WhatsApp
Book Your Appointment
Call for Appointment

Playing Wanted Dead Or a Wild Slot game means providing personal data https://wanteddeadorwild.uk. This document lays out exactly how long we store it, why, and what technical protections sit behind each category—all aligned with UK GDPR, the Data Protection Act 2018, and PCI DSS. We handle identity documents, financial transactions, gameplay telemetry, responsible gambling markers, and marketing consents, each with its own retention clock. Identity records are retained for five years after account closure. Financial logs stay for seven, meeting HMRC requirements. Gameplay data undergoes 24 months before anonymisation kicks in. Full card numbers never reach our systems—only tokenised aliases—and every byte is protected. Independent auditors verify our automated deletion routines, and any schedule slip initiates a full incident response. A version-controlled policy log documents every edit, and we give you 30 days’ notice before material changes are implemented. Subject access and deletion requests are handled within statutory deadlines.

Essential Definitions and Range of Personal Data

We take a broad view on what qualifies as personal data. Direct identifiers—name, email, billing address, masked payment details—coexist with indirect signals like hashed IP addresses, device fingerprints, browser agents, and advertising tokens. Behavioural data encompasses session length, bet sizing, spin velocity, and how often feature triggers fire. Even pseudonymised logs can identify again a person when stitched together, so we handle them as personal. Our lawful bases are contractual necessity, legitimate interest for fraud prevention, and explicit consent for game-related marketing. Full card numbers get tokenised before storage. We never collect special category data. Encryption and access controls apply uniformly, and retention rules span live databases, archives, and backups without exception. Each window begins counting from the last activity or transaction date, spelled out below. We review definitions every six months to stay aligned with regulatory guidance.

User Account and Identity Verification Data

Core identity profiles—official ID scans, address verification, biometric selfie verifications—are held for five years after your final session or account termination, whichever occurs later. This includes contractual limitation periods and anti-money laundering duties. We obtain only the necessary details: document ID, validity, nationality. The full-resolution image gets deleted upon extraction. Once 5 years pass, all source data is erased, but a hash of the verification result remains for another two years inside an logging system. Identity data sits stored encrypted with AES-256-GCM, isolated from analytics, and every retrieval is logged for 3 years. Optional fields like birthplace are deleted at the time of verification to shrink the data size. Annual reviews verify accuracy and automatically remove expired entries.

File Upload and Biometric Processing

Provide an ID through our safe portal and automatic verification finishes within 90 seconds. We extract the document number, expiration date, nationality, and a reliability score, then destroy the full-resolution image right away—it is never stored on disk. The source file stays in an in-memory buffer and disappears after handling. A reduced, stamped thumbnail is produced for auditing purposes and stored only for the identity lifecycle. That small image lives in a write-once storage with tight controls and is never shared to client support. Collected information are encoded and saved for the five-year-plus-two hash window. All operations runs on servers in the UK with ISO 27001, and every preview retrieval is recorded immutably.

Specifics of Biometric Data

Live detection checks collect a brief video feed entirely in memory. Frames are processed and deleted within a few milliseconds. Only a numerical vector of facial points remains. This vector has no image data and cannot be reconstructed into a picture. It stays for the duration of identity verification and is permanently deleted upon account termination or after five years. The numerical representation sits in a dedicated HSM with auto-expiry and is never sent out. Login comparisons happen inside the HSM’s secure enclave without exposing the unprocessed data. The numerical representation is associated with a anonymous identifier disconnected from marketing profiles, which makes re-identifying extremely difficult. Even system admins are unable to view or reconstruct facial attributes from the kept numerical representation.

Safe Gambling and Player Ban Registers

Deposit limits, reality checks, and timeout settings are stored for your account’s whole period and never deleted while it is active. If you opt for self-exclusion, your hashed identity and device fingerprints enter a dedicated exclusion register maintained indefinitely under UKGC licence requirements. The register is coded separately, queried only at login or registration, and never employed for analytics. Access is confined to educated compliance staff, and all queries are tracked for three years. The register contains only identity blocks—no banking or gameplay records. We examine it annually to fix errors and remove deceased individuals. If not, it stays everlasting. This retention is mandatory and excluded from deletion requests.

Time Check and Gaming Duration Enforcement

Reality check clocks use transient session counters that reset every 24 hours, beginning again from your first spin after midnight. Your preferred interval—say, 30 minutes—is saved persistently and routinely reactivates when you return, even after a long break. Modifying the interval mid-session sets the new value instantly for the next reminder. These settings are purged only upon validated account deletion. Session timer data resides in a specialized, encrypted store separate from gameplay analytics. The 24-hour counter is based on play start, not midnight, for precision. All timer configurations are verifiable through the same three-year access log standard. We never categorize or advertise based on these settings.

Payment Transaction and Payment Records

Deposit, withdrawal, and wager logs are kept for seven years from the transaction date, per HMRC and FCA rules. We never store full PANs or CVVs. We capture only the BIN, last four digits, and a tokenised identifier. Chargeback disputes freeze the contested record until final outcome, after which the seven-year clock resumes. Data is partitioned quarterly so automated purging runs cleanly, with monthly deletion runs verified by auditors. Tokenised card references are valid only while your account is open and are erased within thirty days of closing. Summarised, anonymised totals endure for financial reporting without any personal identifiers. All financial data is encrypted and quarantined from marketing systems.

