ph68 Privacy Policy

1Introduction

1.1 ph68 ("ph68," "we," "us," "the Company") operates the online gaming platform at ph68.asia and is committed to protecting the privacy and personal data of all registered players and website visitors ("you," "the Data Subject").

1.2 This Privacy Policy ("Policy") describes how ph68 collects, receives, uses, stores, processes, discloses, transfers, and disposes of personal data in connection with the ph68 Platform, in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 of the Philippines ("DPA"), its Implementing Rules and Regulations ("IRR"), and the issuances of the National Privacy Commission ("NPC").

1.3 This Policy also reflects ph68's obligations as a PAGCOR-licensed online gaming operator with respect to player data, including obligations under the Anti-Money Laundering Act ("AMLA") and the Terrorism Financing Prevention and Suppression Act.

1.4 By registering an Account on the ph68 Platform or by continuing to use the Platform after being informed of this Policy, you acknowledge that you have read and understood this Policy and consent to the processing of your personal data as described herein. Where consent is required for a specific processing activity, we will obtain it explicitly.

2Data Controller Identity

2.1 The Data Controller responsible for your personal data collected through the ph68 Platform is the legal entity operating ph68 under its PAGCOR license, with its registered business address in the Philippines.

2.2 ph68 has appointed a Data Protection Officer ("DPO") as required under the DPA. The DPO is responsible for overseeing ph68's data protection compliance program, handling data subject requests, managing data breach response, and acting as the point of contact with the National Privacy Commission.

2.3 Contact details for the ph68 Data Protection Officer are provided in Section 16 of this Policy.

3Personal Data We Collect

3.1 ph68 collects the following categories of personal data from players and platform users:

3.1 Identity and Registration Data

• Full legal name (as it appears on government-issued Philippine ID)
• Date of birth (for mandatory 21+ age verification)
• Gender
• Nationality and country of residence
• Philippine residential address
• Username and encrypted account password

3.2 Contact Data

• Philippine mobile number (primary contact and 2FA channel)
• Email address

3.3 Identity Verification (KYC) Data

• Copies of government-issued Philippine identification documents (e.g., PhilSys ID, Passport, UMID, Driver's License, Voter's ID)
• Proof of address documents (e.g., utility bill, bank statement)
• Source-of-funds documentation where required by AMLC regulations
• Facial verification data collected during liveness-check procedures (where applicable)

3.4 Financial and Transaction Data

• GCash mobile number and wallet reference data
• PayMaya account reference data
• Bank account details (account name and number) for BDO, BPI, Metrobank, UnionBank, and other supported Philippine banks
• Deposit transaction records, amounts, dates, and payment method references
• Withdrawal requests, amounts, destination account details, and processing records
• Transaction history, balance records, and financial account statements

3.5 Gaming Activity Data

• Game play logs, bet history, wagering records, win/loss records, and session duration data
• Game preferences, favorite titles, and betting patterns
• Bonus and promotion participation history
• Responsible gaming tool activations (deposit limits, loss limits, self-exclusion records)

3.6 Technical and Device Data

• IP address, geolocation data (country/region level), and timezone
• Device type, operating system, browser type and version
• Login timestamps, session identifiers, and device fingerprint data
• Platform usage analytics and navigation behavior (via cookies and similar technologies)

3.7 Communications Data

• Live chat transcripts and support ticket records
• Email and SMS correspondence with ph68 support
• Survey responses and voluntary feedback submissions

4How We Collect Your Data

4.1 ph68 collects personal data through the following means:

• Direct submission: Information you provide when registering an Account, completing KYC verification, making deposits or withdrawals, contacting support, or participating in promotions.
• Automated technical collection: Data collected automatically when you access the ph68 Platform, including IP address, device data, cookies, session logs, and usage analytics.
• Third-party payment processors: Transaction confirmation data received from GCash, PayMaya, and Philippine bank payment gateways when you initiate deposits or withdrawals.
• KYC verification partners: Identity verification results and risk scoring data from third-party KYC and AML compliance service providers engaged by ph68.
• Regulatory sources: Information received from PAGCOR, AMLC, or other Philippine regulatory authorities in the course of compliance activities.
• Game studios: Aggregated gameplay data received from third-party game providers in connection with your play activity on the ph68 Platform.

