after withdrawal, to comply with PECR requirements. Send logs for electronic messages, push messages, and SMS are retained for only thirteen months. Revoking consent immediately halts communications while keeping historical proof. A divided database ensures suppression without lag, and consent logs are kept in a separate compliance archive. Delivery logs include metadata only—subject, time, condition—not full message body. The six-year post-withdrawal window matches the statute of limitations for regulatory probes. Quarterly audits confirm no expired consents trigger mailings. We never customise offers with gameplay or financial data beyond explicit authorisations.
Controlled Gambling and Self-Exclusion Registers
Betting limits, session reminders, and timeout settings are kept for your account’s entire duration and never purged while it is active. If you choose to ban yourself, your hashed identity and device fingerprints are placed into a dedicated exclusion register kept permanently under UKGC licence requirements. The register is encrypted separately, accessed only at login or registration, and never used for analytics. Access is restricted to qualified compliance staff, and all queries are recorded for three years. The register holds only identity blocks—no financial or gameplay records. We review it annually to correct errors and remove deceased individuals. Apart from that, it stays everlasting. This retention is required and free from deletion requests.
Time Check and Gaming Duration Enforcement
Reality check timers use short-lived session counters that reset every 24 hours, starting anew from your first spin after midnight. Your chosen interval—say, 30 minutes—is stored persistently and routinely reactivates when you return, even after a long break. Changing the interval mid-session introduces the new value instantly for the next reminder. These settings are deleted only upon verified account deletion. Session timer data sits in a specialized, encrypted store separate from gameplay analytics. The 24-hour counter is based on play start, not midnight, for correctness. All timer configurations are verifiable through the same three-year access log standard. We never categorize or advertise based on these settings.
Registration Account and Verification of Identity Data
Primary identity records—government ID scans, proof of address, selfie biometric matches—are retained for a five-year period after your last activity or account closure, whichever is later. This encompasses contractual limitation periods and AML obligations. We obtain only the necessary details: document ID, validity, country of citizenship. The original image gets deleted right after extraction. Once five years pass, all source data is erased, but a encrypted hash of the verification data remains for two more years inside an logging system. Identification data sits encrypted in storage with AES-256-GCM, stored away from analytics, and every data access is logged for a three-year period. Unnecessary fields like birth location are deleted at verification time to reduce the data size. Yearly audits verify accuracy and proactively delete expired entries.
File Upload and Biometric Handling
Upload an ID through our protected portal and automated validation finishes within a minute and a half. We extract the document number, validity, nationality, and a trust score, then delete the full-resolution image immediately—it never reaches storage. The source file stays in an temporary memory and disappears after handling. A compressed, stamped small image is produced for audit purposes and retained only for the identity lifecycle. That small image lives in a immutable vault with rigorous controls and is never shown to client support. Retrieved data are encrypted and saved for the 5-year-plus-2-year hash period. All processing runs on UK-based ISO 27001 servers, and every thumbnail access is logged permanently.
Biometric Data Specifics
Liveness checks collect a brief video feed completely in memory. Video frames are processed and removed within milliseconds. Only a data vector of facial points persists. This vector lacks any image data and cannot be reverse-engineered into a face. It stays for the entire identity verification process and is permanently deleted upon account closure or after 5 years. The data set sits in a dedicated HSM with auto-expiry and is never sent out. Authentication checks happen inside the HSM’s safe environment without exposing the original vector. The numerical representation is bound to a anonymous identifier unlinked from marketing data, which makes re-identifying very hard. Even IT admins are unable to view or recreate facial features from the kept numerical representation.
Data Subject Access Request and Deletion Workflows
When a subject access request arrives, we produce a formatted JSON/CSV export of all non-purged data within one month, prolongable by two months for complex cases. The export spans live databases, encrypted archives, and processor tokens, delivered via a one-time secure link that expires in 72 hours. For deletion, we implement a cascade: immediate account suppression and token revocation, then batched erasure of all personal data not subject to legal hold. We generate a confirmation report detailing erased versus retained categories and their justifications. This report is retained as auditable proof for as long as the longest surviving data category. All requests are recorded immutably for five years.