Tokenized Payment Instruments and Processor References

Payment gateways produce vaulted tokens that associate your card to a non-sensitive identifier. We store them for the account lifetime plus a thirty-day grace period, then send deletion commands to the processor and erase our own mapping. The only trace left behind is an anonymised transaction hash used in aggregate reports, themselves purged after seven years. No usable credentials ever sit on our systems. We monitor token revocation daily and raise incidents if deletion does not work. Tokens are bound to our merchant code and cannot be used in other contexts. Weekly reconciliation validates correctness, and tokens tied to lost or stolen cards are cancelled immediately. All token operations are documented and checked. Aggregate reports never reveal individual transaction hashes.

Gameplay Session and Analytics of Behavior Data

All spins on Wanted Dead Or a Wild tracks reel positions, RNG seed, and net outcome with microsecond precision. We retain these raw logs for twenty-four months, then condense them into an anonymous statistical digest used for game design. Session behavioural profiles—average bet, spin cadence, feature buy-ins—remain for the same 24-month window and are then deleted. Feature trigger heatmaps remain for 12 months before merging into a global model. RNG seed audit trails receive 36 months. Error diagnostics receive 90 days. No individual gameplay data feeds into credit or marketing profiling. All logs are encrypted and off-limits to marketing teams.

  • Spin-level logs: 24 months from event date, then aggregated aggregation
  • Session behavioural profiles: 24 months from last session, then removed
  • RNG seed audit trails: 36 months to comply with technical standards
  • Feature trigger heatmaps: 12 months, then merged into global model
  • Error and crash diagnostic logs: 90 days, then rotated out

Marketing Approval and Communication Logs

We keep your consent log—with time stamp, IP-stamped, and method-recorded—for the life of our relationship plus six years after revocation, to satisfy PECR rules. Send logs for e-mails, push notifications, and SMS are retained for only thirteen months. Revoking consent right away suppresses communications while retaining historical proof. A segmented database guarantees suppression without delay, and consent logs are held in a separate compliance archive. Delivery logs contain metadata only—subject, time, status—not full message content. The six-year post-withdrawal window mirrors the statute of limitations for regulatory probes. Quarterly audits confirm no expired consents trigger mailings. We never tailor offers with gameplay or financial data beyond explicit permissions.

Data Subject Access Request and Deletion Workflows

Upon receiving an SAR, we generate a structured JSON/CSV export of all non-purged data within one month, expandable by two months for complex cases. The export includes live databases, encrypted archives, and processor tokens, provided via a one-time secure link that expires in 72 hours. For deletion, we proceed sequentially: immediate account suppression and token revocation, then queued erasure of all personal data not subject to legal hold. We generate a confirmation report detailing erased versus retained categories and their justifications. This report is retained as auditable proof for as long as the longest surviving data category. All requests are recorded immutably for five years.

Infrastructure Setup and Data Residency

All data resides in UK-based ISO 27001 Tier III+ data centres, never replicated outside the UK. A hot disaster recovery site in a separate UK zone updates every six hours. Backups are encrypted client-side and adhere to identical retention rules. We apply least privilege with hardware MFA for administrators, recording their sessions in an immutable three-year audit trail. Multi-factor authentication integrates a hardware token and biometric check. Penetration tests are conducted quarterly, and an independent auditor verifies automated purge schedules. Any deviation raises a Severity 1 incident, alerted to our DPO within four hours. We also operate an air-gapped backup rotated weekly, subject to the same deletion policies.

Management of Encryption Keys

Master keys rotate every 90 days automatically inside an HSM. New keys are not extracted in plaintext. Rotated keys are stored for the data’s retention period plus 12 months for lawful forensic access. When a data category is purged, its key is destroyed inside the HSM, making any backups unrecoverable. We bind each key to a single data partition, avoid reuse, and conduct quarterly witnessed key ceremonies logged immutably for five years. The offline archive of old keys requires dual control and is stored on write-once media in a fireproof safe. Annual recovery drills ensure forensic decryption works when needed. No plaintext key material ever departs the HSM boundary.

Policy Review and Data Breach Protocols

We assess this policy every six months or upon material change to the game or regulation. Reviews are recorded with DPO, CISO, and legal counsel. A public summary is posted in our privacy centre, minus confidential details. Material changes are sent 30 days ahead. Minor edits are silently recorded. If a breach occurs affecting data under this policy, we alert affected individuals within 72 hours if high risk, submit with the ICO, and issue a transparency notice. Third-party processor breaches must follow the same protocol. We keep a breach notification log audited quarterly. Post-incident reviews adjust controls as needed. Biannual tabletop exercises model misconfigurations and ransomware to test our response.

Policy Versioning and Revision History

We maintain a version-controlled history of this policy with semantic versioning and plain-English summaries of each change. The log specifies exactly which sections changed and why. Previous versions remain accessible for comparison, so you can see precisely what was added or removed. Material modifications affecting your rights are conveyed via email at least thirty days in advance. Minor typographical fixes are deployed silently but still recorded. Each entry is cryptographically signed to prove integrity, and annual independent audits confirm the log’s accuracy. The log is a living document reflecting our evolving data practices. You can access the full change log through a link in our privacy centre at any time. This transparent approach reflects our commitment to accountable data governance.