Privacy Policy
ph962 Casino — How We Handle Your Data

1. Introduction & Data Controller Identity

1.1  ph962 ("ph962", "we", "our", "us") is the data controller responsible for the personal data of its registered users collected through the ph962 Platform. As a PAGCOR-licensed online gaming platform operating in the Philippines, ph962 processes personal data in accordance with the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and all relevant issuances of the National Privacy Commission.

1.2  ph962 has designated a Data Protection Officer (DPO) responsible for overseeing compliance with applicable data privacy laws and handling data subject requests. Contact details for the ph962 DPO are provided in Section 15 of this Policy.

1.3  ph962 operates exclusively for users physically located in the Philippines who are 21 years of age or older, in compliance with PAGCOR's licensing conditions. This Policy applies to all interactions with the ph962 Platform, including account registration, KYC submission, gameplay, deposits, withdrawals, and customer support communications.

2. Personal Data We Collect

2.1  ph962 collects the following categories of personal data in connection with your use of the Platform:

2.1 Identity and Contact Data

• Full legal name as it appears on your government-issued identification;
• Date of birth;
• Current residential address in the Philippines;
• Philippine mobile telephone number;
• Email address;
• Government-issued identification document (type, number, issuing authority, and photographic copy) submitted for KYC verification purposes.

2.2 Financial Data

• GCash account number and registered name (where GCash is used as a payment method);
• Maya account details (where Maya is used as a payment method);
• Bank account details including account name, account number, and bank branch (where bank transfer is used);
• Payment card details processed through our certified payment gateway (card number, expiry — ph962 does not store full CVV data);
• Cryptocurrency wallet addresses (where USDT is used);
• Transaction history including deposit amounts, withdrawal amounts, dates, and payment method used;
• Source of funds documentation submitted in connection with enhanced due diligence (EDD) procedures.

2.3 Gaming and Account Activity Data

• Wager history, game session logs, and win/loss records;
• Bonus claims and wagering requirement completion records;
• Self-imposed responsible gaming limits, cooling-off periods, and self-exclusion requests;
• Account login times, session durations, and account activity logs;
• Customer support interaction records including live chat transcripts and email correspondence.

2.4 Technical and Usage Data

• Internet Protocol (IP) address;
• Device type, operating system, and browser type and version;
• Geolocation data (country/region level) derived from IP address for compliance verification;
• Cookie identifiers and session tokens (see Section 5);
• Referring URLs and navigation paths within the ph962 Platform.

3. How We Collect Your Data

3.1  ph962 collects personal data through the following means:

• Directly from you — when you register an account, complete KYC, make a deposit or withdrawal, contact support, respond to a survey, or interact with any feature of the Platform that requires you to provide information;
• Automatically through the Platform — technical and usage data is collected automatically through cookies, session tokens, server logs, and analytics tools as you navigate and use the ph962 Platform (see Section 5);
• From third-party verification partners — identity verification and document authentication data may be supplemented by results from ph962's KYC and AML screening service providers where necessary to fulfil PAGCOR compliance obligations;
• From payment processors — transaction confirmation and payment status data is received from GCash, Maya, and other payment gateway providers in connection with deposits and withdrawals;
• From publicly available sources — in connection with fraud prevention and AML screening, ph962 may cross-reference data against publicly available records including sanctions lists, politically exposed persons (PEP) databases, and adverse media sources.

4. Purposes & Legal Bases for Processing

4.1  The table below sets out the specific purposes for which ph962 processes personal data, together with the applicable legal basis under the Data Privacy Act of 2012:

4.2  ph962 will not use your personal data for any purpose that is incompatible with those listed above without first obtaining your consent or establishing an alternative legal basis under applicable Philippine law.

5. Cookies & Tracking Technologies

5.1  ph962 uses cookies and similar tracking technologies to operate the Platform and to improve the user experience. Cookies are small text files stored on your device when you visit the Platform.

5.2  ph962 uses the following categories of cookies:

• Strictly Necessary Cookies: Essential for the operation of the Platform, including session authentication, CSRF protection, and maintaining your login state. These cookies cannot be disabled without affecting your ability to use the Platform.
• Functional Cookies: Remember your preferences such as language settings, preferred game categories, and responsible gaming limit configurations.
• Analytics Cookies: Used to collect anonymised or aggregated data about how users navigate the Platform, which pages are visited most frequently, and where errors occur — enabling ph962 to improve performance and usability. ph962 uses only privacy-compliant analytics tools.
• Security Cookies: Assist in fraud detection, anomalous login detection, and session management for account security purposes.

