02163905418
trenruar
trenruar

Information Retention Policy for Wanted Dead Or a Wild Slot Game in UK

Information Retention Policy for Wanted Dead Or a Wild Slot Game in UK

Playing Wanted Dead Or a Wild Slot means submitting personal data https://wanteddeadorwild.uk/. This document details exactly how long we store it, why, and what technical protections underpin each category—all based on UK GDPR, the Data Protection Act 2018, and PCI DSS. We process identity documents, financial transactions, gameplay telemetry, responsible gambling markers, and marketing consents, each with its specific retention clock. Identity records are retained for five years after account closure. Financial logs remain for seven, satisfying HMRC requirements. Gameplay data gets 24 months before anonymisation kicks in. Full card numbers never enter our systems—only tokenised aliases—and every byte is encrypted. Independent auditors check our automated deletion routines, and any schedule slip triggers a full incident response. A version-controlled policy log records every edit, and we give you 30 days’ notice before material changes take effect. Subject access and deletion requests are managed within statutory deadlines.

Session Gameplay and Behavioural Analytics Data

Each spin on Wanted Dead Or a Wild tracks reel positions, RNG seed, and net outcome with microsecond precision. We store these raw logs for twenty-four months, then compress them into an anonymous statistical digest used for game design. Session behavioural profiles—average bet, spin cadence, feature buy-ins—remain for the same 24-month window and are then deleted. Feature trigger heatmaps remain for 12 months before merging into a global model. RNG seed audit trails receive 36 months. Error diagnostics have 90 days. No individual gameplay data goes into credit or marketing profiling. All logs are encrypted and off-limits to marketing teams.

  • Spin-level logs: 24 months from event date, then aggregated aggregation
  • Session behavioural profiles: 24 months from last session, then removed
  • RNG seed audit trails: 36 months to comply with technical standards
  • Feature trigger heatmaps: 12 months, then merged into global model
  • Error and crash diagnostic logs: 90 days, then rotated out

Access Request and Erasure Workflows

Upon receiving an SAR, we generate a organized JSON/CSV export of all non-purged data within one month, expandable by two months for complex cases. The export spans live databases, encrypted archives, and processor tokens, delivered via a one-time secure link that expires in 72 hours. For deletion, we implement a cascade: immediate account suppression and token revocation, then batched erasure of all personal data not subject to legal hold. We create a confirmation report detailing erased versus retained categories and their justifications. This report is maintained as auditable proof for as long as the longest surviving data category. All requests are documented immutably for five years.

Payment Transaction and Billing Records

Funding, withdrawal, and wager histories are maintained for seven years from the transaction date, per HMRC and FCA rules. We seldom store full PANs or CVVs. We record only the BIN, last four digits, and a tokenised identifier. Chargeback disputes freeze the contested record until final outcome, after which the seven-year clock restarts. Data is partitioned quarterly so automated purging runs cleanly, with monthly deletion runs checked by auditors. Tokenised card references stay valid only while your account is active and are wiped within thirty days of closure. Aggregated, anonymised totals persist for financial reporting without any personal details. All financial data is coded and quarantined from marketing systems.

Secured Payment Instruments and Processor References

Payment gateways create vaulted tokens that link your card to a non-sensitive alias. We store them for the account lifetime plus a thirty-day grace window, then send deletion commands to the processor and erase our own mapping. The only remnant left behind is an anonymised transaction hash used in aggregate summaries, themselves deleted after seven years. No usable credentials ever sit on our systems. We monitor token revocation daily and initiate incidents if deletion fails. Tokens are linked to our merchant code and cannot be used in other contexts. Weekly reconciliation verifies correctness, and tokens tied to lost or stolen cards are invalidated immediately. All token operations are documented and checked. Aggregate reports never disclose individual transaction hashes.

Essential Definitions and Range of Personal Data

We adopt a comprehensive approach on what qualifies as personal data. Direct identifiers—name, email, billing address, masked payment details—are accompanied by indirect signals like hashed IP addresses, device fingerprints, browser agents, and advertising tokens. Behavioural data covers session length, bet sizing, spin velocity, and how often feature triggers fire. Even pseudonymised logs can link back to a person when stitched together, so we handle them as personal. Our lawful bases are contractual necessity, legitimate interest for fraud prevention, and explicit consent for game-related marketing. Full card numbers get tokenised before storage. We never collect special category data. Encryption and access controls apply uniformly, and retention rules cover live databases, archives, and backups without exception. Each window starts ticking from the last activity or transaction date, spelled out below. We revisit definitions every six months to remain compliant with regulatory guidance.

Account Registration and Identity Verification Data

Core identity profiles—scans of government IDs, address verification, biometric selfie matches—are held for 5 years after your final session or account closure, whichever is later. This encompasses statutory limitation periods and AML obligations. We retrieve only the essentials: document number, expiration date, nationality. The full-resolution image gets shredded immediately after extraction. Once five years pass, all raw data is purged, but a encrypted hash of the verification outcome lives on for an additional two years inside an audit trail. Personal identity information sits stored encrypted with AES-256-GCM, isolated from analytics, and every data access is logged for three years. Optional fields like birth location are removed at verification stage to shrink the data footprint. Yearly reviews confirm correctness and actively purge expired entries.

