Data Storage Policy for Wanted Dead Or a Wild Slot Game in UK

ATMBET - Casino

Playing Wanted Dead Or a Wild Slot means submitting personal data wanteddeadorwild.uk. This document lays out exactly how long we retain it, the rationale, and what technical protections support each category—all aligned with UK GDPR, the Data Protection Act 2018, and PCI DSS. We manage identity documents, financial transactions, gameplay telemetry, responsible gambling markers, and marketing consents, each with its specific retention clock. Identity records are kept for five years after account closure. Financial logs stay for seven, matching HMRC requirements. Gameplay data receives 24 months before anonymisation takes effect. Full card numbers never touch our systems—only tokenised aliases—and every byte is protected. Independent auditors review our automated deletion routines, and any schedule slip activates a full incident response. A version-controlled policy log records every edit, and we give you 30 days’ notice before material changes become effective. Subject access and deletion requests are managed within statutory deadlines.

Marketing Consent and Correspondence Records

We keep your consent document—time-stamped, with IP address, and with capture method—for the duration of our partnership plus six years after revocation, to satisfy PECR requirements. Delivery logs for electronic messages, push messages, and SMS are kept for only thirteen months. Withdrawing consent right away halts communications while preserving historical proof. A segmented database ensures suppression without latency, and consent logs are kept in a separate compliance archive. Dispatch records contain metadata only—heading, time stamp, state—not full message body. The six-year post-withdrawal period mirrors the statute of limitations for regulatory probes. Quarterly audits check no expired consents trigger mailings. We never tailor offers with gameplay or financial data beyond explicit authorisations.

Technology Framework and Data Storage

All data resides in UK-based ISO 27001 Tier III+ data centres, not copied outside the UK. A hot disaster recovery site in a separate UK zone syncs every six hours. Backups are encrypted client-side and follow identical retention rules. We implement least privilege with hardware MFA for administrators, recording their sessions in an immutable three-year audit trail. Multi-factor authentication uses a hardware token and biometric check. Penetration tests run quarterly, and an independent auditor verifies automated purge schedules. Any deviation raises a Severity 1 incident, reported to our DPO within four hours. We also operate an air-gapped backup rotated weekly, subject to the same deletion policies.

Management of Encryption Keys

Master keys rotate every 90 days automatically inside an HSM. New keys are not extracted in plaintext. Rotated keys are retained for the data’s retention period plus 12 months for lawful forensic access. When a data category is purged, its key is deleted inside the HSM, making any backups unrecoverable. We link each key to a single data partition, do not reuse, and conduct quarterly witnessed key ceremonies logged immutably for five years. The offline archive of old keys requires dual control and is stored on write-once media in a fireproof safe. Annual recovery drills guarantee forensic decryption works when needed. No plaintext key material ever departs the HSM boundary.

Monetary Transaction and Payment Records

Funding, withdrawal, and wager records are kept for seven years from the transaction date, per HMRC and FCA rules. We seldom store full PANs or CVVs. We capture only the BIN, last four digits, and a tokenised identifier. Chargeback disputes freeze the contested record until final resolution, after which the seven-year clock restarts. Data is partitioned quarterly so automated purging runs cleanly, with monthly deletion runs verified by auditors. Tokenised card references stay valid only while your account is live and are wiped within thirty days of closure. Summarised, anonymised totals endure for financial reporting without any personal information. All financial data is encrypted and separated from marketing systems.

Tokenized Payment Instruments and Processor References

Payment gateways create vaulted tokens that link your card to a non-sensitive identifier. We hold them for the account lifetime plus a thirty-day grace window, then transmit deletion commands to the processor and wipe our own mapping. The only remnant left behind is an anonymised transaction hash used in aggregate reports, themselves deleted after seven years. No usable credentials ever exist on our systems. We track token revocation daily and trigger incidents if deletion is unsuccessful. Tokens are tied to our merchant code and cannot be used in other contexts. Weekly reconciliation validates validity, and tokens tied to lost or stolen cards are cancelled immediately. All token operations are recorded and checked. Aggregate reports never disclose individual transaction hashes.

Account Registration and Verification of Identity Data

Core identity profiles—scans of government IDs, proof of address, biometric selfie matches—are retained for 5 years after your last session or account termination, whichever occurs later. This includes contractual limitation periods and anti-money laundering responsibilities. We extract only the necessary details: document ID, expiration date, citizenship. The original image gets destroyed right after extraction. Once 5 years pass, all raw data is removed, but a hash of the verification data remains for another two years inside an audit trail. Personal identity information sits encrypted in storage with AES-256-GCM, stored away from analytics, and every retrieval is logged for 3 years. Optional fields like birth location are removed at verification time to minimize the data size. Annual reviews verify correctness and proactively delete expired entries.

Uploading Documents and Biometric Handling

Provide an ID through our protected portal and automated validation completes within ninety seconds. We pull the ID number, expiry, nationality, and a reliability score, then destroy the original image immediately—it never touches disk. The initial file stays in an temporary memory and vanishes after analysis. A compressed, marked small image is produced for compliance purposes and stored only for the identity verification period. That small image lives in a immutable vault with rigorous controls and is never exposed to client support. Retrieved data are encrypted and kept for the five-year-plus-two hash window. All handling runs on UK-based ISO 27001 servers, and every preview retrieval is recorded immutably.

