Playing Wanted Dead Or A Wild Slot Bonuses And Promotions game means providing personal data. This document details exactly how long we keep it, the reasons, and what technical protections sit behind each category—all built around UK GDPR, the Data Protection Act 2018, and PCI DSS. We manage identity documents, financial transactions, gameplay telemetry, responsible gambling markers, and marketing consents, each with its unique retention clock. Identity records are retained for five years after account closure. Financial logs remain for seven, meeting HMRC requirements. Gameplay data gets 24 months before anonymisation kicks in. Full card numbers never touch our systems—only tokenised aliases—and every byte is encrypted. Independent auditors verify our automated deletion routines, and any schedule slip initiates a full incident response. A version-controlled policy log tracks every edit, and we provide you 30 days’ notice before material changes become effective. Subject access and deletion requests are managed within statutory deadlines.
Policy Evaluation and Data Breach Protocols
We review this policy every six months or upon material change to the game or regulation. Reviews are minuted with DPO, CISO, and legal counsel. A public summary is displayed in our privacy centre, minus confidential details. Material changes are communicated 30 days ahead. Minor edits are silently recorded. If a breach occurs affecting data under this policy, we inform affected individuals within 72 hours if high risk, submit with the ICO, and post a transparency notice. Third-party processor breaches must follow the same protocol. We hold a breach notification log audited quarterly. Post-incident reviews adjust controls as needed. Biannual tabletop exercises test misconfigurations and ransomware to test our response.
Document Versioning and Update Log
We preserve a version-controlled history of this policy with semantic versioning and plain-English summaries of each change. The log outlines exactly which sections changed and why. Previous versions remain accessible for comparison, so you can see precisely what was added or removed. Material modifications affecting your rights are transmitted via email at least thirty days in advance. Minor typographical fixes are deployed silently but still recorded. Each entry is cryptographically signed to prove integrity, and annual independent audits verify the log’s accuracy. The log is a living document reflecting our evolving data practices. You can retrieve the full change log through a link in our privacy centre at any time. This transparent approach reflects our commitment to accountable data governance.
Gaming Session and Behavioral Analytics Data
Each spin on Wanted Dead Or a Wild tracks reel positions, RNG seed, and net outcome with microsecond precision. We store these raw logs for twenty-four months, then compress them into an anonymous statistical digest employed for game design. Session behavioural profiles—average bet, spin cadence, feature buy-ins—persist for the same 24-month window and are then deleted. Feature trigger heatmaps remain for 12 months before merging into a global model. RNG seed audit trails have 36 months. Error diagnostics get 90 days. No individual gameplay data flows into credit or marketing profiling. All logs are encrypted and off-limits to marketing teams.
- Spin-level logs: 24 months from event date, then anonymised aggregation
- Session behavioural profiles: 24 months from last session, then removed
- RNG seed audit trails: 36 months to satisfy technical standards
- Feature trigger heatmaps: 12 months, then integrated into global model
- Error and crash diagnostic logs: 90 days, then cycled out
Account Registration and ID Verification Data
Main identity data—scans of government IDs, address verification, biometric selfie verifications—are held for 5 years after your last activity or account closure, whichever comes later. This covers contractual time limits and anti-money laundering responsibilities. We extract only the necessary details: ID number, expiration date, nationality. The high-resolution image gets deleted right after extraction. Once 5 years pass, all source data is removed, but a hash of the verification result lives on for two more years inside an audit trail. Personal identity information sits encrypted in storage with AES-256-GCM, isolated from analytics, and every retrieval is recorded for a three-year period. Optional fields like birth location are discarded at verification stage to minimize the data footprint. Yearly audits ensure correctness and automatically remove expired entries.
Document Upload and Biometric Handling
Submit an ID through our safe portal and automated validation finishes within a minute and a half. We pull the ID number, expiry, citizenship, and a reliability score, then delete the full-resolution image immediately—it never reaches storage. The initial file stays in an memory buffer and vanishes after processing. A reduced, marked preview is generated for audit purposes and stored only for the identity verification period. That thumbnail lives in a write-once vault with rigorous controls and is never shared to client support. Extracted fields are encoded and kept for the five-year-plus-two hash window. All operations runs on ISO 27001 certified UK servers, and every thumbnail access is recorded immutably.
Biometric Information Details
Live detection checks capture a quick video completely in memory. Frames are analysed and deleted within milliseconds of time. Only a mathematical vector of facial points remains. This data set contains no image data and cannot be reconstructed into a face. It is kept for the duration of identity verification and is permanently deleted upon account closure or after five years. The vector sits in a dedicated HSM with self-expiry and is never exported. Authentication checks happen inside the HSM’s protected enclave without revealing the raw vector. The numerical representation is linked to a pseudonym separated from marketing data, which makes re-identifying highly challenging. Even system admins cannot see or recreate facial features from the kept numerical representation.
Payment Transaction and Billing Records
Deposit, withdrawal, and wager histories are maintained for seven years from the transaction date, per HMRC and FCA rules. We seldom store full PANs or CVVs. We capture only the BIN, last four digits, and a tokenised alias. Chargeback disputes freeze the contested record until final outcome, after which the seven-year clock resumes. Data is partitioned quarterly so automated purging runs cleanly, with monthly deletion runs verified by auditors. Tokenised card references stay valid only while your account is live and are deleted within thirty days of closure. Combined, anonymised totals remain for financial reporting without any personal details. All financial data is encrypted and separated from marketing systems.