5.3  ph962 does not use third-party advertising cookies or behavioural tracking cookies for cross-site advertising purposes. ph962 does not participate in advertising networks that profile users across multiple websites.

5.4  You may configure your browser to refuse all or certain cookies. However, disabling strictly necessary cookies will impair or prevent your ability to log in to and use the ph962 Platform.

6. How We Share Your Data

6.1  ph962 does not sell, rent, or transfer your personal data to third parties for their own commercial purposes. Personal data is shared only with the following categories of recipients, and only to the extent necessary for the stated purpose:

• KYC and Identity Verification Partners: Third-party service providers engaged to perform automated or manual identity document verification and age confirmation in connection with ph962's PAGCOR-mandated KYC obligations;
• Payment Processing Partners: GCash (operated by G-Xchange, Inc.), Maya (operated by PayMaya Philippines, Inc.), BPI, BDO, Metrobank, Visa/Mastercard acquiring banks, and USDT blockchain infrastructure — as necessary to process your deposits and withdrawals;
• Game Software Providers: Licensed game studios whose content is integrated into the ph962 Platform may receive session data necessary for game operation, including wager amounts, game round identifiers, and RNG results. These providers do not receive your identity or payment data;
• Regulatory Authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other competent Philippine government authorities — as required by law, regulation, court order, or lawful government directive;
• Professional Advisers: Legal counsel, auditors, and compliance consultants engaged by ph962 under appropriate confidentiality obligations;
• IT Infrastructure Providers: Hosting, cloud services, and cybersecurity partners who process data on ph962's behalf under contractual data processing agreements that require them to maintain confidentiality and security standards equivalent to those of ph962.

7. International Data Transfers

7.1  ph962's primary data processing operations are conducted within the Philippines. However, certain service providers (including game software studios and cloud infrastructure partners) may process data on servers located outside the Philippines.

7.2  Where personal data is transferred outside the Philippines, ph962 ensures that such transfers comply with Section 21 of the Data Privacy Act of 2012. This includes obtaining contractual commitments from recipients to maintain data protection standards at least equivalent to Philippine requirements, and ensuring the transfer serves a legitimate purpose compatible with the original basis for collection.

7.3  ph962 does not transfer personal data to jurisdictions that do not provide adequate data protection without first implementing appropriate safeguards such as standard contractual clauses approved by the NPC or obtaining your explicit consent where required.

8. Data Security

8.1  ph962 implements technical and organisational security measures designed to protect personal data against unauthorised access, disclosure, alteration, loss, or destruction. These measures include, but are not limited to:

• 256-bit SSL/TLS encryption for all data in transit between your device and ph962's servers;
• Encryption at rest for sensitive data categories including government ID documents and payment credentials;
• Role-based access controls limiting employee access to personal data to those with a legitimate operational need;
• Multi-factor authentication requirements for ph962 staff accessing internal systems containing personal data;
• Regular penetration testing and vulnerability assessments of ph962's platform infrastructure;
• Incident response procedures covering detection, containment, and notification of personal data breaches in accordance with NPC reporting requirements.

8.2  Notwithstanding these measures, no internet-based platform can guarantee absolute security. ph962 encourages users to protect their own accounts by using strong, unique passwords, enabling two-factor authentication, and not sharing login credentials with any third party.

9. Data Retention

9.1  ph962 retains personal data for the periods necessary to fulfil the purposes for which it was collected, or as required by applicable legal and regulatory obligations. The following general retention principles apply:

• Account and KYC data: Retained for a minimum of five (5) years following the closure or deactivation of your ph962 account, in accordance with Anti-Money Laundering Act (AMLA, RA 9160 as amended) obligations;
• Transaction records: Retained for a minimum of five (5) years following each transaction, as required by AMLA and PAGCOR regulatory requirements;
• Gaming session logs: Retained for a minimum of three (3) years following the relevant session, for dispute resolution and regulatory audit purposes;
• Customer support records: Retained for three (3) years following resolution of the relevant support interaction;
• Technical and usage data (anonymised analytics): Retained in anonymised or aggregated form for up to two (2) years for platform improvement purposes;
• Marketing consent records: Retained until consent is withdrawn, plus one (1) year thereafter to demonstrate consent history.

9.2  Upon expiry of the applicable retention period, personal data will be securely deleted or anonymised in accordance with ph962's data disposal procedures. Where retention is required by ongoing legal proceedings, regulatory investigation, or regulatory audit, data will be retained until those proceedings are concluded.

