Playing Wanted Dead Or a Wild Slot game means submitting personal data https://wanteddeadorwild.uk/. This document lays out exactly how long we retain it, the rationale, and what technical protections underpin each category—all based on UK GDPR, the Data Protection Act 2018, and PCI DSS. We process identity documents, financial transactions, gameplay telemetry, responsible gambling markers, and marketing consents, each with its unique retention clock. Identity records are kept for five years after account closure. Financial logs stay for seven, matching HMRC requirements. Gameplay data gets 24 months before anonymisation takes effect. Full card numbers never reach our systems—only tokenised aliases—and every byte is secured. Independent auditors verify our automated deletion routines, and any schedule slip triggers a full incident response. A version-controlled policy log tracks every edit, and we give you 30 days’ notice before material changes become effective. Subject access and deletion requests are managed within statutory deadlines.
Payment Transaction and Billing Records
Funding, withdrawal, and wager records are maintained for seven years from the transaction date, per HMRC and FCA rules. We seldom store full PANs or CVVs. We collect only the BIN, last four digits, and a tokenised alias. Chargeback disputes halt the contested record until final settlement, after which the seven-year clock continues. Data is partitioned quarterly so automated purging works cleanly, with monthly deletion runs verified by auditors. Tokenised card references stay valid only while your account is open and are wiped within thirty days of termination. Summarised, anonymised totals remain for financial reporting without any personal identifiers. All financial data is secured and separated from marketing systems.
Tokenized Payment Instruments and Processor References
Payment gateways create vaulted tokens that link your card to a non-sensitive identifier. We store them for the account lifetime plus a thirty-day grace period, then send deletion commands to the processor and erase our own mapping. The only evidence left behind is an anonymised transaction hash used in aggregate summaries, themselves deleted after seven years. No usable credentials ever exist on our systems. We track token revocation daily and raise incidents if deletion is unsuccessful. Tokens are tied to our merchant code and cannot be used other places. Weekly reconciliation verifies correctness, and tokens tied to lost or stolen cards are cancelled immediately. All token operations are logged and checked. Aggregate reports never expose individual transaction hashes.
Responsible Gambling and Player Ban Registers
Stake limits, reality checks, and timeout settings are stored for your account’s whole period and never deleted while it remains active. If you choose to ban yourself, your hashed identity and device fingerprints are added to a specific exclusion register maintained permanently under UKGC licence requirements. The register is secured separately, checked only at login or registration, and never used for analytics. Entry is limited to educated compliance staff, and all queries are recorded for three years. The register stores only identity blocks—no banking or gameplay records. We check it annually to rectify errors and remove deceased individuals. Apart from that, it remains indefinite. This retention is obligatory and excluded from deletion requests.
Session Awareness and Session Limit Enforcement
Reality check clocks use temporary session counters that clear every 24 hours, starting anew from your first spin after midnight. Your preferred interval—say, 30 minutes—is saved persistently and automatically reactivates when you return, even after a long break. Altering the interval mid-session applies the new value immediately for the next reminder. These settings are purged only upon confirmed account deletion. Session timer data lies in a specialized, encrypted store separate from gameplay analytics. The 24-hour counter is based on play start, not midnight, for correctness. All timer configurations are auditable through the same three-year access log standard. We at no time profile or promote based on these settings.
Consent for Marketing and Communication Logs
We maintain your consent document—time-stamped, IP-stamped, and method-recorded—for the life of our relationship plus six years after revocation, to meet PECR rules. Delivery logs for electronic messages, push notifications, and SMS are kept for only thirteen months. Withdrawing consent immediately suppresses communications while keeping historical proof. A segmented database provides suppression without latency, and consent logs are kept in a dedicated compliance archive. Send logs contain metadata only—heading, time stamp, status—not full message text. The six-year post-withdrawal window reflects the statute of limitations for regulatory inquiries. Quarterly audits check no expired consents activate mailings. We never personalise offers with gameplay or financial data beyond explicit authorisations.
Core Definitions and Extent of Personal Data
We cast a wide net on what counts as personal data. Direct identifiers—name, email, billing address, masked payment details—coexist with indirect signals like hashed IP addresses, device fingerprints, browser agents, and advertising tokens. Behavioural data includes session length, bet sizing, spin velocity, and how often feature triggers fire. Even pseudonymised logs can identify again a person when stitched together, so we handle them as personal. Our lawful bases are contractual necessity, legitimate interest for fraud prevention, and explicit consent for game-related marketing. Full card numbers get tokenised before storage. We never collect special category data. Encryption and access controls apply uniformly, and retention rules cover live databases, archives, and backups without exception. Each window starts ticking from the last activity or transaction date, spelled out below. We review definitions every six months to stay aligned with regulatory guidance.
User Account and ID Verification Data
Primary identity records—official ID scans, proof of address, selfie biometric matches—are held for 5 years after your final session or closure of account, whichever is later. This covers statutory limitation periods and AML obligations. We retrieve only the essentials: document ID, expiration date, nationality. The high-resolution image gets destroyed immediately after extraction. Once five years pass, all source data is removed, but a hash of the verification outcome lives on for an additional two years inside an audit log. Identity data sits encrypted in storage with AES-256-GCM, isolated from analytics, and every retrieval is tracked for a three-year period. Non-essential fields like birthplace are deleted at the time of verification to shrink the data size. Yearly reviews verify precision and automatically remove expired entries.
