ph282 Privacy Policy

1. Data Controller

ph282 is the data controller responsible for the personal data collected through the ph282 platform. As data controller, ph282 determines the purposes and means of processing personal data collected via ph282.vip and all associated services.

ph282 operates under the regulatory oversight of PAGCOR (Philippine Amusement and Gaming Corporation) and processes personal data in accordance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173, "DPA"), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission ("NPC").

ph282 has appointed a Data Protection Officer ("DPO") responsible for overseeing compliance with applicable data privacy obligations. Contact details for the ph282 DPO are provided in Section 13 of this Policy.

2. Personal Data We Collect

ph282 collects the following categories of personal data from members and users of the platform:

ph282 does not intentionally collect sensitive personal information such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data unless specifically required by law or regulatory mandate (e.g., facial verification as part of government-mandated KYC procedures).

3. How We Collect Your Data

ph282 collects personal data through the following means:

• Direct collection: Data you provide during account registration, KYC submission, deposit/withdrawal requests, contact form submissions, or live chat interactions with ph282 support.
• Automated collection: Technical and gaming activity data collected automatically as you use the ph282 platform, including through cookies, session tracking, and server logs. See Section 7 for details on cookies.
• Third-party sources: Identity verification data from PAGCOR or third-party KYC verification providers; payment confirmation data from GCash, PayMaya, BPI, BDO, Metrobank, Visa, and Mastercard processors; fraud screening data from anti-fraud partners.

4. Purposes of Processing

ph282 processes your personal data for the following purposes:

• Account management: Creating, maintaining, and administering your ph282 member account, including authentication and account security.
• Identity verification (KYC): Verifying your identity and age (21+) in compliance with PAGCOR requirements and Philippine anti-money laundering law.
• Payment processing: Processing deposits, withdrawals, and refunds; reconciling transactions; detecting and preventing payment fraud.
• Platform delivery: Delivering games, promotions, bonuses, and all platform features to you as a ph282 member.
• Customer support: Responding to your queries, resolving disputes, and providing technical assistance.
• Legal and regulatory compliance: Meeting ph282's obligations under PAGCOR regulation, the Philippine Anti-Money Laundering Act, the DPA, and other applicable Philippine law, including reporting requirements.
• Responsible gaming: Operating deposit limits, self-exclusion tools, and other responsible gaming features; detecting problematic gambling patterns where ph282 is obligated to intervene.
• Security and fraud prevention: Detecting, investigating, and preventing fraud, cheating, money laundering, unauthorized account access, and other prohibited conduct.
• Platform improvement: Analyzing aggregated usage data to improve the ph282 platform, game selection, and user experience. This analysis uses anonymized or pseudonymized data where possible.
• Marketing communications (with consent): Sending promotional offers, bonus notifications, and updates to members who have opted in to marketing communications. You may withdraw consent at any time through your ph282 account settings.

5. Legal Basis for Processing

Under the Philippine Data Privacy Act, ph282 relies on the following legal bases for processing personal data:

• Contract performance: Processing necessary to fulfil ph282's contractual obligations to you as a member — including account management, payment processing, and game delivery.
• Legal obligation: Processing required to comply with PAGCOR licensing conditions, Philippine AML law (RA 9160 as amended), the DPA (RA 10173), and other applicable Philippine regulatory requirements.
• Legitimate interests: Processing for fraud prevention, platform security, responsible gaming monitoring, and aggregate analytics, where ph282's interests do not override your fundamental privacy rights.
• Consent: Processing for optional purposes such as marketing communications, where ph282 relies on your explicit, freely given consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.

6. Sharing Your Personal Data

ph282 does not sell, rent, or trade your personal data. ph282 may share your personal data with the following categories of third parties, strictly on a need-to-know basis and subject to appropriate data processing agreements:

• Game providers: Licensed game providers (e.g., JILI, Evolution, Pragmatic Play) receive limited technical data (session tokens, account identifiers) necessary to deliver game services. Game providers do not receive your full identity or financial data.
• Payment processors: GCash, PayMaya, BPI, BDO, Metrobank, Visa, and Mastercard processors receive financial data necessary to process your transactions. Payment processors operate under their own privacy policies and applicable Philippine financial regulations.
• KYC and identity verification providers: Third-party KYC providers receive identity documentation for verification purposes only. Verified status is returned to ph282; raw documentation is handled in accordance with the provider's DPA-compliant data processing agreement with ph282.
• Regulatory authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other competent Philippine government authorities, where ph282 is legally required to disclose data.
• Law enforcement: Philippine law enforcement agencies where ph282 is required to disclose data pursuant to a valid legal order, warrant, or regulatory directive.
• Technology and infrastructure providers: Cloud hosting, cybersecurity, and platform technology partners who process data on ph282's behalf under strict data processing agreements that prohibit independent use of the data.

ph282 requires all third-party processors to implement appropriate technical and organizational security measures and to process personal data only in accordance with ph282's documented instructions.

7. Cookies & Tracking Technologies

ph282 uses cookies and similar tracking technologies on ph282.vip to provide platform functionality, maintain session security, analyze usage, and deliver relevant promotions to members who have opted into marketing communications.