10. Your Rights as a Data Subject

10.1  Under the Data Privacy Act of 2012, you have the following rights with respect to your personal data held by ph962:

• Right to be Informed: The right to be notified of the fact and nature of personal data being collected about you, the purpose of processing, and how your data is used — which this Policy fulfils;
• Right of Access: The right to obtain from ph962 a copy of the personal data we hold about you, together with information about the purposes and legal bases for processing;
• Right to Rectification: The right to request that ph962 correct any inaccurate or incomplete personal data held about you without undue delay;
• Right to Erasure or Blocking: The right to request that ph962 delete or block your personal data where it is no longer necessary for the purpose for which it was collected, where consent has been withdrawn and there is no other legal basis, or where processing is unlawful — subject to ph962's overriding legal obligations to retain data;
• Right to Object: The right to object to the processing of your personal data where ph962 relies on legitimate interest as the legal basis, including processing for direct marketing purposes;
• Right to Data Portability: The right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit that data to another controller where technically feasible;
• Right to Lodge a Complaint: The right to file a complaint with the National Privacy Commission (NPC) of the Philippines if you believe ph962 has processed your personal data in violation of the Data Privacy Act of 2012.

10.2  To exercise any of the rights listed above, please contact ph962's Data Protection Officer using the contact details provided in Section 15. ph962 will respond to all verified data subject requests within thirty (30) calendar days of receipt, in accordance with NPC timelines. Identity verification may be required before processing your request.

10.3  Some data subject rights are subject to limitations under applicable law. For example, the right to erasure cannot override ph962's obligation to retain transaction records for the minimum period required by AMLA and PAGCOR regulations.

11. Children & Minors Under 21

11.1  ph962 does not knowingly collect personal data from individuals under the age of 21. PAGCOR's mandatory minimum age for access to any licensed gambling platform in the Philippines is 21 years. ph962 enforces this requirement through mandatory age verification during the KYC process.

11.2  If ph962 discovers that personal data has been collected from a person under the age of 21, the associated account will be immediately and permanently closed, all collected personal data will be deleted to the extent permitted by law, and the matter will be referred to PAGCOR in accordance with ph962's regulatory obligations.

12. Marketing Communications

12.1  With your consent, ph962 may send you promotional communications regarding new games, bonuses, tournaments, and other platform features via email or SMS to your registered contact details.

12.2  Marketing consent is separate from your agreement to ph962's Terms and Conditions, and is not required to use the Platform. You may withdraw your consent to receive marketing communications at any time by updating your preferences in the account settings section of your ph962 dashboard, or by following the unsubscribe instructions in any marketing email sent to you.

12.3  Withdrawal of marketing consent will not affect the lawfulness of any processing carried out prior to withdrawal, nor will it affect your ability to continue using the ph962 Platform. Operational communications (such as transaction confirmations, security alerts, KYC notifications, and responsible gaming alerts) are not marketing communications and will continue regardless of your marketing consent status.

12.4  ph962 does not share your contact details with third parties for the purpose of direct marketing by those third parties.

13. Third-Party Links

13.1  The ph962 Platform may contain references to third-party service providers (such as payment processors and game studios) whose privacy practices are governed by their own privacy policies, separate from this Policy. ph962 is not responsible for the privacy practices or content of third-party websites or services accessed in connection with ph962's payment or game partners.

13.2  When you interact with GCash, Maya, or any bank payment interface in connection with a ph962 deposit or withdrawal, your interaction with that payment interface is governed by the privacy policy of the respective payment service provider. ph962 recommends that you review those policies independently.

14. Changes to This Privacy Policy

14.1  ph962 reserves the right to update or amend this Privacy Policy at any time to reflect changes in applicable law, NPC or PAGCOR regulatory guidance, operational changes, or enhancements to ph962's data practices. Material changes will be notified to registered users via in-platform notification upon next login or by email to the registered address.

14.2  The date of the most recent update is always displayed at the top of this Policy. ph962 recommends that you review this Policy periodically. Continued use of the Platform following the effective date of any revised Policy constitutes your acceptance of those changes.

14.3  Where a proposed amendment would represent a materially less favourable treatment of your personal data than described in the version of this Policy in force at the time of your registration, ph962 will seek your explicit consent before implementing those changes with respect to data already collected from you.

15. Contact Information & Data Protection Officer

15.1  All requests relating to your rights as a data subject, privacy-related complaints, or questions about this Policy should be directed to ph962's designated Data Protection Officer:

15.2  If you are not satisfied with ph962's response to your data privacy request or complaint, you have the right to escalate your complaint to the National Privacy Commission (NPC) of the Philippines, which exercises oversight jurisdiction over all personal data controllers operating in or from the Philippines.