phl365 Privacy Policy

This Privacy Policy ("Policy") describes how phl365 ("phl365," "we," "us," "our") — the operator of the online gaming platform accessible at https://phl365.club — collects, uses, stores, discloses, and protects the personal data of users ("Player," "User," "you") who access or use the Platform.

phl365 is committed to protecting your privacy and to processing your personal data lawfully, fairly, and transparently in accordance with the Data Privacy Act of 2012 (Republic Act No. 10173) ("DPA"), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission ("NPC") of the Philippines. This Policy also takes into account the data handling requirements imposed by the Philippine Amusement and Gaming Corporation (PAGCOR) and the Anti-Money Laundering Council (AMLC).

By registering for or using phl365, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein. This Policy forms part of, and should be read alongside, phl365's Terms & Conditions.

For the purposes of the Data Privacy Act of 2012, the personal information controller in respect of your data collected through phl365 is:

Our designated Data Protection Officer (DPO) is responsible for overseeing compliance with this Policy and Philippine data protection law. You may contact the DPO directly using the contact details in Section 15 for any privacy-related queries or to exercise your data rights.

phl365 collects the following categories of personal data from players. We collect only what is necessary for the purposes described in Section 5.

phl365 collects personal data through the following channels:

4.1 Directly From You

• When you register for a phl365 account and provide your mobile number and personal details;
• When you complete KYC verification by submitting identity documents;
• When you make deposits or request withdrawals via GCash, PayMaya, or bank transfer;
• When you contact our customer support team via live chat;
• When you set or update responsible gaming limits or account preferences;
• When you respond to player surveys or promotions.

4.2 Automatically Through Platform Use

• Session and login data collected when you access phl365 from any device;
• Gameplay data generated automatically as you use casino, bingo, and slot games;
• Technical data collected via cookies and similar tracking technologies as described in Section 10;
• Device and network data collected for security monitoring and fraud prevention purposes.

4.3 From Third Parties

• Identity verification data from KYC service providers engaged by phl365;
• Payment confirmation data from GCash, PayMaya, and partner banks;
• Fraud and risk signals from anti-fraud screening services;
• Regulatory data requests from PAGCOR or AMLC pursuant to lawful authority.

phl365 processes your personal data for the following purposes, each supported by a lawful basis under the Data Privacy Act of 2012:

5.1 Account Management

Processing necessary to create, maintain, and administer your phl365 account, including login authentication, account settings, and profile updates. Legal basis: Performance of a contract to which you are a party.

5.2 Payment Processing

Processing your GCash, PayMaya, BPI, BDO, and Metrobank transactions — including deposits, withdrawals, and refunds — in Philippine Peso. Legal basis: Performance of a contract; compliance with legal obligations under BSP and AMLC regulations.

5.3 Identity Verification & KYC

Verifying your identity and age (21+) in compliance with PAGCOR licensing requirements and the Anti-Money Laundering Act of 2001 (RA 9160, as amended). Legal basis: Compliance with legal and regulatory obligations.

5.4 Fraud Prevention & Security

Monitoring account activity to detect and prevent fraud, money laundering, bonus abuse, collusion, and unauthorised access. Legal basis: Legitimate interests of phl365 in protecting the security and integrity of the Platform; compliance with legal obligations.

5.5 Customer Support

Responding to queries, resolving disputes, and improving service quality using live chat transcripts and support records. Legal basis: Performance of a contract; legitimate interests.

5.6 Responsible Gaming

Monitoring gaming patterns to identify potential problem gambling behaviour and to administer self-exclusion, cooling-off, and limit-setting tools. Legal basis: Compliance with PAGCOR responsible gaming obligations; legitimate interests.

5.7 Marketing Communications

Sending promotional offers, bonus notifications, and platform updates to your registered Philippine mobile number, where you have opted in. Legal basis: Consent. You may withdraw consent at any time through your account settings or by contacting support. Withdrawal of marketing consent does not affect the lawfulness of prior processing.

5.8 Legal and Regulatory Compliance

Meeting record-keeping, reporting, and disclosure obligations imposed by PAGCOR, AMLC, the NPC, and other competent Philippine authorities. Legal basis: Compliance with legal obligations.

phl365 does not sell, rent, or trade your personal data to any third party for commercial purposes. We share data only in the following circumstances:

6.1 Service Providers (Personal Information Processors)

phl365 engages third-party service providers who process personal data on our behalf under written data processing agreements that require them to maintain confidentiality and to process data only as instructed by phl365. These include:

• Payment processors: GCash (Mynt/GXI), PayMaya (Voyager Innovations), BPI, BDO, and Metrobank for transaction processing;
• KYC/identity verification providers: for age and identity verification pursuant to PAGCOR requirements;
• Game providers: JILI, PG Soft, Pragmatic Play, Evolution, and other licensed game suppliers who receive the minimum data necessary to deliver game functionality;
• Cloud hosting and infrastructure providers: for secure data storage and platform operation;
• Anti-fraud and security providers: for transaction monitoring and fraud detection.

6.2 Regulatory and Law Enforcement Authorities

phl365 will disclose personal data to PAGCOR, AMLC, the National Privacy Commission, or other competent Philippine government authorities where required to do so by law, lawful order, or regulatory obligation. We may also disclose data to law enforcement in connection with the investigation of suspected criminal activity affecting phl365 or its players.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of all or part of phl365's business assets, your personal data may be transferred to the acquiring entity as part of the transaction. We will notify you via your registered mobile number prior to any such transfer and will ensure the acquiring entity is bound by obligations no less protective than this Policy.

