Data Retention Policy for Wanted Dead Or a Wild Slot Game in UK

Playing wanted dead or a wild slot minimum deposit Dead Or a Wild Slot means submitting personal data. This document sets forth exactly how long we keep it, why, and what technical protections underpin each category—all based on UK GDPR, the Data Protection Act 2018, and PCI DSS. We handle identity documents, financial transactions, gameplay telemetry, responsible gambling markers, and marketing consents, each with its own retention clock. Identity records stick around for five years after account closure. Financial logs are stored for seven, meeting HMRC requirements. Gameplay data undergoes 24 months before anonymisation kicks in. Full card numbers never enter our systems—only tokenised aliases—and every byte is protected. Independent auditors review our automated deletion routines, and any schedule slip initiates a full incident response. A version-controlled policy log records every edit, and we offer you 30 days’ notice before material changes become effective. Subject access and deletion requests are handled within statutory deadlines.

Essential Definitions and Extent of Personal Data

We take a broad view on what counts as personal data. Direct identifiers—name, email, billing address, masked payment details—are accompanied by indirect signals like hashed IP addresses, device fingerprints, browser agents, and advertising tokens. Behavioural data encompasses session length, bet sizing, spin velocity, and how often feature triggers fire. Even pseudonymised logs can identify again a person when stitched together, so we treat them as personal. Our lawful bases are contractual necessity, legitimate interest for fraud prevention, and explicit consent for game-related marketing. Full card numbers get tokenised before storage. We never collect special category data. Encryption and access controls apply uniformly, and retention rules span live databases, archives, and backups without exception. Each window starts ticking from the last activity or transaction date, spelled out below. We reassess definitions every six months to remain compliant with regulatory guidance.

Gaming Session and Behavioral Analytics Data

All spins on Wanted Dead Or a Wild tracks reel positions, RNG seed, and net outcome with microsecond precision. We keep these raw logs for twenty-four months, then compress them into an anonymous statistical digest utilized for game design. Session behavioural profiles—average bet, spin cadence, feature buy-ins—stay for the same 24-month window and are then deleted. Feature trigger heatmaps remain for 12 months before merging into a global model. RNG seed audit trails have 36 months. Error diagnostics get 90 days. No individual gameplay data feeds into credit or marketing profiling. All logs are encrypted and off-limits to marketing teams.

• Spin-level logs: 24 months from event date, then anonymised aggregation
• Session behavioural profiles: 24 months from last session, then removed
• RNG seed audit trails: 36 months to meet technical standards
• Feature trigger heatmaps: 12 months, then combined into global model
• Error and crash diagnostic logs: 90 days, then cycled out

Access Request and Erasure Workflows

When a subject access request arrives, we compile a structured JSON/CSV export of all non-purged data within one month, expandable by two months for complex cases. The export covers live databases, encrypted archives, and processor tokens, sent via a one-time secure link that expires in 72 hours. For deletion, we cascade: immediate account suppression and token revocation, then queued erasure of all personal data not subject to legal hold. We create a confirmation report specifying erased versus retained categories and their justifications. This report is maintained as auditable proof for as long as the longest surviving data category. All requests are documented immutably for five years.

Registration Account and Verification of Identity Data

Primary identity records—government ID scans, address verification, selfie biometric matches—are kept for 5 years after your last session or closure of account, whichever is later. This covers contractual time limits and AML obligations. We retrieve only the essentials: document ID, expiration date, nationality. The original image gets deleted right after extraction. Once 5 years pass, all raw data is purged, but a encrypted hash of the verification result remains for two more years inside an audit log. Identity data sits stored encrypted with AES-256-GCM, stored away from analytics, and every retrieval is logged for three years. Unnecessary fields like birthplace are discarded at verification stage to shrink the data footprint. Yearly reviews verify correctness and actively purge expired data.

Document Upload and Biometric Processing

Submit an ID through our safe portal and automated checking completes within a minute and a half. We pull the document ID, expiration date, citizenship, and a trust score, then shred the high-resolution image instantly—it never touches disk. The initial file stays in an in-memory buffer and vanishes after analysis. A compressed, marked thumbnail is generated for compliance purposes and kept only for the ID lifecycle. That preview lives in a immutable vault with strict controls and is never exposed to support staff. Retrieved data are secured and kept for the five-year plus two-year hash timeframe. All processing runs on UK-based ISO 27001 servers, and every preview retrieval is recorded immutably.

Specifics of Biometric Data

Liveness verifications collect a brief video feed solely in memory. Video frames are processed and discarded within a few milliseconds. Only a numerical vector of facial points survives. This data set contains no image data and cannot be reconstructed into a facial image. It remains for the duration of identity verification and is purged irrevocably upon account closure or after a five-year period. The vector sits in a dedicated HSM with self-expiry and is never exported. Login verifications happen inside the HSM’s protected enclave without revealing the unprocessed data. The data set is bound to a pseudonymous identifier unlinked from marketing data, which makes re-identification extremely difficult. Even system admins cannot view or rebuild facial attributes from the kept numerical representation.