Technical Infrastructure and Data Residency
All data sits in UK-based ISO 27001 Tier III+ data centres, never replicated outside the UK. A hot disaster recovery site in a separate UK zone synchronizes every six hours. Backups are encrypted client-side and follow identical retention rules. We implement least privilege with hardware MFA for administrators, recording their sessions in an immutable three-year audit trail. Multi-factor authentication integrates a hardware token and biometric check. Penetration tests occur quarterly, and an independent auditor validates automated purge schedules. Any deviation generates a Severity 1 incident, reported to our DPO within four hours. We also keep an air-gapped backup rotated weekly, subject to the same deletion policies.
Encryption Key Lifecycle Management
Master keys are renewed every 90 days automatically inside an HSM. New keys are not extracted in plaintext. Rotated keys are archived for the data’s retention period plus 12 months for lawful forensic access. When a data category is purged, its key is deleted inside the HSM, making any backups unrecoverable. We assign each key to a single data partition, never reuse, and conduct quarterly witnessed key ceremonies logged immutably for five years. The offline archive of old keys needs dual control and is stored on write-once media in a fireproof safe. Annual recovery drills guarantee forensic decryption works when needed. No plaintext key material ever departs the HSM boundary.
Gaming Session and Behavioural Analytics Data
All spins on Wanted Dead Or a Wild records reel positions, RNG seed, and net outcome with microsecond precision. We keep these raw logs for twenty-four months, then compact them into an anonymous statistical digest utilized for game design. Session behavioural profiles—average bet, spin cadence, feature buy-ins—stay for the same 24-month window and are then deleted. Feature trigger heatmaps persist for 12 months before merging into a global model. RNG seed audit trails receive 36 months. Error diagnostics receive 90 days. No individual gameplay data flows into credit or marketing profiling. All logs are encrypted and off-limits to marketing teams.
- Spin-level logs: 24 months from event date, then aggregated aggregation
- Session behavioural profiles: 24 months from last session, then erased
- RNG seed audit trails: 36 months to meet technical standards
- Feature trigger heatmaps: 12 months, then combined into global model
- Error and crash diagnostic logs: 90 days, then removed
Payment Transaction and Settlement Records
Deposit, withdrawal, and wager logs are retained for seven years from the transaction date, per HMRC and FCA rules. We do not store full PANs or CVVs. We record only the BIN, last four digits, and a tokenised reference. Chargeback disputes halt the contested record until final resolution, after which the seven-year clock restarts. Data is partitioned quarterly so automated purging runs cleanly, with monthly deletion runs audited by auditors. Tokenised card references stay valid only while your account is active and are wiped within thirty days of closure. Combined, anonymised totals persist for financial reporting without any personal details. All financial data is encrypted and isolated from marketing systems.
Tokenized Payment Instruments and Processor References
Payment gateways produce vaulted tokens that map your card to a non-sensitive reference. We hold them for the account lifetime plus a thirty-day grace period, then send deletion commands to the processor and clear our own reference. The only remnant left behind is an anonymised transaction hash used in aggregate summaries, themselves removed after seven years. No usable credentials ever reside on our systems. We monitor token revocation daily and trigger incidents if deletion does not work. Tokens are bound to our merchant code and cannot be used elsewhere. Weekly reconciliation validates correctness, and tokens tied to lost or stolen cards are invalidated immediately. All token operations are recorded and checked. Aggregate reports never reveal individual transaction hashes.
Policy Evaluation and Data Breach Protocols
We evaluate this policy every six months or upon material change to the game or regulation. Reviews are recorded with DPO, CISO, and legal counsel. A public summary is published in our privacy centre, minus confidential details. Material changes are communicated 30 days ahead. Minor edits are silently recorded. If a breach occurs affecting data under this policy, we notify affected individuals within 72 hours if high risk, file with the ICO, and publish a transparency notice. Third-party processor breaches must follow the same protocol. We keep a breach notification log audited quarterly. Post-incident reviews revise controls as needed. Biannual tabletop exercises test misconfigurations and ransomware to test our response.
Document Versioning and Update Log
We preserve a version-controlled history of this policy with semantic versioning and plain-English summaries of each change. The log outlines exactly which sections changed and why. Previous versions remain accessible for comparison, so you can see precisely what was added or removed. Material modifications affecting your rights are transmitted via email at least thirty days in advance. Minor typographical fixes are deployed silently but still recorded. Each entry is cryptographically signed to prove integrity, and annual independent audits check the log’s accuracy. The log is a living document reflecting our evolving data practices. You can view the full change log through a link in our privacy centre at any time. This transparent approach reflects our commitment to accountable data governance.