Some of phl365's service providers, particularly cloud infrastructure providers and game suppliers, process data on servers located outside the Philippines. Where such international transfers occur, phl365 ensures that:

• The recipient country or organisation provides an adequate level of data protection comparable to that under Philippine law;
• Appropriate contractual safeguards are in place, including data processing agreements that incorporate data protection obligations equivalent to those required under RA 10173;
• Such transfers are disclosed to and, where required, approved by the National Privacy Commission.

The primary data processing for phl365 accounts, transactions, and KYC records is conducted within the Philippines or under NPC-compliant cross-border transfer arrangements. Your core account data is never transferred internationally without the protections described above being in place.

phl365 retains personal data for no longer than is necessary for the purposes for which it was collected, subject to any legal or regulatory minimum retention periods. The following retention schedule applies:

After expiry of the applicable retention period, personal data will be securely deleted or anonymised such that it can no longer be linked to an identifiable individual.

phl365 implements appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, alteration, or disclosure. These measures include:

• Encryption in transit: All data transmitted between your device and phl365 servers is protected by 256-bit SSL/TLS encryption;
• Encryption at rest: Sensitive data including KYC documents and financial records is stored in encrypted form;
• Access controls: Internal access to personal data is restricted to authorised personnel on a strict need-to-know basis, governed by role-based access control policies;
• Password security: Account passwords are stored using industry-standard one-way cryptographic hashing with salting — phl365 staff cannot read your password;
• Two-factor authentication: Available to all phl365 account holders via SMS to their registered Philippine number;
• Security monitoring: Continuous automated monitoring for suspicious access patterns, anomalous transactions, and security incidents;
• Vendor security requirements: All third-party processors engaged by phl365 are required to maintain security standards commensurate with their role.

In the event of a personal data breach that poses a risk to the rights and freedoms of affected players, phl365 will notify the National Privacy Commission within 72 hours of becoming aware of the breach and will notify affected players without undue delay, in accordance with the DPA and NPC Circular 16-03.

phl365 uses cookies and similar session-based tracking technologies solely for the operation and security of the Platform. We do not use third-party advertising cookies or cross-site tracking technologies.

10.1 Essential Cookies

These cookies are strictly necessary for phl365 to function. They maintain your login session, store your language and account preferences, and support security functions such as CSRF protection. These cookies cannot be disabled without breaking core Platform functionality.

10.2 Security Cookies

Used to detect and prevent fraudulent login attempts, session hijacking, and bot activity. These are essential for protecting your phl365 account and cannot be disabled.

10.3 Analytics Cookies

phl365 uses privacy-preserving analytics to understand how players use the Platform — which game categories are popular, where players encounter difficulties, and how the Platform performs on Philippine mobile networks. This data is aggregated and cannot be used to identify individual players. You may opt out of analytics cookies through your browser settings.

phl365 does not use advertising or retargeting cookies. We do not share cookie data with social media platforms, advertising networks, or data brokers.

Under the Data Privacy Act of 2012 (RA 10173) and its Implementing Rules, you have the following rights in respect of your personal data held by phl365. These rights may be exercised by contacting our Data Protection Officer as described in Section 15.

phl365 will respond to all data rights requests within 30 days of receipt. Where a request is complex or numerous, we may extend this period by a further 30 days, in which case we will notify you of the extension and the reason for it within the initial 30-day period.

phl365 is strictly prohibited to individuals under the age of 21 years, in accordance with PAGCOR regulations and applicable Philippine law. phl365 does not knowingly collect personal data from individuals under this age threshold.

Age is verified during the KYC process required before a player's first withdrawal. Where phl365 discovers or reasonably suspects that an account holder is under 21, the account will be immediately suspended, all balances forfeited, and the matter reported to PAGCOR. Any personal data collected from a verified minor will be deleted as soon as practicable following account closure.

The phl365 Platform may contain references to third-party game providers, payment services, or other content. phl365 is not responsible for the privacy practices of any third-party website or service. When you interact with a third-party service (such as your GCash or PayMaya app) to complete a transaction with phl365, that service's own privacy policy governs their use of your data. We encourage you to review the privacy policies of any third-party service you use in connection with phl365.

phl365 reserves the right to update or amend this Privacy Policy from time to time to reflect changes in our data practices, legal obligations, or platform operations. When material changes are made, we will notify registered players by SMS to their registered Philippine mobile number and by a prominent notice on the Platform, prior to the changes taking effect.

The "Last Updated" date at the top of this Policy reflects the date of the most recent revision. Your continued use of phl365 after the effective date of any amendment constitutes your acknowledgement of the updated Policy. If you do not agree to material changes, you may request account closure through our support team.

For any questions, concerns, or requests relating to this Privacy Policy or your personal data rights, please contact phl365's Data Protection Officer through the following channels:

• Live Chat: Available on the phl365 Platform 24 hours a day, 7 days a week. Average response time under 5 minutes.
• Email (DPO): [email protected] — please mark your message "Privacy / DPO Request." Written responses provided within 30 days.

If you are not satisfied with phl365's response to your data privacy concern, you have the right to lodge a complaint directly with the National Privacy Commission of the Philippines. Information on how to file a complaint is available through the NPC's official channels.