php288 Privacy Policy

1 Introduction

php288 ("we," "us," "the Company," "php288") operates as a PAGCOR-licensed online gaming platform accessible to Filipino players across the Philippines. As a Personal Information Controller (PIC) under Philippine Republic Act No. 10173 (the Data Privacy Act of 2012, "DPA") and its Implementing Rules and Regulations, php288 is responsible for the personal data we collect from and about our account holders, visitors, and platform users.

This Privacy Policy governs the collection, processing, storage, disclosure, and disposal of personal information that php288 handles in the course of providing its gaming, payment, customer support, and compliance services. This Policy applies to all personal data collected through the php288 website, its mobile browser interface, and all associated communications channels including live chat, email, and SMS.

By registering an account with php288, you acknowledge that you have read, understood, and consent to the processing of your personal information as described in this Policy. If you do not agree with this Policy, please discontinue your use of the php288 platform and contact us to close your account.

2 Personal Data We Collect

php288 collects personal information through several means: information you provide directly during registration and KYC verification, information generated through your use of the platform, and information received from third-party payment processors and identity verification services. The categories of personal data we collect include:

When you create a php288 account, we collect your full legal name, date of birth, Philippine mobile number, email address, username, and account password (stored in hashed form — never in plain text).

To comply with PAGCOR licensing requirements and Philippine anti-money laundering obligations, php288 collects:

• Government-issued Philippine photo identification (PhilSys National ID, UMID, Passport, Driver's License, SSS ID, GSIS ID);
• Proof of address documentation where required;
• Selfie or liveness verification images where required for identity confirmation;
• Payment method ownership documentation (e.g., screenshot of GCash or Maya account showing your name).

php288 records all deposit and withdrawal transactions, including amounts, timestamps, payment method reference numbers, and transaction status. We do not store complete payment card numbers — only the last four digits and card type for reference purposes.

We collect data about your game sessions, including game titles played, wager amounts, session durations, win/loss outcomes, bonus usage, and responsible gaming tool configurations.

php288 automatically collects technical data when you access the platform, including your IP address, device type and operating system, browser type and version, and session identifiers used for security and fraud prevention purposes.

When you contact php288 support via live chat or email, we retain records of those communications including your messages, our responses, and any attachments or screenshots you share, for quality assurance and dispute resolution purposes.

3 How We Use Your Personal Data

php288 processes your personal data for the following purposes:

4 Legal Basis for Processing

Under the Philippine Data Privacy Act of 2012, php288 relies on the following legal bases for processing your personal information:

• Contractual Necessity: Processing required to fulfil our obligations to you under the php288 Terms & Conditions, including account management, payment processing, and game access;
• Legal Obligation: Processing required to comply with Philippine law, including PAGCOR licensing conditions, the Anti-Money Laundering Act (RA 9160 as amended), the Data Privacy Act (RA 10173), and other applicable regulations;
• Consent: Processing for marketing communications and non-essential analytics, where you have provided informed, voluntary, and specific consent;
• Legitimate Interest: Processing for fraud prevention, platform security, and responsible gaming monitoring, where our legitimate interest does not override your fundamental rights and freedoms.

5 Data Sharing & Disclosure

php288 does not sell your personal data to any third party. We share personal information only in the following limited circumstances:

php288 engages third-party service providers who process personal data on our behalf under written Data Processing Agreements consistent with RA 10173 requirements. These include payment processors (GCash/GXI, Maya, BancNet, Instapay network participants), KYC/identity verification service providers, game software providers (who receive only anonymized session data), and cloud infrastructure providers for platform hosting.

php288 is required by Philippine law to disclose personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), the Bureau of Internal Revenue (BIR), and other competent Philippine government bodies upon lawful request or as mandated by applicable legislation and PAGCOR licensing conditions.

php288 may disclose personal data to Philippine courts, law enforcement agencies, or other legal authorities where required by a valid court order, search warrant, or other lawful legal process issued under Philippine jurisdiction.

In the event of a merger, acquisition, or transfer of all or a material part of php288's business operations, personal data held by php288 may be transferred to the successor entity, subject to equivalent data protection commitments and notification to affected account holders in accordance with RA 10173.

6 Data Retention

php288 retains personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with applicable Philippine legal retention requirements, and to resolve any outstanding disputes. The following retention periods apply as a general guide:

• Account and KYC data: Retained for the duration of account activity plus a minimum of five (5) years after account closure, in compliance with PAGCOR and AMLC requirements under the Anti-Money Laundering Act;
• Financial transaction records: Retained for a minimum of five (5) years from the transaction date;
• Gaming session logs: Retained for a minimum of two (2) years from the date of the session;
• Customer support communications: Retained for two (2) years from the date of the last communication in a support thread;
• Marketing consent records: Retained until withdrawal of consent plus one (1) year for compliance documentation purposes.

After applicable retention periods expire, php288 securely disposes of personal data through industry-standard data destruction methods including cryptographic erasure for digital records.

