Information Retention Policy for Wanted Dead Or a Wild Slot in UK
Playing Wanted Dead Or a Wild Slot game means providing personal data. This document lays out exactly how long we retain it, why, and what technical protections underpin each category—all aligned with UK GDPR, the Data Protection Act 2018, and PCI DSS. We process identity documents, financial transactions, gameplay telemetry, responsible gambling markers, and marketing consents, each with its specific retention clock. Identity records are retained for five years after account closure. Financial logs are stored for seven, matching HMRC requirements. Gameplay data receives 24 months before anonymisation kicks in. Full card numbers never reach our systems—only tokenised aliases—and every byte is encrypted. Independent auditors check our automated deletion routines, and any schedule slip triggers a full incident response. A version-controlled policy log tracks every edit, and we provide you 30 days’ notice before material changes are implemented. Subject access and deletion requests are managed within statutory deadlines.
Core Definitions and Range of Personal Data
We adopt a comprehensive approach on what constitutes personal data. Direct identifiers—name, email, billing address, masked payment details—coexist with indirect signals like hashed IP addresses, device fingerprints, browser agents, and advertising tokens. Behavioural data includes session length, bet sizing, spin velocity, and how often feature triggers fire. Even pseudonymised logs can identify again a person when stitched together, so we handle them as personal. Our lawful bases are contractual necessity, legitimate interest for fraud prevention, and explicit consent for game-related marketing. Full card numbers get tokenised before storage. We never collect special category data. Encryption and access controls apply uniformly, and retention rules cover live databases, archives, and backups without exception. Each window begins counting from the last activity or transaction date, spelled out below. We reassess definitions every six months to keep pace with regulatory guidance.
Gameplay Session and Behavioural Analytics Data
Every spin on Wanted Dead Or a Wild records reel positions, RNG seed, and net outcome with microsecond precision. We store these raw logs for twenty-four months, then compress them into an anonymous statistical digest used for game design. Session behavioural profiles—average bet, spin cadence, feature buy-ins—persist for the same 24-month window and are then deleted. Feature trigger heatmaps persist for 12 months before merging into a global model. RNG seed audit trails get 36 months. Error diagnostics have 90 days. No individual gameplay data feeds into credit or marketing profiling. All logs are encrypted and off-limits to marketing teams.
- Spin-level logs: 24 months from event date, then aggregated aggregation
- Session behavioural profiles: 24 months from last session, then erased
- RNG seed audit trails: 36 months to comply with technical standards
- Feature trigger heatmaps: 12 months, then integrated into global model
- Error and crash diagnostic logs: 90 days, then cycled out
Marketing Consent and Communication Logs
We maintain your consent log—time-stamped, IP-stamped, and with capture method—for the duration of our partnership plus six years after withdrawal, to satisfy PECR obligations. Send logs for emails, push notifications, and SMS are held for only thirteen months. Cancelling consent right away suppresses communications while retaining historical proof. A divided database provides suppression without latency, and consent logs are stored in a dedicated compliance archive. Dispatch records contain metadata only—topic, time stamp, condition—not full message text. The six-year post-withdrawal window reflects the statute of limitations for regulatory inquiries. Quarterly audits check no expired consents initiate mailings. We never personalise offers with gameplay or financial data beyond explicit authorisations.
Data Subject Access Request and Deletion Workflows
When an SAR lands, we compile a formatted JSON/CSV export of all non-purged data within one month, expandable by two months for complex cases. The export spans live databases, encrypted archives, and processor tokens, provided via a one-time secure link that expires in 72 hours. For deletion, we implement a cascade: immediate account suppression and token revocation, then scheduled erasure of all personal data not subject to legal hold. We create a confirmation report detailing erased versus retained categories and their justifications. This report is retained as auditable proof for as long as the longest surviving data category. All requests are documented immutably for five years.
Responsible Gambling and Voluntary Exclusion Registers
Betting limits, time checks, and timeout settings are saved for your account’s entire duration and never deleted while it remains active. If you self-exclude, your hashed identity and device fingerprints are placed into a specialized exclusion register maintained indefinitely under UKGC licence requirements. The register is secured separately, checked only at login or registration, and never utilized for analytics. Access is restricted to trained compliance staff, and all queries are logged for three years. The register contains only identity blocks—no monetary or gameplay records. We review it annually to fix errors and remove deceased individuals. If not, it remains permanent. This retention is mandatory and exempt from deletion requests.
Session Awareness and Gaming Duration Enforcement

Reality check counters use temporary session counters that reset every 24 hours, restarting from your first spin after midnight. Your chosen interval—say, 30 minutes—is kept persistently and automatically reactivates when you come back, even after a long break. Changing the interval mid-session sets the new value immediately for the next reminder. These settings are removed only upon verified account deletion. Session timer data resides in a specialized, encrypted store separate from gameplay analytics. The 24-hour counter is based on play start, not midnight, for precision. All timer configurations are verifiable through the same three-year access log standard. We at no time categorize or market based on these settings.
Payment Transaction and Billing Records
Deposit, withdrawal, and wager records are retained for seven years from the transaction date, per HMRC and FCA rules. We never store full PANs or CVVs. We record only the BIN, last four digits, and a tokenised reference. Chargeback disputes suspend the contested record until final resolution, after which the seven-year clock resumes. Data is partitioned quarterly so automated purging runs cleanly, with monthly deletion runs audited by auditors. Tokenised card references are valid only while your account is active and are erased within thirty days of closure. Aggregated, anonymised totals remain for financial reporting without any personal identifiers. All financial data is secured and quarantined from marketing systems.
