Information Retention Policy for Wanted Dead Or a Wild Slot Game in UK
Playing Wanted Dead Or a Wild Slot means submitting personal data. This document sets forth exactly how long we store it, the reasons, and what technical protections underpin each category—all built around UK GDPR, the Data Protection Act 2018, and PCI DSS. We manage identity documents, financial transactions, gameplay telemetry, responsible gambling markers, and marketing consents, each with its specific retention clock. Identity records are retained for five years after account closure. Financial logs remain for seven, satisfying HMRC requirements. Gameplay data receives 24 months before anonymisation takes effect. Full card numbers never enter our systems—only tokenised aliases—and every byte is protected. Independent auditors verify our automated deletion routines, and any schedule slip triggers a full incident response. A version-controlled policy log records every edit, and we give you 30 days’ notice before material changes become effective. Subject access and deletion requests are managed within statutory deadlines.
Fundamental Definitions and Extent of Personal Data
We adopt a comprehensive approach on what counts as personal data. Direct identifiers—name, email, billing address, masked payment details—are accompanied by indirect signals like hashed IP addresses, device fingerprints, browser agents, and advertising tokens. Behavioural data encompasses session length, bet sizing, spin velocity, and how often feature triggers fire. Even pseudonymised logs can link back to a person when stitched together, so we handle them as personal. Our lawful bases are contractual necessity, legitimate interest for fraud prevention, and explicit consent for game-related marketing. Full card numbers get tokenised before storage. We never collect special category data. Encryption and access controls apply uniformly, and retention rules span live databases, archives, and backups without exception. Each window starts ticking from the last activity or transaction date, spelled out below. We review definitions every six months to stay aligned with regulatory guidance.
Responsible Gambling and Player Ban Registers
Deposit limits, session reminders, and timeout settings are saved for your account’s entire duration and never deleted while it remains active. If you choose to ban yourself, your hashed identity and device fingerprints are placed into a specific exclusion register maintained permanently under UKGC licence requirements. The register is encrypted separately, queried only at login or registration, and never utilized for analytics. Permission is confined to educated compliance staff, and all queries are tracked for three years. The register contains only identity blocks—no banking or gameplay records. We review it annually to rectify errors and remove deceased individuals. If not, it stays everlasting. This retention is mandatory and excluded from deletion requests.
Session Awareness and Gaming Duration Enforcement
Reality check clocks use temporary session counters that reset every 24 hours, restarting from your first spin after midnight. Your selected interval—say, 30 minutes—is saved persistently and routinely reactivates when you visit again, even after a long break. Modifying the interval mid-session applies the new value immediately for the next reminder. These settings are deleted only upon validated account deletion. Session timer data lies in a specialized, encrypted store separate from gameplay analytics. The 24-hour counter is based on play start, not midnight, for correctness. All timer configurations are auditable through the same three-year access log standard. We at no time profile or market based on these settings.
Marketing Approval and Communication Logs
We keep your consent log—time-stamped, with IP address, and with capture method—for the entirety of our association plus six years after cancellation, to comply with PECR obligations. Send logs for electronic messages, push messages, and SMS are retained for only thirteen months. Cancelling consent instantly suppresses communications while keeping historical proof. A segmented database provides suppression without delay, and consent logs are stored in a separate compliance archive. Delivery logs hold metadata only—heading, time stamp, status—not full message content. The six-year post-withdrawal period matches the statute of limitations for regulatory investigations. Quarterly audits verify no expired consents activate mailings. We never tailor offers with gameplay or financial data beyond explicit permissions.
Data Subject Access Request and Deletion Workflows
When an SAR lands, we produce a structured JSON/CSV export of all non-purged data within one month, prolongable by two months for complex cases. The export spans live databases, encrypted archives, and processor tokens, delivered via a one-time secure link that expires in 72 hours. For deletion, we implement a cascade: immediate account suppression and token revocation, then queued erasure of all personal data not subject to legal hold. We generate a confirmation report outlining erased versus retained categories and their justifications. This report is retained as auditable proof for as long as the longest surviving data category. All requests are logged immutably for five years.
User Account and Identity Verification Data
Main identity data—scans of government IDs, residence proof, selfie biometric matches—are retained for five years after your last session or account termination, whichever is later. This covers contractual time limits and AML obligations. We obtain only the essentials: document number, validity, country of citizenship. The high-resolution image gets shredded right after extraction. Once the five-year period pass, all original data is removed, but a cryptographic hash of the verification result remains for two more years inside an logging system. Identification data sits encrypted at rest with AES-256-GCM, isolated from analytics, and every access is recorded for 3 years. Non-essential fields like birth location are discarded at verification time to shrink the data footprint. Yearly audits ensure accuracy and proactively delete expired data.
Uploading Documents and Biometric Handling
Provide an ID through our safe portal and automatic verification wraps up within ninety seconds. We pull the document number, expiry, citizenship, and a confidence score, then shred the original image instantly—it is never stored on disk. The source file stays in an memory buffer and vanishes after handling. A compacted, watermarked small image is produced for audit purposes and kept only for the identity lifecycle. That preview lives in a write-once storage with strict controls and is never shown to support staff. Retrieved data are encrypted and kept for the five-year plus two-year hash timeframe. All operations runs on UK-based ISO 27001 servers, and every thumbnail access is recorded immutably.