Uploading Documents and Biometric Data Processing
Upload an ID through our safe portal and automated checking wraps up within 90 seconds. We pull the document ID, validity, country of citizenship, and a trust score, then delete the high-resolution image right away—it is never stored on disk. The initial file stays in an temporary memory and disappears after analysis. A reduced, stamped preview is created for auditing purposes and kept only for the ID lifecycle. That thumbnail lives in a write-once storage with tight controls and is never exposed to client support. Collected information are encoded and saved for the five-year-plus-two hash window. All processing runs on UK-based ISO 27001 servers, and every preview retrieval is logged permanently.
Biometric Data Specifics
Liveness checks collect a brief video feed entirely in memory. Frames are analyzed and discarded within a few milliseconds. Only a numerical vector of facial points remains. This vector contains no image data and cannot be reverse-engineered into a facial image. It remains for the time of identity verification and is permanently deleted upon account termination or after a five-year period. The vector sits in a hardware security module with auto-expiry and is never exported. Login verifications happen inside the HSM’s secure enclave without revealing the raw vector. The vector is associated with a pseudonymous identifier separated from advertising profiles, which makes reidentification very hard. Even system administrators are unable to view or reconstruct facial features from the saved data.
Technology Framework and Data Storage
All data resides in UK-based ISO 27001 Tier III+ data centres, with no replication outside the UK. A hot disaster recovery site in a separate UK zone updates every six hours. Backups are encrypted client-side and maintain identical retention rules. We apply least privilege with hardware MFA for administrators, capturing their sessions in an immutable three-year audit trail. Multi-factor authentication combines a hardware token and biometric check. Penetration tests run quarterly, and an independent auditor confirms automated purge schedules. Any deviation generates a Severity 1 incident, notified to our DPO within four hours. We also keep an air-gapped backup rotated weekly, following the same deletion policies.
Management of Encryption Keys

Master keys rotate every 90 days automatically inside an HSM. New keys are not extracted in plaintext. Rotated keys are archived for the data’s retention period plus 12 months for lawful forensic access. When a data category is purged, its key is removed inside the HSM, making any backups unrecoverable. We link each key to a single data partition, avoid reuse, and conduct quarterly witnessed key ceremonies logged immutably for five years. The offline archive of old keys needs dual control and is stored on write-once media in a fireproof safe. Annual recovery drills guarantee forensic decryption works when needed. No plaintext key material ever exits the HSM boundary.
Gaming Session and Behavioural Analytics Data
Every spin on Wanted Dead Or a Wild records reel positions, RNG seed, and net outcome with microsecond precision. We retain these raw logs for twenty-four months, then compact them into an anonymous statistical digest utilized for game design. Session behavioural profiles—average bet, spin cadence, feature buy-ins—stay for the same 24-month window and are then deleted. Feature trigger heatmaps remain for 12 months before merging into a global model. RNG seed audit trails receive 36 months. Error diagnostics have 90 days. No individual gameplay data goes into credit or marketing profiling. All logs are encrypted and off-limits to marketing teams.
- Spin-level logs: 24 months from event date, then anonymized aggregation
- Session behavioural profiles: 24 months from last session, then erased
- RNG seed audit trails: 36 months to satisfy technical standards
- Feature trigger heatmaps: 12 months, then integrated into global model
- Error and crash diagnostic logs: 90 days, then rotated out
Access Request and Erasure Workflows
Upon receiving an SAR, we produce a structured JSON/CSV export of all non-purged data within one month, extendable by two months for complex cases. The export includes live databases, encrypted archives, and processor tokens, sent via a one-time secure link that expires in 72 hours. For deletion, we implement a cascade: immediate account suppression and token revocation, then queued erasure of all personal data not subject to legal hold. We create a confirmation report detailing erased versus retained categories and their justifications. This report is maintained as auditable proof for as long as the longest surviving data category. All requests are recorded immutably for five years.
Policy Evaluation and Data Breach Protocols
We assess this policy every six months or upon material change to the game or regulation. Reviews are recorded with DPO, CISO, and legal counsel. A public summary is published in our privacy centre, minus confidential details. Material changes are emailed 30 days ahead. Minor edits are silently recorded. If a breach occurs affecting data under this policy, we notify affected individuals within 72 hours if high risk, submit with the ICO, and issue a transparency notice. Third-party processor breaches must follow the same protocol. We keep a breach notification log audited quarterly. Post-incident reviews update controls as needed. Biannual tabletop exercises simulate misconfigurations and ransomware to test our response.
Policy Version Control and Revision History
We maintain a version-controlled history of this policy with semantic versioning and plain-English summaries of each change. The log outlines exactly which sections changed and why. Previous versions remain accessible for comparison, so you can see precisely what was added or removed. Material modifications affecting your rights are communicated via email at least thirty days in advance. Minor typographical fixes are deployed silently but still recorded. Each entry is cryptographically signed to prove integrity, and annual independent audits confirm the log’s accuracy. The log is a living document reflecting our evolving data practices. You can access the full change log through a link in our privacy centre at any time. This transparent approach demonstrates our commitment to accountable data governance.
Deja una respuesta
Lo siento, debes estar conectado para publicar un comentario.