Data Storage Policy for Wanted Dead Or a Wild Slot in UK
Playing Wanted Dead Or a Wild Slot game means providing personal data https://wanteddeadorwild.uk/. This document sets forth exactly how long we store it, the rationale, and what technical protections sit behind each category—all based on UK GDPR, the Data Protection Act 2018, and PCI DSS. We manage identity documents, financial transactions, gameplay telemetry, responsible gambling markers, and marketing consents, each with its specific retention clock. Identity records are kept for five years after account closure. Financial logs are stored for seven, satisfying HMRC requirements. Gameplay data undergoes 24 months before anonymisation kicks in. Full card numbers never enter our systems—only tokenised aliases—and every byte is encrypted. Independent auditors review our automated deletion routines, and any schedule slip activates a full incident response. A version-controlled policy log documents every edit, and we offer you 30 days’ notice before material changes are implemented. Subject access and deletion requests are handled within statutory deadlines.
Core Definitions and Scope of Personal Data
We adopt a comprehensive approach on what counts as personal data. Direct identifiers—name, email, billing address, masked payment details—coexist with indirect signals like hashed IP addresses, device fingerprints, browser agents, and advertising tokens. Behavioural data covers session length, bet sizing, spin velocity, and how often feature triggers fire. Even pseudonymised logs can identify again a person when stitched together, so we treat them as personal. Our lawful bases are contractual necessity, legitimate interest for fraud prevention, and explicit consent for game-related marketing. Full card numbers get tokenised before storage. We never collect special category data. Encryption and access controls apply uniformly, and retention rules cover live databases, archives, and backups without exception. Each window commences from the last activity or transaction date, spelled out below. We revisit definitions every six months to keep pace with regulatory guidance.
Controlled Gambling and Self-Exclusion Registers
Deposit limits, session reminders, and timeout settings are stored for your account’s whole period and never removed while it stays active. If you choose to ban yourself, your hashed identity and device fingerprints are placed into a specialized exclusion register kept without time limit under UKGC licence requirements. The register is encrypted separately, accessed only at login or registration, and never utilized for analytics. Entry is limited to educated compliance staff, and all lookups are tracked for three years. The register contains only identity blocks—no banking or gameplay records. We examine it annually to correct errors and remove deceased individuals. If not, it remains permanent. This retention is required and free from deletion requests.
Reality Check and Play Time Restriction Enforcement
Reality check counters use transient session counters that clear every 24 hours, restarting from your first spin after midnight. Your chosen interval—say, 30 minutes—is stored persistently and automatically reactivates when you visit again, even after a long break. Modifying the interval mid-session sets the new value immediately for the next reminder. These settings are purged only upon verified account deletion. Session timer data resides in a specialized, encrypted store separate from gameplay analytics. The 24-hour counter is based on play start, not midnight, for accuracy. All timer configurations are checkable through the same three-year access log standard. We do not profile or advertise based on these settings.
Registration Account and ID Verification Data
Core identity profiles—scans of government IDs, address verification, biometric selfie verifications—are kept for five years after your final session or account closure, whichever comes later. This covers contractual limitation periods and anti-money laundering duties. We extract only the essentials: document number, validity, country of citizenship. The original image gets shredded immediately after extraction. Once the five-year period pass, all raw data is removed, but a encrypted hash of the verification result remains for two more years inside an audit trail. Identification data sits encrypted in storage with AES-256-GCM, stored away from analytics, and every retrieval is logged for three years. Non-essential fields like place of birth are deleted at verification stage to reduce the data volume. Yearly reviews verify accuracy and automatically remove expired data.
Uploading Documents and Biometric Handling
Submit an ID through our secure portal and automated validation completes within 90 seconds. We pull the ID number, expiration date, nationality, and a trust score, then shred the full-resolution image immediately—it is never stored on disk. The initial file stays in an in-memory buffer and is removed after analysis. A compressed, watermarked small image is generated for audit purposes and retained only for the ID lifecycle. That thumbnail lives in a write-once storage with strict controls and is never shared to support staff. Extracted fields are secured and saved for the five-year-plus-two hash window. All processing runs on ISO 27001 certified UK servers, and every small image access is stored unchangeably.
Biometric Information Details
Liveness verifications capture a quick video entirely in memory. Frames are analysed and removed within a few milliseconds. Only a numerical vector of face features remains. This data set has no image data and cannot be reconstructed into a face. It is kept for the duration of identity verification and is purged irrevocably upon account termination or after five years. The numerical representation sits in a specialized HSM with automatic expiration and is never sent out. Login verifications happen inside the HSM’s safe environment without revealing the unprocessed data. The numerical representation is linked to a pseudonymous identifier unlinked from marketing profiles, which makes re-identifying extremely difficult. Even system admins are unable to view or reconstruct facial features from the stored vector.
Technical Infrastructure and Data Storage
All data resides in UK-based ISO 27001 Tier III+ data centres, with no replication outside the UK. A hot disaster recovery site in a separate UK zone synchronizes every six hours. Backups are encrypted client-side and adhere to identical retention rules. We implement least privilege with hardware MFA for administrators, recording their sessions in an immutable three-year audit trail. Multi-factor authentication uses a hardware token and biometric check. Penetration tests occur quarterly, and an independent auditor verifies automated purge schedules. Any deviation generates a Severity 1 incident, reported to our DPO within four hours. We also keep an air-gapped backup rotated weekly, under the same deletion policies.