5How We Use Your Personal Data

5.1 ph68 uses the personal data collected for the following purposes:

6Legal Basis for Processing

6.1 ph68 processes personal data on the following legal bases under the Philippine Data Privacy Act of 2012:

• Contractual necessity: Processing required to fulfill ph68's obligations under the Terms & Conditions you agreed to when registering an Account — including account management, deposit and withdrawal processing, and gameplay services.
• Legal obligation: Processing required to comply with ph68's obligations under Philippine law, including PAGCOR regulations, the Anti-Money Laundering Act, the Data Privacy Act, and PAGCOR's responsible gaming requirements (including mandatory age verification at 21+).
• Legitimate interests: Processing necessary for ph68's legitimate business interests, including fraud prevention, platform security, responsible gaming monitoring, and platform analytics, where such interests are not overridden by your rights and interests.
• Consent: Processing for which ph68 has obtained your explicit, informed, and freely given consent — primarily for marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.

7Data Sharing and Disclosure

7.1 ph68 does not sell your personal data to third parties. ph68 may share your personal data with the following categories of recipients, strictly to the extent necessary for the stated purpose:

• Philippine Regulatory Authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), the Bureau of Internal Revenue (BIR), and law enforcement agencies — where disclosure is required by law, court order, or regulatory direction.
• Payment Service Providers: GCash (Mynt), PayMaya (Voyager Innovations), BDO, BPI, Metrobank, UnionBank, and other Philippine payment processors — for the purpose of processing deposit and withdrawal transactions.
• KYC and AML Compliance Providers: Third-party identity verification and anti-money laundering screening services engaged by ph68 to fulfill its regulatory compliance obligations.
• Game Studio Partners: Pragmatic Play, Evolution Gaming, PG Soft, Habanero, SA Gaming, and other certified game providers — for the purpose of delivering game services and resolving technical disputes.
• Technology and Infrastructure Providers: Cloud hosting, cybersecurity, and platform infrastructure providers engaged by ph68 under binding data processing agreements that prohibit further use or disclosure.
• Professional Advisers: Legal counsel, auditors, and insurance providers where disclosure is necessary in the ordinary course of business.

7.2 All third-party service providers who process personal data on behalf of ph68 are bound by data processing agreements that impose equivalent privacy and security obligations as required under the DPA.

8Cookies and Tracking Technologies

8.1 The ph68 Platform uses cookies and similar tracking technologies to operate the Platform, authenticate sessions, prevent fraud, and analyze usage. The following categories of cookies are used:

• Strictly Necessary Cookies: Required for Platform functionality including session authentication, security token management, and fraud prevention. These cannot be disabled without breaking core Platform functions.
• Functional Cookies: Store your preferences such as language settings, display preferences, and game lobby filters to improve your experience across sessions.
• Analytics Cookies: Collect aggregated, anonymized data about how players use the ph68 Platform to identify technical issues and improve performance. Individual player activity is not sold or shared.
• Session Replay Cookies: Used on a sampled basis to record anonymized platform interactions for debugging and UX improvement purposes. No payment or credential data is captured.

8.2 You may manage cookie preferences through your browser settings. Please note that disabling Strictly Necessary Cookies will impair or prevent your ability to log in to ph68 and use core Platform features.

8.3 ph68 does not use third-party advertising cookies or cross-site tracking technologies for behavioral advertising purposes.

9Data Retention

9.1 ph68 retains personal data for no longer than is necessary for the purposes for which it was collected, subject to the following minimum retention periods required by Philippine law:

• Account and Identity Data: Retained for a minimum of 5 years from the date of Account closure, as required by PAGCOR regulations and the Anti-Money Laundering Act for gaming operator record-keeping.
• KYC Documents: Retained for a minimum of 5 years from the date of Account closure or the last transaction, whichever is later, in compliance with AMLC record-keeping requirements.
• Transaction and Financial Records: Retained for a minimum of 5 years from the date of each transaction, as required under AMLA and BIR regulations.
• Gaming Activity Logs: Retained for a minimum of 3 years for responsible gaming monitoring and dispute resolution purposes.
• Customer Support Records: Retained for 3 years from the date of the last interaction.
• Technical and Device Logs: Retained for 12 months, after which they are anonymized or deleted.
• Self-Exclusion Records: Retained indefinitely for responsible gaming compliance purposes, even following Account closure.

9.2 Upon expiry of the applicable retention period, personal data is securely deleted, destroyed, or anonymized in accordance with ph68's Data Disposal and Destruction Policy.