Secured Payment Instruments and Processor References
Payment gateways generate vaulted tokens that map your card to a non-sensitive identifier. We store them for the account lifetime plus a thirty-day grace period, then transmit deletion commands to the processor and clear our own mapping. The only remnant left behind is an anonymised transaction hash used in aggregate reports, themselves purged after seven years. No usable credentials ever reside on our systems. We track token revocation daily and raise incidents if deletion fails. Tokens are tied to our merchant code and cannot be used other places. Weekly reconciliation confirms validity, and tokens tied to lost or stolen cards are invalidated immediately. All token operations are recorded and verifiable. Aggregate reports never expose individual transaction hashes.
Access Request and Erasure Workflows
When a subject access request arrives, we generate a organized JSON/CSV export of all non-purged data within one month, prolongable by two months for complex cases. The export includes live databases, encrypted archives, and processor tokens, provided via a one-time secure link that expires in 72 hours. For deletion, we cascade: immediate account suppression and token revocation, then batched erasure of all personal data not subject to legal hold. We generate a confirmation report outlining erased versus retained categories and their justifications. This report is kept as auditable proof for as long as the longest surviving data category. All requests are recorded immutably for five years.
Essential Definitions and Extent of Personal Data
We take a broad view on what constitutes personal data. Direct identifiers—name, email, billing address, masked payment details—sit alongside indirect signals like hashed IP addresses, device fingerprints, browser agents, and advertising tokens. Behavioural data includes session length, bet sizing, spin velocity, and how often feature triggers fire. Even pseudonymised logs can link back to a person when stitched together, so we treat them as personal. Our lawful bases are contractual necessity, legitimate interest for fraud prevention, and explicit consent for game-related marketing. Full card numbers get tokenised before storage. We never collect special category data. Encryption and access controls apply uniformly, and retention rules cover live databases, archives, and backups without exception. Each window starts ticking from the last activity or transaction date, spelled out below. We reassess definitions every six months to keep pace with regulatory guidance.
Infrastructure Setup and Data Storage
All data resides in UK-based ISO 27001 Tier III+ data centres, with no replication outside the UK. A hot disaster recovery site in a separate UK zone synchronizes every six hours. Backups are encrypted client-side and adhere to identical retention rules. We implement least privilege with hardware MFA for administrators, recording their sessions in an immutable three-year audit trail. Multi-factor authentication integrates a hardware token and biometric check. Penetration tests are conducted quarterly, and an independent auditor confirms automated purge schedules. Any deviation raises a Severity 1 incident, reported to our DPO within four hours. We also keep an air-gapped backup rotated weekly, subject to the same deletion policies.
Encryption Key Lifecycle Management
Master keys are renewed every 90 days automatically inside an HSM. New keys are not extracted in plaintext. Rotated keys are retained for the data’s retention period plus 12 months for lawful forensic access. When a data category is purged, its key is destroyed inside the HSM, making any backups unrecoverable. We link each key to a single data partition, avoid reuse, and conduct quarterly witnessed key ceremonies logged immutably for five years. The offline archive of old keys requires dual control and is stored on write-once media in a fireproof safe. Annual recovery drills ensure forensic decryption works when needed. No plaintext key material ever departs the HSM boundary.
Responsible Gambling and Self-Exclusion Registers
Stake limits, time checks, and timeout settings are stored for your account’s whole period and never removed while it remains active. If you choose to ban yourself, your hashed identity and device fingerprints enter a specialized exclusion register held indefinitely under UKGC licence requirements. The register is coded separately, checked only at login or registration, and never employed for analytics. Entry is limited to trained compliance staff, and all queries are logged for three years. The register holds only identity blocks—no financial or gameplay records. We check it annually to correct errors and remove deceased individuals. If not, it stays permanent. This retention is obligatory and excluded from deletion requests.
Time Check and Play Time Restriction Enforcement
Reality check clocks use transient session counters that reset every 24 hours, beginning again from your first spin after midnight. Your preferred interval—say, 30 minutes—is kept persistently and instantly reactivates when you come back, even after a long break. Changing the interval mid-session sets the new value immediately for the next reminder. These settings are purged only upon validated account deletion. Session timer data lies in a dedicated, encrypted store separate from gameplay analytics. The 24-hour counter is based on play start, not midnight, for precision. All timer configurations are verifiable through the same three-year access log standard. We never categorize or market based on these settings.
Marketing Approval and Correspondence Records
We maintain your consent record—with time stamp, IP-marked, and method-recorded—for the life of our partnership plus six years after cancellation, to meet PECR requirements. Delivery logs for electronic messages, push alerts, and SMS are retained for only thirteen months. Revoking consent immediately suppresses communications while preserving historical proof. A divided database ensures suppression without lag, and consent logs are held in a dedicated compliance archive. Send logs contain metadata only—topic, time stamp, state—not full message text. The six-year post-withdrawal timeframe matches the statute of limitations for regulatory probes. Quarterly audits verify no expired consents trigger mailings. We never customise offers with gameplay or financial data beyond explicit permissions.





