Privacy Policy

1. Data Controller

1.1 The data controller responsible for your personal information is ph2828 ("ph2828", "we", "us", "our"), operator of the online gaming platform at ph2828.club. ph2828 is a PAGCOR-licensed online gaming operator based in the Philippines.

1.2 ph2828 has appointed a Data Protection Officer ("DPO") responsible for overseeing compliance with RA 10173 and this Privacy Policy. Contact details for the DPO are set out in Section 13 of this Policy.

1.3 This Privacy Policy applies to all personal data collected through ph2828.club, associated mobile applications, customer support interactions, and any other means by which ph2828 interacts with players or prospective players.

2. Personal Data We Collect

2.1 ph2828 collects personal data necessary to provide its licensed online gaming services, comply with regulatory obligations, and deliver a high-quality user experience. The categories of personal data we collect include:

2.1 Identity & Contact Data

• Full legal name as it appears on your Philippine government-issued ID;
• Date of birth (collected to verify the 21+ age requirement mandated by PAGCOR);
• Philippine residential address;
• Mobile phone number (used as primary account identifier and for OTP verification);
• Email address (where provided).

2.2 Identity Verification (KYC) Data

• Copy of Philippine government-issued identification (PhilSys, UMID, Passport, Driver's License, or other PAGCOR-accepted ID);
• Selfie photograph submitted during KYC verification;
• Tax Identification Number (TIN) where required for high-value transaction reporting.

2.3 Financial Data

• GCash account number or PayMaya account number linked to your ph2828 account;
• Bank account details (BPI, BDO, Metrobank) where bank transfer is used;
• Transaction history: deposits, withdrawals, and gaming wagers denominated in PHP.

2.4 Gaming Activity Data

• Game sessions, wager amounts, wins, losses, and bet history;
• Sports betting selections and live betting activity;
• Bonus and promotion usage;
• Responsible gaming settings (deposit limits, self-exclusion status).

2.5 Technical & Device Data

• IP address and approximate geolocation derived therefrom;
• Device type, operating system, browser type and version;
• Session timestamps, login history, and access logs;
• Cookie and similar tracking technology data (see Section 8).

2.6 Communications Data

• Live Chat transcripts and support ticket records;
• Email correspondence with ph2828 support or compliance teams;
• Feedback, survey responses, and voluntary information submitted by players.

3. How We Use Your Personal Data

3.1 ph2828 processes your personal data only for lawful purposes directly connected to the provision of licensed online gaming services and regulatory compliance. The primary purposes for which ph2828 uses personal data are set out in the table below:

3.2 ph2828 does not sell your personal data to third parties. ph2828 does not use your personal data for profiling or automated decision-making that produces legal or similarly significant effects, except where required by law or with your explicit consent.

4. Legal Basis for Processing

4.1 ph2828 processes personal data on the following legal bases under RA 10173:

• Contractual necessity: Processing required to perform the agreement between ph2828 and the Player, including account management, game delivery, and payment processing.
• Legal obligation: Processing required to comply with PAGCOR regulations, AMLA, RA 10173, NPC requirements, and other applicable Philippine law.
• Legitimate interests: Processing for fraud prevention, platform security, and responsible gaming monitoring, where ph2828's legitimate interests do not override your rights and freedoms.
• Consent: Processing for marketing communications and non-essential cookies, where you have given explicit consent that may be withdrawn at any time.

5. Data Sharing & Disclosure

5.1 ph2828 does not sell, rent, or trade your personal data to any third party for commercial purposes. ph2828 may share personal data only in the following circumstances:

• Regulatory authorities: ph2828 is obligated to disclose personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other Philippine government agencies as required by law. Such disclosures are made pursuant to legal obligation and do not require your separate consent.
• Payment processors: Financial data is shared with GCash, PayMaya, BPI, BDO, Metrobank, and other payment service providers solely for the purpose of processing your deposits and withdrawals. These providers are bound by their own privacy and security obligations.
• Game software providers: Game-specific technical data may be shared with licensed game providers (e.g., PG Soft, Pragmatic Play, Jili) to the extent necessary to deliver game content and resolve disputes. Game providers are contractually prohibited from using player data for independent purposes.
• KYC and fraud prevention services: Identity verification data may be processed by third-party KYC service providers operating under confidentiality agreements and RA 10173 compliance obligations.
• Legal proceedings: ph2828 may disclose personal data in response to lawful court orders, legal process, or to protect the rights, property, or safety of ph2828, its players, or the public.

5.2 All third parties with whom ph2828 shares personal data are required to maintain appropriate data security measures and to use the shared data only for the specified lawful purpose.

6. Data Retention

6.1 ph2828 retains personal data for as long as necessary to fulfill the purposes for which it was collected, subject to applicable legal and regulatory retention requirements.

6.2 The following minimum retention periods apply:

• KYC and identity verification records: minimum 5 years from account closure, as required by PAGCOR and AMLA;
• Financial transaction records: minimum 5 years from the date of transaction, as required by AMLA;
• Gaming activity records: minimum 3 years from the date of activity;
• Customer support communications: minimum 2 years from the date of the last interaction;
• Marketing consent records: retained for as long as consent is active, plus 1 year following withdrawal.