Biometric Information Details

Liveness verifications capture a quick video entirely in memory. Frames are analyzed and discarded within milliseconds. Only a numerical vector of facial landmarks survives. This numerical representation contains no image data and cannot be turned back into a facial image. It stays for the entire identity verification process and is permanently deleted upon closure of account or after 5 years. The vector sits in a hardware security module with automatic expiration and is never sent out. Authentication checks happen inside the HSM’s secure enclave without disclosing the unprocessed data. The numerical representation is bound to a pseudonymous identifier unlinked from advertising profiles, which makes re-identification extremely difficult. Even IT admins cannot see or rebuild face characteristics from the stored vector.

Session Gameplay and Behavioral Analytics Data

All spins on Wanted Dead Or a Wild records reel positions, RNG seed, and net outcome with microsecond precision. We retain these raw logs for twenty-four months, then compact them into an anonymous statistical digest utilized for game design. Session behavioural profiles—average bet, spin cadence, feature buy-ins—stay for the same 24-month window and are then deleted. Feature trigger heatmaps persist for 12 months before merging into a global model. RNG seed audit trails have 36 months. Error diagnostics get 90 days. No individual gameplay data goes into credit or marketing profiling. All logs are encrypted and off-limits to marketing teams.

  • Spin-level logs: 24 months from event date, then anonymised aggregation
  • Session behavioural profiles: 24 months from last session, then removed
  • RNG seed audit trails: 36 months to meet technical standards
  • Feature trigger heatmaps: 12 months, then merged into global model
  • Error and crash diagnostic logs: 90 days, then rotated out

Controlled Gambling and Self-Exclusion Registers

Deposit limits, time checks, and timeout settings are kept for your account’s lifetime and never deleted while it is active. If you self-exclude, your hashed identity and device fingerprints are placed into a dedicated exclusion register held without time limit under UKGC licence requirements. The register is secured separately, checked only at login or registration, and never used for analytics. Access is limited to educated compliance staff, and all lookups are recorded for three years. The register contains only identity blocks—no banking or gameplay records. We check it annually to rectify errors and remove deceased individuals. If not, it remains permanent. This retention is mandatory and excluded from deletion requests.

Reality Check and Gaming Duration Enforcement

Reality check counters use transient session counters that reset every 24 hours, restarting from your first spin after midnight. Your chosen interval—say, 30 minutes—is saved persistently and routinely reactivates when you visit again, even after a long break. Altering the interval mid-session applies the new value right away for the next reminder. These settings are removed only upon validated account deletion. Session timer data sits in a dedicated, encrypted store separate from gameplay analytics. The 24-hour counter is based on play start, not midnight, for accuracy. All timer configurations are auditable through the same three-year access log standard. We never categorize or advertise based on these settings.

Essential Definitions and Scope of Personal Data

We cast a wide net on what counts as personal data. Direct identifiers—name, email, billing address, masked payment details—coexist with indirect signals like hashed IP addresses, device fingerprints, browser agents, and advertising tokens. Behavioural data includes session length, bet sizing, spin velocity, and how often feature triggers fire. Even pseudonymised logs can re-identify a person when stitched together, so we treat them as personal. Our lawful bases are contractual necessity, legitimate interest for fraud prevention, and explicit consent for game-related marketing. Full card numbers get tokenised before storage. We never collect special category data. Encryption and access controls apply uniformly, and retention rules cover live databases, archives, and backups without exception. Each window starts ticking from the last activity or transaction date, spelled out below. We reassess definitions every six months to stay aligned with regulatory guidance.

Policy Review and Incident Reporting Protocols

We assess this policy every six months or upon material change to the game or regulation. Reviews are documented with DPO, CISO, and legal counsel. A public summary is displayed in our privacy centre, minus confidential details. Material changes are communicated 30 days ahead. Minor edits are silently recorded. If a breach occurs affecting data under this policy, we inform affected individuals within 72 hours if high risk, report with the ICO, and issue a transparency notice. Third-party processor breaches must follow the same protocol. We hold a breach notification log audited quarterly. Post-incident reviews update controls as needed. Biannual tabletop exercises simulate misconfigurations and ransomware to test our response.

Policy Versioning and Revision History

We preserve a version-controlled history of this policy with semantic versioning and plain-English summaries of each change. The log specifies exactly which sections changed and why. Previous versions remain accessible for comparison, so you can see precisely what was added or removed. Material modifications affecting your rights are transmitted via email at least en.wikipedia.org thirty days in advance. Minor typographical fixes are deployed silently but still recorded. Each entry is cryptographically signed to prove integrity, and annual independent audits verify the log’s accuracy. The log is a living document reflecting our evolving data practices. You can access the full change log through a link in our privacy centre at any time. This transparent approach shows our commitment to accountable data governance.

SAR and Deletion Processes

When an SAR lands, we compile a organized JSON/CSV export of all non-purged data within one month, expandable by two months for complex cases. The export spans live databases, encrypted archives, and processor tokens, sent via a one-time secure link that expires in 72 hours. For deletion, we proceed sequentially: immediate account suppression and token revocation, then queued erasure of all personal data not subject to legal hold. We produce a confirmation report detailing erased versus retained categories and their justifications. This report is retained as auditable proof for as long as the longest surviving data category. All requests are logged immutably for five years.

  • Partager sur

À lire également