Privacy Policy – php288 Casino Philippines

This Privacy Policy ("Policy") describes how php288 ("the Platform," "we," "us," "our") collects, processes, stores, shares, and protects personal information obtained from individuals ("you," "the Data Subject," "Player") who access or use the php288 online gaming platform at php288.co, including any associated mobile applications and communication channels.

This Policy is issued in compliance with Republic Act No. 10173, the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission (NPC) of the Philippines. php288 also processes data in accordance with the requirements of the Philippine Amusement and Gaming Corporation (PAGCOR), the Anti-Money Laundering Act (RA 9160, as amended), and other applicable Philippine statutes.

                How to Read This Policy: This Policy uses plain language wherever possible. Legal terms are defined where introduced. If you have questions about how php288 handles your personal information, contact our Data Protection Officer using the details in Section 15.
              

1

Introduction and Scope

This Policy applies to all personal information collected by php288 in connection with the registration, operation, and management of player accounts on the php288 Platform, as well as information collected through customer support interactions, marketing communications, and any other channel through which you interact with php288.

This Policy applies to all users of the php288 Platform globally, but is specifically designed to address the rights of Filipino data subjects under the Data Privacy Act of 2012 and its implementing regulations. Where the Platform is accessed from outside the Philippines, this Policy remains the governing privacy framework.

This Policy does not apply to third-party websites, services, or platforms that may be linked to or from the php288 Platform. php288 is not responsible for the privacy practices of any third-party operator, including game software providers whose games are hosted within the php288 lobby.

2

Data Controller Identity

For the purposes of the Data Privacy Act of 2012, php288 is the Personal Information Controller (PIC) in respect of personal data collected through the php288 Platform. php288 determines the purposes for which and the means by which personal data is processed.

Certain third-party service providers engaged by php288 — including payment processors, game providers, and identity verification services — act as Personal Information Processors (PIPs) when handling personal data on behalf of php288 and under php288's documented instructions. php288 ensures that all PIPs are bound by contractual data processing agreements that require compliance with the DPA.

The php288 Data Protection Officer (DPO) is the primary point of contact for all data privacy matters. The DPO's contact details are provided in Section 15 of this Policy.

3

Personal Data We Collect

php288 collects the following categories of personal data, grouped by type and collection stage:

3.1 Registration & Identity Data

Full legal name (as it appears on a government-issued Philippine ID)
Date of birth (used for 21+ age verification per PAGCOR requirements)
Philippine mobile number (primary account identifier)
Email address
Username and encrypted password
Nationality and country of residence

3.2 KYC & Verification Documents

Copies of government-issued Philippine ID (Passport, SSS/UMID, Driver's License, PhilSys National ID, Voter's ID, PRC ID, or Postal ID)
Selfie photographs with ID document
Proof of address documents (e.g., utility bill, bank statement, barangay certificate)
Source of funds documentation (where required by AML compliance)

3.3 Financial & Transaction Data

GCash mobile number, Maya account reference, or bank account details linked to your php288 account
Transaction history: all deposits, withdrawals, bets placed, bonuses credited, and winnings received
Payment method tokens (we do not store full card or account numbers — these are held by payment processors)

3.4 Gaming & Behavioral Data

Game session logs: timestamps, game titles, bet amounts, outcomes
Session duration and active hours patterns
Bonus usage and wagering requirement progress
Responsible gaming settings (deposit limits, self-exclusion status, session alerts)

3.5 Technical & Device Data

IP address and geolocation data (country/region level)
Device type, operating system, browser type and version
Cookie identifiers and session tokens
Network connection type (WiFi, mobile data, carrier)

3.6 Communications Data

Support chat transcripts (live chat, Messenger, Viber)
Email correspondence with php288
Complaint records and resolution history
Survey and feedback responses (where voluntarily provided)

                Sensitive Personal Information: Government ID numbers, biometric data derived from selfie verification, and financial account details constitute Sensitive Personal Information under the DPA. php288 applies enhanced protection measures to these data categories, including stricter access controls, additional encryption layers, and a higher standard of processing justification.
              