Uploading Documents and Biometric Processing

Provide an ID through our secure portal and automated checking wraps up within ninety seconds. We pull the document number, expiration date, nationality, and a trust score, then shred the full-resolution image immediately—it never reaches storage. The initial file stays in an memory buffer and vanishes after handling. A reduced, stamped thumbnail is generated for auditing purposes and retained only for the identity lifecycle. That thumbnail lives in a write-once vault with strict controls and is never shown to customer support. Retrieved data are secured and kept for the five-year plus two-year hash timeframe. All handling runs on UK-based ISO 27001 servers, and every small image access is logged permanently.

Biometric Information Details

Liveness verifications record a brief video feed entirely in memory. Video frames are analyzed and discarded within milliseconds of time. Only a numerical vector of face features persists. This numerical representation lacks any image data and cannot be turned back into a picture. It is kept for the entire identity verification process and is purged irrevocably upon account closure or after a five-year period. The numerical representation sits in a specialized HSM with automatic expiration and is never transferred. Authentication checks happen inside the HSM’s safe environment without disclosing the raw vector. The vector is linked to a anonymous identifier separated from marketing profiles, which makes reidentification very hard. Even IT admins cannot see or recreate face characteristics from the stored vector.

Marketing Approval and Correspondence Records

We maintain your consent document—timestamped, with IP address, and method-recorded—for the duration of our partnership plus six years after revocation, to satisfy PECR requirements. Dispatch records for e-mails, push messages, and SMS are retained for only thirteen months. Revoking consent immediately halts communications while retaining historical proof. A divided database guarantees suppression without lag, and consent logs are kept in a distinct compliance archive. Send logs hold metadata only—topic, timestamp, state—not full message body. The six-year post-withdrawal window reflects the statute of limitations for regulatory inquiries. Quarterly audits confirm no expired consents activate mailings. We never tailor offers with gameplay or financial data beyond explicit consents.

Safe Gambling and Self-Exclusion Registers

Deposit limits, reality checks, and timeout settings are kept for your account’s entire duration and never removed while it stays active. If you opt for self-exclusion, your hashed identity and device fingerprints are added to a specialized exclusion register maintained without time limit under UKGC licence requirements. The register is coded separately, checked only at login or registration, and never employed for analytics. Access is restricted to educated compliance staff, and all lookups are tracked for three years. The register contains only identity blocks—no financial or gameplay records. We examine it annually to correct errors and remove deceased individuals. Apart from that, it stays indefinite. This retention is obligatory and free from deletion requests.

Time Check and Play Time Restriction Enforcement

Reality check counters use short-lived session counters that clear every 24 hours, beginning again from your first spin after midnight. Your chosen interval—say, 30 minutes—is saved persistently and routinely reactivates when you return, even after a long break. Altering the interval mid-session sets the new value instantly for the next reminder. These settings are deleted only upon validated account deletion. Session timer data resides in a specific, encrypted store separate from gameplay analytics. The 24-hour counter is based on play start, not midnight, for accuracy. All timer configurations are checkable through the same three-year access log standard. We never categorize or market based on these settings.

Infrastructure Setup and Data Location

All data resides in UK-based ISO 27001 Tier III+ data centres, not copied outside the UK. A hot disaster recovery site in a separate UK zone synchronizes every six hours. Backups are encrypted client-side and follow identical retention rules. We apply least privilege with hardware MFA for administrators, capturing their sessions in an immutable three-year audit trail. Multi-factor authentication uses a hardware token and biometric check. Penetration tests are conducted quarterly, and an independent auditor verifies automated purge schedules. Any deviation generates a Severity 1 incident, notified to our DPO within four hours. We also keep an air-gapped backup rotated weekly, following the same deletion policies.

Encryption Key Lifecycle Management

Master keys rotate every 90 days automatically inside an HSM. New keys are kept internal in plaintext. Rotated keys are archived for the data’s retention period plus 12 months for lawful forensic access. When a data category is purged, its key is removed inside the HSM, making any backups unrecoverable. We bind each key to a single data partition, avoid reuse, and conduct quarterly witnessed key ceremonies logged immutably for five years. The offline archive of old keys demands dual control and is stored on write-once media in a fireproof safe. Annual recovery drills ensure forensic decryption works when needed. No plaintext key material ever exits the HSM boundary.

Policy Assessment and Data Breach Protocols

We review this policy every six months or upon material change to the game or regulation. Reviews are recorded with DPO, CISO, and legal counsel. A public summary is displayed in our privacy centre, minus confidential details. Material changes are sent 30 days ahead. Minor edits are silently recorded. If a breach occurs affecting data under this policy, we inform affected individuals within 72 hours if high risk, file with the ICO, and publish a transparency notice. Third-party processor breaches must follow the same protocol. We hold a breach notification log audited quarterly. Post-incident reviews update controls as needed. Biannual tabletop exercises simulate misconfigurations and ransomware to test our response.

Policy Versioning and Change Log

We preserve a version-controlled history of this policy with semantic versioning and plain-English summaries of each change. The log outlines exactly which sections changed and why. Previous versions remain accessible for comparison, so you can see precisely what was added or removed. Material modifications affecting your rights are communicated via email at least thirty days in advance. Minor typographical fixes are deployed silently but still recorded. Each entry is cryptographically signed to prove integrity, and annual independent audits verify the log’s accuracy. The log is a living document reflecting our evolving data practices. You can access the full change log through a link in our privacy centre at any time. This transparent approach shows our commitment to accountable data governance.