7.1 Types of Cookies Used

• Strictly necessary cookies: Required for ph282 platform functionality — including login session management, security tokens, and payment processing state. These cannot be disabled without rendering the platform non-functional.
• Analytics cookies: Aggregate, anonymized data about how members navigate ph282.vip, used to improve platform design and performance. No individually identifying data is stored in analytics cookies.
• Preference cookies: Store your language, display, and notification preferences so ph282 can remember your settings across sessions.
• Marketing cookies (with consent only): Used to deliver relevant promotions to opted-in members. These are only set where you have provided explicit consent.

7.2 Managing Cookies

You may manage cookie preferences through your browser settings. Disabling strictly necessary cookies will impair your ability to use the ph282 platform. Disabling analytics or marketing cookies will not affect your ability to play games or make transactions.

8. Data Security

ph282 implements appropriate technical and organizational security measures to protect your personal data against unauthorized access, accidental loss, destruction, alteration, or disclosure. These measures include:

• Transport Layer Security (TLS) encryption for all data transmitted between your device and ph282's servers.
• Encryption of sensitive data at rest, including financial account details and identity document copies.
• Role-based access controls restricting access to personal data to ph282 staff who require it for their specific job function.
• Multi-factor authentication on ph282 internal systems that process personal data.
• Regular security assessments and penetration testing of the ph282 platform.
• Staff training on data privacy obligations and secure data handling practices.

No data transmission over the internet or electronic storage method is completely secure. While ph282 applies all reasonable measures to protect your data, ph282 cannot guarantee absolute security. In the event of a personal data breach that poses a real risk of serious harm to affected individuals, ph282 will notify the National Privacy Commission and affected members in accordance with NPC breach notification requirements.

9. Data Retention

ph282 retains personal data for the following periods, or longer where required by law:

• Account and identity data: Retained for the duration of your ph282 membership and for a minimum of five (5) years after account closure, in compliance with PAGCOR record-keeping requirements and Philippine AML law.
• Financial transaction records: Retained for a minimum of five (5) years from the date of the transaction, as required under the Philippine Anti-Money Laundering Act.
• Gaming activity logs: Retained for a minimum of three (3) years from the date of the activity, for dispute resolution and regulatory audit purposes.
• Support communications: Retained for two (2) years from the date of closure of the relevant support interaction, for quality assurance and dispute resolution.
• Marketing consent records: Retained for the period of consent plus one (1) year after withdrawal of consent, to demonstrate compliance with DPA consent requirements.

After the applicable retention period expires, ph282 will securely delete or anonymize your personal data in accordance with its data disposal procedures.

10. Your Data Privacy Rights

Under the Philippine Data Privacy Act, you have the following rights with respect to your personal data processed by ph282:

• Right to be informed: The right to know how ph282 collects, uses, and shares your personal data — addressed by this Privacy Policy.
• Right of access: The right to request a copy of the personal data ph282 holds about you and information about how it is being processed.
• Right to rectification: The right to request correction of inaccurate or incomplete personal data ph282 holds about you.
• Right to erasure: The right to request deletion of your personal data where it is no longer necessary for the purpose it was collected, subject to ph282's legal retention obligations under PAGCOR and AML regulations.
• Right to object: The right to object to the processing of your personal data for marketing purposes or on grounds of legitimate interests. Where you object to marketing processing, ph282 will cease such processing immediately.
• Right to data portability: The right to receive your personal data in a structured, commonly used format and to have it transmitted to another data controller where technically feasible.
• Right to lodge a complaint: The right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines if you believe ph282 has processed your personal data in violation of the DPA.

To exercise any of the above rights, please contact ph282's Data Protection Officer using the contact details in Section 13. ph282 will respond to verified rights requests within 15 business days in accordance with NPC guidelines. ph282 may require identity verification before processing a data rights request.

11. Minors

ph282 is strictly for individuals aged 21 years and above under PAGCOR regulations. ph282 does not knowingly collect personal data from individuals under the age of 21. Age verification is a mandatory part of the ph282 account registration and KYC process.

If ph282 discovers that a minor has created a ph282 account or submitted personal data through ph282.vip, ph282 will immediately suspend the account, delete the personal data, and report the incident to PAGCOR as required. If you have reason to believe that a minor has registered on ph282, please contact ph282 support immediately via live chat at ph282.vip.

12. Changes to This Privacy Policy

ph282 reserves the right to update or revise this Privacy Policy at any time to reflect changes in applicable law, NPC guidance, PAGCOR requirements, or ph282's data processing practices. When material changes are made, ph282 will:

• Publish the updated Privacy Policy at ph282.vip/privacy-policy with a revised "Last Updated" date.
• Notify active ph282 members of material changes via the email address or mobile number registered to their ph282 account, where required by the DPA.

Your continued use of the ph282 platform following notification of policy changes constitutes your acknowledgment of the updated Privacy Policy. If you do not accept the revised Policy, you must discontinue use of the ph282 platform and may request account closure.

13. Contact & Data Protection Officer

For questions, concerns, or requests relating to this Privacy Policy or ph282's data processing practices — including the exercise of your DPA rights — please contact the ph282 Data Protection Officer:

You also have the right to lodge a complaint directly with the National Privacy Commission of the Philippines (NPC) if you are not satisfied with ph282's response to your privacy concern. NPC contact information is available on the NPC's official government website.