Playing Wanted Dead Or a Wild Slot means submitting personal data https://wanteddeadorwild.uk/. This document sets forth exactly how long we store it, the rationale, and what technical protections underpin each category—all based on UK GDPR, the Data Protection Act 2018, and PCI DSS. We handle identity documents, financial transactions, gameplay telemetry, responsible gambling markers, and marketing consents, each with its unique retention clock. Identity records stick around for five years after account closure. Financial logs stay for seven, matching HMRC requirements. Gameplay data gets 24 months before anonymisation takes effect. Full card numbers never reach our systems—only tokenised aliases—and every byte is protected. Independent auditors verify our automated deletion routines, and any schedule slip triggers a full incident response. A version-controlled policy log tracks every edit, and we offer you 30 days’ notice before material changes take effect. Subject access and deletion requests are managed within statutory deadlines.
We adopt a comprehensive approach on what constitutes personal data. Direct identifiers—name, email, billing address, masked payment details—coexist with indirect signals like hashed IP addresses, device fingerprints, browser agents, and advertising tokens. Behavioural data includes session length, bet sizing, spin velocity, and how often feature triggers fire. Even pseudonymised logs can identify again a person when stitched together, so we regard them as personal. Our lawful bases are contractual necessity, legitimate interest for fraud prevention, and explicit consent for game-related marketing. Full card numbers get tokenised before storage. We never collect special category data. Encryption and access controls apply uniformly, and retention rules cover live databases, archives, and backups without exception. Each window starts ticking from the last activity or transaction date, spelled out below. We reassess definitions every six months to keep pace with regulatory guidance.
When a subject access request arrives, we generate a structured JSON/CSV export of all non-purged data within one month, prolongable by two months for complex cases. The export includes live databases, encrypted archives, and processor tokens, provided via a one-time secure link that expires in 72 hours. For deletion, we proceed sequentially: immediate account suppression and token revocation, then batched erasure of all personal data not subject to legal hold. We generate a confirmation report outlining erased versus retained categories and their justifications. This report is maintained as auditable proof for as long as the longest surviving data category. All requests are documented immutably for five years.
Stake limits, time checks, and timeout settings are kept for your account’s lifetime and never deleted while it is active. If you choose to ban yourself, your hashed identity and device fingerprints are placed into a specialized exclusion register kept indefinitely under UKGC licence requirements. The register is coded separately, checked only at login or registration, and never employed for analytics. Entry is confined to educated compliance staff, and all queries are tracked for three years. The register contains only identity blocks—no financial or gameplay records. We examine it annually to correct errors and remove deceased individuals. Otherwise, it stays permanent. This retention is mandatory and exempt from deletion requests.
Reality check timers use transient session counters that restart every 24 hours, starting anew from your first spin after midnight. Your preferred interval—say, 30 minutes—is saved persistently and instantly reactivates when you visit again, even after a long break. Altering the interval mid-session introduces the new value immediately for the next reminder. These settings are removed only upon confirmed account deletion. Session timer data resides in a dedicated, encrypted store separate from gameplay analytics. The 24-hour counter is based on play start, not midnight, for precision. All timer configurations are auditable through the same three-year access log standard. We never categorize or advertise based on these settings.
Primary identity records—official ID scans, address verification, biometric selfie matches—are retained for a five-year period after your last session or account termination, whichever comes later. This covers contractual time limits and AML obligations. We obtain only the key information: document number, expiration date, country of citizenship. The full-resolution image gets deleted immediately after extraction. Once the five-year period pass, all source data is purged, but a encrypted hash of the verification outcome remains for another two years inside an audit trail. Identity data sits stored encrypted with AES-256-GCM, isolated from analytics, and every access is logged for a three-year period. Unnecessary fields like birth location are discarded at verification stage to shrink the data footprint. Annual reviews ensure accuracy and automatically remove expired entries.
Provide an ID through our secure portal and automatic verification completes within 90 seconds. We pull the ID number, expiration date, citizenship, and a confidence score, then delete the full-resolution image immediately—it never touches disk. The source file stays in an memory buffer and disappears after analysis. A compressed, stamped small image is produced for audit purposes and kept only for the identity lifecycle. That thumbnail lives in a write-once storage with rigorous controls and is never exposed to client support. Retrieved data are secured and kept for the five-year plus two-year hash timeframe. All operations runs on ISO 27001 certified UK servers, and every thumbnail access is stored unchangeably.
Live detection checks capture a short video stream completely in memory. Frames are processed and discarded within milliseconds of time. Only a numerical vector of facial landmarks survives. This data set contains no image data and cannot be reverse-engineered into a face. It is kept for the duration of identity verification and is permanently deleted upon account termination or after 5 years. The numerical representation sits in a dedicated HSM with automatic expiration and is never sent out. Login verifications happen inside the HSM’s secure enclave without revealing the raw vector. The vector is linked to a pseudonym unlinked from marketing profiles, which makes re-identification very hard. Even system admins cannot view or reconstruct face characteristics from the saved data.