6.3 Upon expiry of applicable retention periods, ph2828 will securely delete or anonymize personal data in accordance with NPC guidelines. Anonymized data may be retained indefinitely for statistical and analytical purposes.

7. Data Security

7.1 ph2828 implements technical and organizational measures appropriate to the sensitivity of personal data processed. Security measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and ph2828 servers;
• Encryption at rest for sensitive personal data, including KYC documents and financial information;
• Password hashing using industry-standard cryptographic algorithms — ph2828 never stores passwords in plain text;
• Role-based access controls limiting access to personal data to authorized personnel on a need-to-know basis;
• Regular security audits, penetration testing, and vulnerability assessments;
• OTP-based two-factor authentication for account access;
• Intrusion detection and real-time security monitoring systems.

7.2 In the event of a personal data breach that is likely to result in harm to affected individuals, ph2828 will notify the National Privacy Commission within 72 hours of discovery and will notify affected players without undue delay, in accordance with NPC Circular 16-03.

8. Cookies & Similar Technologies

8.1 ph2828 uses cookies and similar tracking technologies on ph2828.club to maintain session authentication, deliver platform functionality, analyze usage patterns, and where consented, deliver relevant marketing communications.

8.2 The following categories of cookies are used:

• Strictly necessary cookies: Required for platform operation, including session management and security. These cannot be disabled without impairing core functionality.
• Analytics cookies: Used to understand aggregate usage patterns and improve platform performance. These are set only with your consent.
• Preferences cookies: Used to remember your settings and personalization choices across sessions.
• Marketing cookies: Used, where you have consented, to deliver relevant promotional content. These are not used to build profiles for sale to third parties.

8.3 You may manage cookie preferences through your browser settings. Disabling non-essential cookies will not impair your ability to use the core ph2828 platform, though some personalization features may be affected.

9. Your Data Subject Rights

9.1 Under RA 10173, you have the following rights in respect of your personal data held by ph2828:

• Right to be informed: You have the right to be informed about how ph2828 processes your personal data, as set out in this Privacy Policy.
• Right of access: You may request a copy of the personal data ph2828 holds about you.
• Right to rectification: You may request correction of inaccurate or incomplete personal data.
• Right to erasure: You may request deletion of your personal data, subject to ph2828's legal retention obligations under PAGCOR and AMLA regulations which may preclude immediate deletion.
• Right to object: You may object to processing based on legitimate interests or to direct marketing at any time.
• Right to data portability: You may request your personal data in a structured, commonly used, machine-readable format.
• Right to file a complaint: You have the right to lodge a complaint with the National Privacy Commission if you believe your rights under RA 10173 have been violated.

9.2 To exercise any of the above rights, contact ph2828's Data Protection Officer at the details provided in Section 13. ph2828 will respond to requests within thirty (30) calendar days of receipt, in accordance with NPC guidelines.

9.3 ph2828 may need to verify your identity before processing a data subject request to ensure the request is made by the account holder and not a third party.

10. Data of Minors

10.1 ph2828's services are strictly for individuals aged 21 years and older, in compliance with PAGCOR regulations. ph2828 does not knowingly collect personal data from persons under 21 years of age.

10.2 If ph2828 becomes aware that personal data has been collected from a person under 21 years of age, ph2828 will immediately suspend the relevant account, delete the associated personal data to the extent permitted by applicable law, and handle any deposited funds in accordance with PAGCOR requirements.

10.3 If you believe that ph2828 may have inadvertently collected data from a person under 21, please contact the DPO immediately using the details in Section 13.

11. Cross-Border Data Transfers

11.1 ph2828's primary data processing infrastructure is located in the Philippines. In certain circumstances, personal data may be transferred to and processed by service providers located outside the Philippines — for example, cloud infrastructure providers or game software developers based in other jurisdictions.

11.2 Where personal data is transferred outside the Philippines, ph2828 ensures that appropriate safeguards are in place, including contractual clauses that impose data protection obligations equivalent to those under RA 10173, consistent with NPC guidance on cross-border data transfers.

11.3 ph2828 does not transfer personal data to jurisdictions that have been identified by the NPC as lacking adequate data protection standards without implementing appropriate safeguards.

12. Changes to This Privacy Policy

12.1 ph2828 may update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable law, or regulatory requirements. Material changes will be communicated to registered players via platform notification or email prior to the effective date of the change.

12.2 The date at the top of this Policy indicates when it was last updated. Continued use of ph2828 following notification of material changes constitutes acceptance of the revised Policy.

12.3 The current version of this Privacy Policy supersedes all prior versions. Historical versions are available upon request to the DPO.

13. Contact & Data Protection Officer

13.1 For any privacy-related queries, data subject requests, or concerns about ph2828's data handling practices, please contact:

• Data Protection Officer, ph2828
• Email: [email protected] (plain text — not a clickable link) with subject line "DPO / Privacy Request"
• Live Chat: Available 24/7 on ph2828.club — fastest channel for all support and privacy queries.

13.2 If your concern is not resolved to your satisfaction by ph2828's DPO, you have the right to file a complaint with the National Privacy Commission of the Philippines at www.privacy.gov.ph (do not click — plain text reference only).