10Data Security Measures

10.1 ph68 implements appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, loss, or destruction. These measures include:

• 256-bit SSL/TLS encryption for all data in transit between your device and ph68 servers
• AES-256 encryption for sensitive personal data and financial records stored at rest
• Multi-factor authentication controls for all internal access to production systems containing personal data
• Role-based access controls (RBAC) limiting employee access to personal data on a strict need-to-know basis
• Continuous security monitoring, intrusion detection systems, and automated threat response
• Regular independent penetration testing and vulnerability assessments by certified third-party security firms
• Encrypted backup systems with geographic redundancy within the Philippines and in certified data centers
• Formal data breach response procedures including mandatory NPC notification within 72 hours of discovery of a qualifying breach

10.2 Notwithstanding the foregoing, no security system is impenetrable. ph68 cannot guarantee absolute security of your personal data against all possible threats. Players are encouraged to safeguard their own Account credentials, enable two-factor authentication, and contact ph68 immediately upon suspecting any unauthorized activity on their Account.

11Your Data Subject Rights

11.1 Under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data held by ph68. These rights are exercisable free of charge unless a request is manifestly unfounded or excessive:

11.2 To exercise any of the rights listed above, submit a written request to ph68's Data Protection Officer using the contact details in Section 16. ph68 will respond within 15 business days of receiving a verified request. In complex cases, this period may be extended by a further 30 days with written notice.

11.3 ph68 may require identity verification before processing data subject rights requests to protect against unauthorized requests.

12Children and Minors

12.1 The ph68 Platform is strictly intended for adults aged 21 years and above in accordance with PAGCOR regulations and Philippine law governing online gambling.

12.2 If you are a parent or guardian and believe your minor child has registered on the ph68 Platform, please contact ph68 support immediately via Live Chat or at the email address in Section 16.

13Marketing Communications

13.1 With your explicit consent, ph68 may send you promotional communications including bonus offers, free spin notifications, new game announcements, and VIP programme updates via SMS to your registered Philippine mobile number and/or email address.

13.2 You may withdraw your marketing consent at any time by:

• Updating your communication preferences in your ph68 Account settings;
• Clicking the unsubscribe link included in any marketing email; or
• Contacting ph68 support via Live Chat or email.

13.3 Withdrawal of marketing consent does not affect ph68's ability to send you transactional communications — such as deposit confirmations, withdrawal notifications, security alerts, and mandatory policy updates — which are sent on the basis of contractual necessity and legal obligation, not consent.

13.4 ph68 does not send marketing communications to players who have activated a self-exclusion, cooling-off period, or account restriction under ph68's Responsible Gaming tools.

14Cross-Border Data Transfers

14.1 ph68 processes and stores personal data primarily within the Philippines. Certain service providers engaged by ph68 — including game studio partners, cloud infrastructure providers, and KYC verification services — may process personal data in other countries as part of their service delivery.

14.2 Where personal data is transferred outside the Philippines, ph68 ensures that appropriate safeguards are in place, including:

• Binding contractual clauses in data processing agreements imposing privacy obligations equivalent to those required under the Philippine DPA;
• Transfer only to jurisdictions with an adequate level of data protection as recognized by the NPC; and
• Additional technical safeguards such as encryption and access controls during transmission.

14.3 Cross-border transfers of ph68 player data are limited to what is strictly necessary for service delivery and are never made to countries without adequate protection unless safeguards as described above are in place.

15Policy Changes and Updates

15.1 ph68 reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, PAGCOR regulations, or NPC guidance.

15.2 The current version of this Policy, together with its effective date and version number, is always available at ph68.asia/privacy-policy.

15.3 Where changes are material — affecting the nature of data collected, the purposes of processing, your rights, or third-party sharing arrangements — ph68 will notify registered players via SMS or email to their registered contact details at least 7 days before the changes take effect.

15.4 Your continued use of the ph68 Platform after the effective date of any updated Policy constitutes your acknowledgment of the changes. If you do not accept the revised Policy, you should cease using the Platform and request Account closure.

16Contact Us and Data Protection Officer

16.1 For any questions, concerns, or requests related to this Privacy Policy or the processing of your personal data by ph68, you may contact us through the following channels:

• Live Chat Support: Available 24/7 directly on the ph68 Platform. Average response time under 2 minutes. Select "Privacy / Data Request" as the topic.
• DPO Email (plain text — not a clickable link): [email protected] — Subject line: "Data Privacy Request – [Your Account Username]"

16.2 All formal data subject rights requests must be submitted in writing to the DPO email address above. ph68 will verify your identity before processing any request to access, correct, or delete personal data.

16.3 If you are not satisfied with ph68's response to your privacy concern, you have the right to file a complaint with the National Privacy Commission of the Philippines.