Payment Transaction and Payment Records

Funding, withdrawal, and wager histories are maintained for seven years from the transaction date, per HMRC and FCA rules. We do not store full PANs or CVVs. We record only the BIN, last four digits, and a tokenised identifier. Chargeback disputes halt the contested record until final settlement, after which the seven-year clock resumes. Data is partitioned quarterly so automated purging works cleanly, with monthly deletion runs checked by auditors. Tokenised card references remain valid only while your account is open and are erased within thirty days of termination. Summarised, anonymised totals remain for financial reporting without any personal details. All financial data is encrypted and quarantined from marketing systems.

Tokenized Payment Instruments and Processor References

Payment gateways generate vaulted tokens that map your card to a non-sensitive reference. We store them for the account lifetime plus a thirty-day grace window, then send deletion commands to the processor and erase our own reference. The only remnant left behind is an anonymised transaction hash used in aggregate statements, themselves purged after seven years. No usable credentials ever sit on our systems. We monitor token revocation daily and trigger incidents if deletion does not work. Tokens are linked to our merchant code and cannot be used elsewhere. Weekly reconciliation confirms correctness, and tokens tied to lost or stolen cards are revoked immediately. All token operations are documented and auditable. Aggregate reports never reveal individual transaction hashes.

Marketing Approval and Communication Logs

We store your consent record—with time stamp, IP-stamped, and method-recorded—for the duration of our partnership plus six years after withdrawal, to meet PECR requirements. Delivery logs for electronic messages, push alerts, and SMS are kept for only thirteen months. Cancelling consent immediately suppresses communications while retaining historical proof. A segmented database ensures suppression without latency, and consent logs are stored in a separate compliance archive. Dispatch records hold metadata only—heading, time stamp, status—not full message text. The six-year post-withdrawal period matches the statute of limitations for regulatory investigations. Quarterly audits check no expired consents trigger mailings. We never tailor offers with gameplay or financial data beyond explicit permissions.

Safe Gambling and Self-Exclusion Registers

Deposit limits, time checks, and timeout settings are stored for your account’s lifetime and never purged while it remains active. If you opt for self-exclusion, your hashed identity and device fingerprints are placed into a specific exclusion register kept indefinitely under UKGC licence requirements. The register is coded separately, checked only at login or registration, and never used for analytics. Permission is confined to trained compliance staff, and all queries are tracked for three years. The register contains only identity blocks—no banking or gameplay records. We check it annually to correct errors and remove deceased individuals. Apart from that, it remains everlasting. This retention is obligatory and excluded from deletion requests.

Time Check and Gaming Duration Enforcement

Reality check counters use transient session counters that reset every 24 hours, restarting from your first spin after midnight. Your chosen interval—say, 30 minutes—is stored persistently and automatically reactivates when you visit again, even after a long break. Altering the interval mid-session applies the new value immediately for the next reminder. These settings are deleted only upon validated account deletion. Session timer data sits in a dedicated, encrypted store separate from gameplay analytics. The 24-hour counter is based on play start, not midnight, for correctness. All timer configurations are auditable through the same three-year access log standard. We never categorize or promote based on these settings.

Technical Infrastructure and Data Residency

All data sits in UK-based ISO 27001 Tier III+ data centres, not copied outside the UK. A hot disaster recovery site in a separate UK zone updates every six hours. Backups are encrypted client-side and adhere to identical retention rules. We apply least privilege with hardware MFA for administrators, recording their sessions in an immutable three-year audit trail. Multi-factor authentication uses a hardware token and biometric check. Penetration tests occur quarterly, and an independent auditor confirms automated purge schedules. Any deviation triggers a Severity 1 incident, alerted to our DPO within four hours. We also operate an air-gapped backup rotated weekly, following the same deletion policies.

Key Lifecycle Administration

Master keys rotate every 90 days automatically inside an HSM. New keys are not extracted in plaintext. Rotated keys are stored for the data’s retention period plus 12 months for lawful forensic access. When a data category is purged, its key is removed inside the HSM, making any backups unrecoverable. We link each key to a single data partition, avoid reuse, and conduct quarterly witnessed key ceremonies logged immutably for five years. The offline archive of old keys needs dual control and is stored on write-once media in a fireproof safe. Annual recovery drills ensure forensic decryption works when needed. No plaintext key material ever exits the HSM boundary.

Policy Review and Incident Reporting Protocols

We assess this policy every six months or upon material change to the game or regulation. Reviews are recorded with DPO, CISO, and legal counsel. A public summary is posted in our privacy centre, minus confidential details. Material changes are emailed 30 days ahead. Minor edits are silently recorded. If a breach occurs affecting data under this policy, we alert affected individuals within 72 hours if high risk, file with the ICO, and post a transparency notice. Third-party processor breaches must follow the same protocol. We hold a breach notification log audited quarterly. Post-incident reviews adjust controls as needed. Biannual tabletop exercises model misconfigurations and ransomware to test our response.

Policy Versioning and Change Log

We preserve a version-controlled history of this policy with semantic versioning and plain-English summaries of each change. The log details exactly which sections changed and why. Previous versions remain accessible for comparison, so you can see precisely what was added or removed. Material modifications affecting your rights are communicated via email at least thirty days in advance. Minor typographical fixes are deployed silently but still recorded. Each entry is cryptographically signed to prove integrity, and annual independent audits verify the log’s accuracy. The log is a living document reflecting our evolving data practices. You can access the full change log through a link in our privacy centre at any time. This transparent approach demonstrates our commitment to accountable data governance.