Deposit, withdrawal, and wager histories are maintained for seven years from the transaction date, per HMRC and FCA rules. We do not store full PANs or CVVs. We collect only the BIN, last four digits, and a tokenised alias. Chargeback disputes suspend the contested record until final outcome, after which the seven-year clock continues. Data is partitioned quarterly so automated purging runs cleanly, with monthly deletion runs checked by auditors. Tokenised card references are valid only while your account is open and are erased within thirty days of closure. Combined, anonymised totals persist for financial reporting without any personal identifiers. All financial data is coded and separated from marketing systems.
Payment gateways generate vaulted tokens that map your card to a non-sensitive reference. We keep them for the account lifetime plus a thirty-day grace interval, then issue deletion commands to the processor and wipe our own mapping. The only trace left behind is an anonymised transaction hash used in aggregate statements, themselves purged after seven years. No usable credentials ever reside on our systems. We check token revocation daily and initiate incidents if deletion is unsuccessful. Tokens are linked to our merchant code and cannot be used elsewhere. Weekly reconciliation verifies correctness, and tokens tied to lost or stolen cards are cancelled immediately. All token operations are documented and auditable. Aggregate reports never disclose individual transaction hashes.
All spins on Wanted Dead Or a Wild logs reel positions, RNG seed, and net outcome with microsecond precision. We keep these raw logs for twenty-four months, then compact them into an anonymous statistical digest used for game design. Session behavioural profiles—average bet, spin cadence, feature buy-ins—stay for the same 24-month window and are then deleted. Feature trigger heatmaps remain for 12 months before merging into a global model. RNG seed audit trails get 36 months. Error diagnostics get 90 days. No individual gameplay data goes into credit or marketing profiling. All logs are encrypted and off-limits to marketing teams.
We keep your consent record—with time stamp, with IP address, and method-captured—for the life of our association plus six years after withdrawal, to meet PECR rules. Send logs for emails, push notifications, and SMS are held for only thirteen months. Withdrawing consent right away halts communications while retaining historical proof. A partitioned database ensures suppression without latency, and consent logs are stored in a separate compliance archive. Dispatch records hold metadata only—subject, time, state—not full message body. The six-year post-withdrawal timeframe matches the statute of limitations for regulatory probes. Quarterly audits verify no expired consents activate mailings. We never tailor offers with gameplay or financial data beyond explicit authorisations.
All data sits in UK-based ISO 27001 Tier III+ data centres, never replicated outside the UK. A hot disaster recovery site in a separate UK zone syncs every six hours. Backups are encrypted client-side and follow identical retention rules. We implement least privilege with hardware MFA for administrators, logging their sessions in an immutable three-year audit trail. Multi-factor authentication uses a hardware token and biometric check. Penetration tests are conducted quarterly, and an independent auditor validates automated purge schedules. Any deviation triggers a Severity 1 incident, notified to our DPO within four hours. We also maintain an air-gapped backup rotated weekly, following the same deletion policies.
Master keys rotate every 90 days automatically inside an HSM. New keys are kept internal in plaintext. Rotated keys are retained for the data’s retention period plus 12 months for lawful forensic access. When a data category is purged, its key is destroyed inside the HSM, making any backups unrecoverable. We bind each key to a single data partition, avoid reuse, and conduct quarterly witnessed key ceremonies logged immutably for five years. The offline archive of old keys demands dual control and is stored on write-once media in a fireproof safe. Annual recovery drills ensure forensic decryption works when needed. No plaintext key material ever leaves the HSM boundary.
We assess this policy every six months or upon material change to the game or regulation. Reviews are recorded with DPO, CISO, and legal counsel. A public summary is published in our privacy centre, minus confidential details. Material changes are sent 30 days ahead. Minor edits are silently recorded. If a breach occurs affecting data under this policy, we inform affected individuals within 72 hours if high risk, file with the ICO, and post a transparency notice. Third-party processor breaches must follow the same protocol. We hold a breach notification log audited quarterly. Post-incident reviews update controls as needed. Biannual tabletop exercises simulate misconfigurations and ransomware to test our response.
We keep a version-controlled history of this policy with semantic versioning and plain-English summaries of each change. The log details exactly which sections changed and why. Previous versions remain accessible for comparison, so you can see precisely what was added or removed. Material modifications affecting your rights are communicated via email at least thirty days in advance. Minor typographical fixes are deployed silently but still recorded. Each entry is cryptographically signed to prove integrity, and annual independent audits check the log’s accuracy. The log is a living document reflecting our evolving data practices. You can retrieve the full change log through a link in our privacy centre at any time. This transparent approach demonstrates our commitment to accountable data governance.