Biometric Information Details
Liveness checks capture a short video stream entirely in memory. Video frames are processed and removed within milliseconds of time. Only a mathematical vector of facial points persists. This numerical representation contains no image data and cannot be reconstructed into a facial image. It is kept for the time of identity verification and is permanently deleted upon account closure or after 5 years. The data set sits in a hardware security module with automatic expiration and is never transferred. Login verifications happen inside the HSM’s safe environment without revealing the unprocessed data. The vector is associated with a pseudonym separated from marketing data, which makes re-identification extremely difficult. Even IT admins cannot see or rebuild facial features from the saved data.
Financial Transaction and Billing Records
Deposit, withdrawal, and wager records are maintained for seven years from the transaction date, per HMRC and FCA rules. We seldom store full PANs or CVVs. We record only the BIN, last four digits, and a tokenised identifier. Chargeback disputes suspend the contested record until final resolution, after which the seven-year clock continues. Data is partitioned quarterly so automated purging operates cleanly, with monthly deletion runs audited by auditors. Tokenised card references are valid only while your account is open and are wiped within thirty days of closure. Aggregated, anonymised totals endure for financial reporting without any personal information. All financial data is coded and isolated from marketing systems.
Secured Payment Instruments and Processor References
Payment gateways produce vaulted tokens that associate your card to a non-sensitive reference. We store them for the account lifetime plus a thirty-day grace interval, then transmit deletion commands to the processor and clear our own mapping. The only evidence left behind is an anonymised transaction hash used in aggregate statements, themselves removed after seven years. No usable credentials ever sit on our systems. We check token revocation daily and initiate incidents if deletion fails. Tokens are tied to our merchant code and cannot be used other places. Weekly reconciliation validates validity, and tokens tied to lost or stolen cards are revoked immediately. All token operations are recorded and verifiable. Aggregate reports never disclose individual transaction hashes.
Session Gameplay and Behavioral Analytics Data
Each spin on Wanted Dead Or a Wild logs reel positions, RNG seed, and net outcome with microsecond precision. We keep these raw logs for twenty-four months, then condense them into an anonymous statistical digest used for game design. Session behavioural profiles—average bet, spin cadence, feature buy-ins—remain for the same 24-month window and are then deleted. Feature trigger heatmaps persist for 12 months before merging into a global model. RNG seed audit trails get 36 months. Error diagnostics get 90 days. No individual gameplay data goes into credit or marketing profiling. All logs are encrypted and off-limits to marketing teams.
- Spin-level logs: 24 months from event date, then anonymized aggregation
- Session behavioural profiles: 24 months from last session, then deleted
- RNG seed audit trails: 36 months to satisfy technical standards
- Feature trigger heatmaps: 12 months, then integrated into global model
- Error and crash diagnostic logs: 90 days, then removed
Infrastructure Setup and Data Location
All data sits in UK-based ISO 27001 Tier III+ data centres, never replicated outside the UK. A hot disaster recovery site in a separate UK zone updates every six hours. Backups are encrypted client-side and adhere to identical retention rules. We implement least privilege with hardware MFA for administrators, recording their sessions in an immutable three-year audit trail. Multi-factor authentication uses a hardware token and biometric check. Penetration tests run quarterly, and an independent auditor validates automated purge schedules. Any deviation triggers a Severity 1 incident, alerted to our DPO within four hours. We also keep an air-gapped backup rotated weekly, following the same deletion policies.
Encryption Key Lifecycle Management
Master keys change every 90 days automatically inside an HSM. New keys are not extracted in plaintext. Rotated keys are retained for the data’s retention period plus 12 months for lawful forensic access. When a data category is purged, its key is removed inside the HSM, making any backups unrecoverable. We assign each key to a single data partition, never reuse, and conduct quarterly witnessed key ceremonies logged immutably for five years. The offline archive of old keys needs dual control and is stored on write-once media in a fireproof safe. Annual recovery drills confirm forensic decryption works when needed. No plaintext key material ever leaves the HSM boundary.
Policy Evaluation and Data Breach Protocols
We assess this policy every six months or upon material change to the game or regulation. Reviews are recorded with DPO, CISO, and legal counsel. A public summary is posted in our privacy centre, minus confidential details. Material changes are emailed 30 days ahead. Minor edits are silently recorded. If a breach occurs affecting data under this policy, we alert affected individuals within 72 hours if high risk, file with the ICO, and issue a transparency notice. Third-party processor breaches must follow the same protocol. We keep a breach notification log audited quarterly. Post-incident reviews adjust controls as needed. Biannual tabletop exercises simulate misconfigurations and ransomware to test our response.
Policy Versioning and Update Log
We preserve a version-controlled history of this policy with semantic versioning and plain-English summaries of each change. The log specifies exactly which sections changed and why. Previous versions remain accessible for comparison, so you can see precisely what was added or removed. Material modifications affecting your rights are communicated via email at least thirty days in advance. Minor typographical fixes are deployed silently but still recorded. Each entry is cryptographically signed to prove integrity, and annual independent audits confirm the log’s accuracy. The log is a living document reflecting our evolving data practices. You can view the full change log through a link in our privacy centre at any time. This transparent approach shows our commitment to accountable data governance. Wanted Dead Or A Wild Slot