7 Data Security Measures

php288 implements a multi-layered security framework to protect your personal data against unauthorized access, disclosure, alteration, or destruction. Our security measures include:

• 256-bit TLS/SSL Encryption for all data transmitted between your browser and the php288 platform;
• Encryption at rest for all sensitive personal information and KYC document storage using AES-256 encryption;
• Password hashing using bcrypt or equivalent industry-standard algorithms — account passwords are never stored in plain text;
• SMS Two-Factor Authentication (2FA) for account login from new or unrecognized devices;
• Access controls ensuring that php288 staff access to personal data is restricted to role-specific need and subject to logging and audit;
• Regular security audits and penetration testing of platform infrastructure;
• Fraud monitoring systems that detect and flag anomalous login patterns, transactions, and account behavior in real time.

8 Cookies & Tracking Technologies

php288 uses cookies and similar tracking technologies to operate the platform, maintain session state, detect fraud, and analyze aggregate usage patterns. The following categories of cookies are used:

• Strictly Necessary Cookies: Required for core platform functionality including authentication, session management, and security. These cannot be disabled without impairing platform access;
• Functional Cookies: Used to remember your preferences such as language settings and responsible gaming configurations;
• Analytics Cookies: Used to collect aggregated, anonymized information about how players navigate and use the platform, helping php288 improve its products and services;
• Marketing Cookies: Used where you have consented to receive targeted communications relevant to your php288 activity.

You may manage cookie preferences through your browser settings. Disabling non-essential cookies will not affect your ability to play games or manage your account, although some preference-based features may be less personalized.

9 Your Rights as a Data Subject

As a data subject under Philippine Republic Act No. 10173 (the Data Privacy Act of 2012), you have the following rights with respect to your personal information held by php288:

• Right to be Informed: The right to know that your personal data is being collected and processed, including the purposes and legal bases for processing;
• Right to Access: The right to obtain a copy of the personal data php288 holds about you, subject to reasonable administrative timelines;
• Right to Rectification: The right to request correction of inaccurate, incomplete, or outdated personal data in your php288 account;
• Right to Erasure or Blocking: The right to request deletion or blocking of your personal data where it is no longer necessary for the purposes for which it was collected, subject to php288's legal retention obligations;
• Right to Object: The right to object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interest;
• Right to Data Portability: The right to receive a copy of your personal data in a structured, commonly used, and machine-readable format;
• Right to Lodge a Complaint: The right to file a complaint with the National Privacy Commission (NPC) if you believe php288 has violated your rights under RA 10173.

To exercise any of the above rights, please contact the php288 Data Protection Officer at [email protected] (plain text — not a clickable link). php288 will respond to verified data subject requests within 30 days of receipt.

10 Children's Privacy & Age Restrictions

The php288 platform is strictly intended for persons who are at least twenty-one (21) years of age, in compliance with PAGCOR regulatory requirements for online gaming in the Philippines. php288 does not knowingly collect or process personal information from individuals under the age of 21.

All account registrations are subject to mandatory KYC age verification through government-issued Philippine identification. If php288 discovers that an account has been registered by or on behalf of a person under the age of 21, the account will be immediately suspended, all associated personal data will be deleted to the extent permitted by law, and any deposited funds will be returned to the verified payment method in accordance with applicable PAGCOR guidelines.

If you have reason to believe that php288 has inadvertently collected personal data from a minor, please contact our Data Protection Officer immediately at [email protected] (plain text — not a clickable link).

11 Cross-Border Data Transfers

As an online gaming platform, php288 may transfer certain personal data to third-party service providers located outside the Republic of the Philippines, including cloud infrastructure providers and game software partners who operate international data centers. Any such cross-border transfer of personal data is conducted in compliance with Section 21 of RA 10173 and the NPC's guidelines on cross-border data transfers, including:

• Execution of binding Data Transfer Agreements with recipient organizations that impose data protection obligations equivalent to those required under Philippine law;
• Transfer only to organizations operating in jurisdictions deemed by the NPC to have adequate data protection standards, or subject to equivalent contractual safeguards;
• Limiting transferred data to the minimum necessary for the specific service being provided.

php288 does not transfer personal data to international recipients for marketing purposes without your explicit consent.

12 Changes to This Privacy Policy

php288 reserves the right to update or amend this Privacy Policy from time to time to reflect changes in our data processing practices, applicable Philippine law, PAGCOR requirements, or NPC guidance. When material changes are made, php288 will:

• Update the "Last Updated" date at the top of this Policy;
• Display a notification on the php288 platform dashboard for logged-in account holders;
• Where required by law, seek renewed consent for any new processing activities that go beyond the scope of the original consent provided.

Your continued use of the php288 platform following notification of a Policy update constitutes your acknowledgment of the revised Policy. We encourage you to review this page periodically. If changes are material and you do not agree with them, you have the right to close your account and request erasure of your personal data as permitted under RA 10173 and our data retention obligations.

13 Contact & Data Protection Officer

php288 has designated a Data Protection Officer (DPO) in accordance with Section 21(c) of RA 10173 and NPC Circular 16-01. You may contact the php288 DPO for any privacy-related queries, data subject rights requests, or data breach notifications:

• DPO Email: [email protected] (plain text — not a clickable link; subject line: "Data Privacy Request")
• Live Chat: Available 24/7 via the php288 platform; select "Privacy & Data" as your inquiry category
• Response Time: php288 will acknowledge receipt of data subject requests within 3 business days and provide a substantive response within 30 days

If you believe your rights under RA 10173 have been violated and are not satisfied with php288's response, you have the right to escalate your complaint to the National Privacy Commission (NPC) of the Republic of the Philippines.