4

How We Collect Personal Data

php288 collects personal data through the following channels and methods:

Directly from you during account registration, KYC document upload, deposit and withdrawal requests, and communications with our support team.
Automatically through the Platform's technical infrastructure — cookies, server logs, session tracking, and analytics tools — when you access and navigate php288.co or the mobile application.
From payment providers including GCash, Maya, and Philippine banks — limited to transaction confirmation data necessary for reconciling your php288 account balance.
From identity verification service providers engaged for KYC compliance — biometric comparison results and document authenticity scores.
From PAGCOR and regulatory bodies — where directed by regulatory instruction, including data received through the PAGCOR self-exclusion registry.
From fraud detection services — risk scores and flags generated by third-party anti-fraud systems based on behavioral patterns and device fingerprinting.

5

Purposes of Data Processing

php288 processes your personal data for the following specific purposes:

Purpose	Data Categories Used
Account creation and management	Registration data, identity data
Age and identity verification (KYC)	KYC documents, registration data, biometric data
Processing deposits and withdrawals	Financial data, identity data
Operating games and recording outcomes	Gaming data, account data
AML monitoring and reporting	Financial data, transaction data, identity data
Fraud detection and platform security	Technical data, behavioral data, financial data
PAGCOR regulatory compliance	All categories as required
Customer support and complaint resolution	Communications data, account data
Responsible gaming monitoring	Gaming data, behavioral data, responsible gaming settings
Bonus management and promotion delivery	Account data, gaming data, financial data
Marketing communications (with consent)	Registration data, behavioral data, gaming preferences
Platform analytics and improvement	Technical data, behavioral data (aggregated/anonymized)

6

Legal Bases for Processing

Under the Data Privacy Act of 2012, php288 must have a valid legal basis for each data processing activity. The applicable legal bases are:

Contract performance: Processing necessary to provide the php288 Platform and fulfill our obligations under the Terms and Conditions, including account management, game operation, payment processing, and customer support.
Legal obligation: Processing required to comply with the DPA, PAGCOR regulations, the Anti-Money Laundering Act, and other applicable Philippine law — including KYC verification, AML monitoring, and regulatory reporting.
Legitimate interests: Processing necessary for fraud prevention, platform security, responsible gaming monitoring, and aggregated analytics to improve platform performance, provided such interests are not overridden by your rights and freedoms.
Consent: Processing for direct marketing and promotional communications, where we have obtained your prior, informed, and freely given consent. You may withdraw this consent at any time by updating your communication preferences in Account Settings.

7

Data Sharing & Disclosure

php288 does not sell your personal data. We share personal data only in the following circumstances and only to the extent strictly necessary for the stated purpose:

7.1 Service Providers (Personal Information Processors)

php288 engages third-party service providers who process personal data on our behalf under written data processing agreements requiring DPA compliance. These include: payment gateway operators (GCash / GXI, Maya / Paymaya Philippines, BancNet, partner banks); identity verification and KYC service providers; game software providers (who may receive anonymized session data); customer support platform operators; fraud detection and cybersecurity service providers; and cloud infrastructure providers.

7.2 Regulatory and Law Enforcement Authorities

php288 will disclose personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission, or any other competent Philippine government authority where required by law, regulation, court order, or regulatory directive. We will endeavor to notify you of any such disclosure to the extent permitted by law.

7.3 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of php288's assets, personal data held by php288 may be transferred to the acquiring entity, subject to the same data protection obligations set forth in this Policy. We will notify affected players of any such transfer.

7.4 With Your Consent

php288 may share your personal data with third parties not described above if you have provided prior, specific, and informed consent to such sharing.