Tokenised Payment Instruments and Processor References
Payment gateways create vaulted tokens that link your card to a non-sensitive alias. We keep them for the account lifetime plus a thirty-day grace window, then issue deletion commands to the processor and wipe our own link. The only remnant left behind is an anonymised transaction hash used in aggregate reports, themselves purged after seven years. No usable credentials ever sit on our systems. We track token revocation daily and initiate incidents if deletion does not work. Tokens are linked to our merchant code and cannot be used elsewhere. Weekly reconciliation validates validity, and tokens tied to lost or stolen cards are invalidated immediately. All token operations are documented and verifiable. Aggregate reports never expose individual transaction hashes.
User Account and Verification of Identity Data

Main identity data—scans of government IDs, address verification, biometric selfie verifications—are held for 5 years after your last session or account closure, whichever occurs later. This encompasses contractual time limits and AML obligations. We extract only the essentials: document ID, validity, citizenship. The original image gets shredded right after extraction. Once the five-year period pass, all original data is erased, but a hash of the verification data persists for two more years inside an audit trail. Identity data sits encrypted at rest with AES-256-GCM, kept separate from analytics, and every retrieval is logged for a three-year period. Non-essential fields like birth location are removed at the time of verification to shrink the data size. Yearly reviews ensure accuracy and actively purge outdated records.
File Upload and Biometric Handling
Provide an ID through our secure portal and automated validation wraps up within a minute and a half. We retrieve the ID number, validity, nationality, and a reliability score, then delete the high-resolution image right away—it is never stored on disk. The source file stays in an memory buffer and is removed after handling. A reduced, watermarked preview is created for audit purposes and retained only for the identity verification period. That small image lives in a write-once vault with tight controls and is never shared to client support. Collected information are secured and saved for the five-year plus two-year hash timeframe. All handling runs on UK-based ISO 27001 servers, and every small image access is logged permanently.
Specifics of Biometric Data
Liveness checks record a brief video feed solely in memory. Images are processed and deleted within milliseconds of time. Only a mathematical vector of facial points persists. This numerical representation lacks any image data and cannot be reverse-engineered into a facial image. It remains for the entire identity verification process and is permanently deleted upon account closure or after five years. The numerical representation sits in a dedicated HSM with auto-expiry and is never sent out. Authentication checks happen inside the HSM’s protected enclave without revealing the unprocessed data. The vector is associated with a anonymous identifier separated from advertising profiles, which makes re-identifying highly challenging. Even IT admins are unable to view or rebuild face characteristics from the stored vector.
Technology Framework and Data Storage
All data is stored in UK-based ISO 27001 Tier III+ data centres, never replicated outside the UK. A hot disaster recovery site in a separate UK zone syncs every six hours. Backups are encrypted client-side and adhere to identical retention rules. We implement least privilege with hardware MFA for administrators, capturing their sessions in an immutable three-year audit trail. Multi-factor authentication integrates a hardware token and biometric check. Penetration tests are conducted quarterly, and an independent auditor verifies automated purge schedules. Any deviation generates a Severity 1 incident, alerted to our DPO within four hours. We also maintain an air-gapped backup rotated weekly, subject to the same deletion policies.
Key Lifecycle Administration
Master keys are renewed every 90 days automatically inside an HSM https://wanteddeadorwild.uk. New keys are never exported in plaintext. Rotated keys are stored for the data’s retention period plus 12 months for lawful forensic access. When a data category is purged, its key is destroyed inside the HSM, making any backups unrecoverable. We assign each key to a single data partition, never reuse, and conduct quarterly witnessed key ceremonies logged immutably for five years. The offline archive of old keys demands dual control and is stored on write-once media in a fireproof safe. Annual recovery drills ensure forensic decryption works when needed. No plaintext key material ever departs the HSM boundary.
Policy Review and Incident Reporting Protocols
We assess this policy every six months or upon material change to the game or regulation. Reviews are minuted with DPO, CISO, and legal counsel. A public summary is posted in our privacy centre, minus confidential details. Material changes are emailed 30 days ahead. Minor edits are silently recorded. If a breach occurs affecting data under this policy, we alert affected individuals within 72 hours if high risk, submit with the ICO, and post a transparency notice. Third-party processor breaches must follow the same protocol. We maintain a breach notification log audited quarterly. Post-incident reviews adjust controls as needed. Biannual tabletop exercises test misconfigurations and ransomware to test our response.
Policy Versioning and Revision History
We keep a version-controlled history of this policy with semantic versioning and plain-English summaries of each change. The log specifies exactly which sections changed and why. Previous versions remain accessible for comparison, so you can see precisely what was added or removed. Material modifications affecting your rights are communicated via email at least thirty days in advance. Minor typographical fixes are deployed silently but still recorded. Each entry is cryptographically signed to prove integrity, and annual independent audits confirm the log’s accuracy. The log is a living document reflecting our evolving data practices. You can view the full change log through a link in our privacy centre at any time. This transparent approach demonstrates our commitment to accountable data governance.