Management of Encryption Keys
Master keys rotate every 90 days automatically inside an HSM. New keys are not extracted in plaintext. Rotated keys are retained for the data’s retention period plus 12 months for lawful forensic access. When a data category is purged, its key is deleted inside the HSM, making any backups unrecoverable. We bind each key to a single data partition, do not reuse, and conduct quarterly witnessed key ceremonies logged immutably for five years. The offline archive of old keys demands dual control and is stored on write-once media in a fireproof safe. Annual recovery drills ensure forensic decryption works when needed. No plaintext key material ever departs the HSM boundary.
Payment Transaction and Billing Records
Deposit, withdrawal, and wager logs are maintained for seven years from the transaction date, per HMRC and FCA rules. We seldom store full PANs or CVVs. We record only the BIN, last four digits, and a tokenised identifier. Chargeback disputes suspend the contested record until final settlement, after which the seven-year clock restarts. Data is partitioned quarterly so automated purging operates cleanly, with monthly deletion runs verified by auditors. Tokenised card references stay valid only while your account is open and are wiped within thirty days of closure. Aggregated, anonymised totals endure for financial reporting without any personal information. All financial data is encrypted and isolated from marketing systems.
Tokenized Payment Instruments and Processor References
Payment gateways generate vaulted tokens that map your card to a non-sensitive alias. We hold them for the account lifetime plus a thirty-day grace interval, then issue deletion commands to the processor and erase our own link. The only remnant left behind is an anonymised transaction hash used in aggregate reports, themselves purged after seven years. No usable credentials ever exist on our systems. We monitor token revocation daily and raise incidents if deletion does not work. Tokens are linked to our merchant code and cannot be used other places. Weekly reconciliation confirms validity, and tokens tied to lost or stolen cards are revoked immediately. All token operations are recorded and auditable. Aggregate reports never expose individual transaction hashes.
SAR and Deletion Processes
When an SAR lands, we produce a structured JSON/CSV export of all non-purged data within one month, expandable by two months for complex cases. The export includes live databases, encrypted archives, and processor tokens, delivered via a one-time secure link that expires in 72 hours. For deletion, we proceed sequentially: immediate account suppression and token revocation, then scheduled erasure of all personal data not subject to legal hold. We create a confirmation report outlining erased versus retained categories and their justifications. This report is kept as auditable proof for as long as the longest surviving data category. All requests are documented immutably for five years.
Gameplay Session and Behavioral Analytics Data
Every spin on Wanted Dead Or a Wild tracks reel positions, RNG seed, and net outcome with microsecond precision. We keep these raw logs for twenty-four months, then compress them into an anonymous statistical digest utilized for game design. Session behavioural profiles—average bet, spin cadence, feature buy-ins—stay for the same 24-month window and are then deleted. Feature trigger heatmaps stay for 12 months before merging into a global model. RNG seed audit trails receive 36 months. Error diagnostics have 90 days. No individual gameplay data feeds into credit or marketing profiling. All logs are encrypted and off-limits to marketing teams.
- Spin-level logs: 24 months from event date, then anonymised aggregation
- Session behavioural profiles: 24 months from last session, then erased
- RNG seed audit trails: 36 months to satisfy technical standards
- Feature trigger heatmaps: 12 months, then integrated into global model
- Error and crash diagnostic logs: 90 days, then cycled out
Marketing Consent and Message Logs
We keep your consent log—with time stamp, with IP address, and method-captured—for the life of our association plus six years after cancellation, to meet PECR requirements. Delivery logs for electronic messages, push alerts, and SMS are held for only thirteen months. Revoking consent instantly suppresses communications while keeping historical proof. A segmented database provides suppression without latency, and consent logs are held in a distinct compliance archive. Delivery logs contain metadata only—topic, timestamp, condition—not full message content. The six-year post-withdrawal period reflects the statute of limitations for regulatory investigations. Quarterly audits verify no expired consents initiate mailings. We never tailor offers with gameplay or financial data beyond explicit authorisations.
Policy Review and Data Breach Protocols
We review this policy every six months or upon material change to the game or regulation. Reviews are minuted with DPO, CISO, and legal counsel. A public summary is displayed in our privacy centre, minus confidential details. Material changes are emailed 30 days ahead. Minor edits are silently recorded. If a breach occurs affecting data under this policy, we alert affected individuals within 72 hours if high risk, report with the ICO, and publish a transparency notice. Third-party processor breaches must follow the same protocol. We keep a breach notification log audited quarterly. Post-incident reviews revise controls as needed. Biannual tabletop exercises model misconfigurations and ransomware to test our response.
Policy Versioning and Update Log
We keep a version-controlled history of this policy with semantic versioning and plain-English summaries of each change. The log outlines exactly which sections changed and why. Previous versions remain accessible for comparison, so you can see precisely what was added or removed. Material modifications affecting your rights are communicated via email at least thirty days in advance. Minor typographical fixes are deployed silently but still recorded. Each entry is cryptographically signed to prove integrity, and annual independent audits check the log’s accuracy. The log is a living document reflecting our evolving data practices. You can retrieve the full change log through a link in our privacy centre at any time. This transparent approach demonstrates our commitment to accountable data governance.