8

International Data Transfers

Some of php288's service providers — particularly cloud infrastructure providers and certain game software providers — may process personal data on servers located outside the Philippines. Where such transfers occur, php288 ensures that appropriate safeguards are in place to protect your personal data to a standard at least equivalent to that required by the Data Privacy Act of 2012.

Appropriate safeguards for international transfers include: contractual clauses that impose DPA-equivalent data protection obligations on the receiving party; transfers to jurisdictions recognized by the NPC as providing adequate data protection; and binding corporate rules where applicable.

You may request information about the specific safeguards applicable to any international transfer of your personal data by contacting the php288 DPO at the details in Section 15.

9

Data Retention

php288 retains personal data for as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Key retention periods are:

Data Category	Retention Period	Basis
Account registration data	Duration of account + 5 years after closure	PAGCOR regulation; AML Act
KYC documents	Duration of account + 5 years after closure	AML Act (RA 9160); PAGCOR
Financial transaction records	10 years from transaction date	AML Act; tax and regulatory compliance
Game session logs	3 years from session date	PAGCOR audit requirements
Support communications	3 years from last interaction	Dispute resolution; legitimate interest
Marketing preferences	Until consent is withdrawn + 1 year	Consent; DPA compliance
Technical/device logs	90 days from collection	Security; fraud detection

When personal data is no longer required, php288 will securely destroy, delete, or anonymize it in accordance with its data disposal procedures. Anonymized and aggregated data that cannot reasonably be re-identified may be retained indefinitely for statistical and analytical purposes.

10

Security Measures

php288 implements a comprehensive set of technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These include:

Encryption: All data in transit between your browser or app and php288 servers is encrypted using TLS 1.2 or higher (256-bit SSL). Sensitive data at rest is encrypted using AES-256 encryption.
Access controls: Access to personal data is restricted to authorized personnel on a strictly need-to-know basis. All access is logged and subject to periodic review.
Two-factor authentication: php288 staff with access to production systems use multi-factor authentication. Players are strongly encouraged to enable 2FA on their accounts.
Penetration testing: php288's infrastructure undergoes regular third-party penetration testing and vulnerability assessments. Identified vulnerabilities are remediated according to a risk-prioritized schedule.
Incident response: php288 maintains a documented data breach response plan. In the event of a breach affecting your personal data, php288 will notify you and the NPC within 72 hours as required by the DPA.
Payment data security: php288 does not store full payment account numbers or GCash/Maya credentials. Payment data is tokenized and processed directly through PCI-DSS compliant payment processors.

                Your Role in Security: While php288 implements robust technical safeguards, the security of your account also depends on your own practices. Use a unique, strong password; enable 2FA; do not share your credentials; and log out after each session, especially on shared devices. php288 will never ask for your password or 2FA code via chat, SMS, or email.
              

11

Cookies & Tracking Technologies

php288 uses cookies and similar tracking technologies on the Platform to provide essential functionality, improve user experience, and collect aggregated analytics. A cookie is a small text file placed on your device when you access a website; it allows the Platform to recognize your browser across sessions.

Cookie Type	Purpose	Can Be Disabled?
Essential	Maintain your logged-in session, security tokens, load balancing, and basic Platform functionality. The Platform cannot function without these.	No — required for Platform operation
Functional	Remember your language preference, game lobby display settings, and responsible gaming configurations between sessions.	Yes — with reduced personalization
Analytics	Collect aggregated, anonymized usage statistics to understand how players navigate the Platform and identify areas for improvement.	Yes — via cookie consent settings
Security	Detect and prevent fraudulent activity, bot traffic, and unauthorized account access attempts through device fingerprinting and behavioral analysis.	No — required for security

You can manage cookie preferences through the cookie consent tool available on the Platform, or through your browser's cookie management settings. Note that disabling non-essential cookies will not affect your ability to log in and play, but may limit some personalization features.

12

Your Data Subject Rights

Under the Data Privacy Act of 2012, you have the following rights with respect to your personal data held by php288. These rights may be exercised by contacting the php288 Data Protection Officer using the details in Section 15:

👁️

Right to Be Informed

You have the right to be informed that your personal data is being collected and processed, the purposes for collection, and the recipients to whom it may be disclosed. This Policy fulfills this obligation.

📂

Right of Access

You have the right to request a copy of the personal data php288 holds about you, along with information about how it is processed. We will respond to verified access requests within thirty (30) days.

✏️

Right to Rectification

If your personal data is inaccurate, incomplete, or outdated, you have the right to request correction. Basic account information can be updated in your Account Settings; identity-related corrections require DPO contact.

🗑️

Right to Erasure

You may request deletion of personal data that is no longer necessary for the purpose collected, was collected with consent that you have since withdrawn, or was processed unlawfully. This right is subject to legal retention obligations under PAGCOR and AML regulations.

🚫

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. An objection to direct marketing will always be honored immediately. An objection to other legitimate-interest processing will be assessed against our compelling legal grounds.

📦

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller where technically feasible. Requests will be fulfilled within thirty (30) days.

⚖️

Right to Lodge a Complaint

If you believe php288 has violated your rights under the Data Privacy Act, you may lodge a complaint with the National Privacy Commission (NPC) of the Philippines at privacy.gov.ph. We encourage you to contact the php288 DPO first so we can attempt to resolve the matter directly.

To exercise any of the above rights, submit a written request to the php288 Data Protection Officer. We may request verification of your identity before processing your request to protect against unauthorized access to your data.

13

Protection of Minors

The php288 Platform is strictly intended for individuals aged 21 years and above, in compliance with PAGCOR minimum age regulations. php288 does not knowingly collect personal data from any person under the age of 21. The Platform implements age verification procedures at registration and prior to granting withdrawal access.

If php288 becomes aware that personal data has been collected from an individual under the age of 21, it will promptly suspend the associated account, delete the personal data collected, and report the matter to PAGCOR as required by its operating conditions.

If You Suspect Underage Access: If you believe a person under 21 years of age is using the php288 Platform, please contact us immediately at [email protected]. Protection of minors from gambling-related harm is a shared responsibility and php288 takes all such reports seriously.

14

Changes to This Privacy Policy

php288 reserves the right to update or modify this Privacy Policy at any time to reflect changes in our data processing practices, legal obligations, or operational requirements. The "Last Updated" date at the top of this Policy indicates when the most recent revision was made.

For material changes to this Policy — those that significantly affect how your personal data is collected or used, or that reduce your rights as a data subject — php288 will provide at least fourteen (14) days' advance notice via email to your registered address or via a prominent in-platform notification before the changes take effect.

Your continued use of the php288 Platform following the effective date of any revised Privacy Policy constitutes acceptance of the revised terms. If you do not agree with the revised Policy, you must discontinue use of the Platform and may request account closure by contacting our support team.

15

Contact & Data Protection Officer

php288 has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with the Data Privacy Act and this Privacy Policy. The DPO is the primary contact for all data privacy inquiries, data subject rights requests, and privacy concern reports.

Data Protection Officer — php288

Contact method: Live Chat (24/7) on php288.co — request transfer to the DPO
Email: [email protected] — Subject line: "DPO / Privacy Inquiry"
Messenger / Viber: Official php288 channels, available 24/7

php288 will acknowledge all DPO contacts within two (2) business days and provide a substantive response within thirty (30) calendar days of receipt. For complex requests, we may notify you that an extension is required and provide an updated response timeline.

National Privacy Commission of the Philippines

If you are not satisfied with php288's response to your privacy concern, you may contact the National Privacy Commission (NPC) — the Philippines' independent data protection authority — to file a formal complaint. Information about the NPC complaint process is available through official Philippine government resources.

php288 Privacy Policy

How php288 Protects Your Privacy