Data Privacy

php888 Privacy Policy

This Privacy Policy explains how php888 collects, processes, stores, and protects your personal information when you use the php888 platform at php888.biz. It is written in compliance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations.

1. Data Controller
2. Data We Collect
3. How We Use Your Data
4. Legal Basis
5. Data Sharing
6. International Transfers
7. Data Retention
8. Security Measures
9. Cookies & Tracking
10. Your Rights
11. Minors
12. Third-Party Links
13. Policy Changes
14. Contact & DPO

Effective Date: June 2026 | Version 2.4

Summary for Filipino Players: php888 collects your personal data only for the purposes of operating your account, processing payments, verifying your identity as required by PAGCOR and AMLC, and keeping you informed about promotions you have consented to receive. Your data is never sold to third parties for commercial purposes. This Policy explains your rights under Philippine law and how to exercise them.

1. Data Controller

1.1 The data controller responsible for your personal information is php888, the operator of the online gaming platform accessible at https://php888.biz ("Platform", "we", "us", "our").

1.2 php888 is licensed by the Philippine Amusement and Gaming Corporation (PAGCOR) and is subject to the regulatory oversight of PAGCOR, the National Privacy Commission (NPC) of the Philippines, and the Anti-Money Laundering Council (AMLC).

1.3 As a personal information controller (PIC) under the Philippine Data Privacy Act of 2012 (DPA), php888 is legally responsible for ensuring that personal data collected from you is processed lawfully, fairly, and with transparency. A Data Protection Officer (DPO) has been appointed and can be contacted using the details in Section 14 of this Policy.

2. Personal Data We Collect

2.1 php888 collects the following categories of personal data:

2.1.1 Identity & Contact Data

Full legal name as it appears on a valid Philippine government-issued ID;
Date of birth (for mandatory 21+ age verification);
Philippine residential address;
Mobile phone number (used for account registration and OTP verification);
Email address;
Government ID number and ID document images (for KYC).

2.1.2 Financial Data

GCash account number (linked to your registered Philippine mobile number);
Maya (PayMaya) account details;
Philippine bank account details (BPI, BDO, Metrobank, etc.) when used for withdrawals;
Cryptocurrency wallet address (for USDT TRC20 transactions);
Transaction history: deposits, withdrawals, amounts, dates, and payment methods.

2.1.3 Gaming Activity Data

Game session logs: games played, wagers placed, results, session start and end times;
Account balance history;
Bonus activation and wagering progress records;
Responsible gaming tool settings (deposit limits, loss limits, self-exclusion records).

2.1.4 Technical & Device Data

IP address and approximate geolocation at time of login;
Device type, operating system, and browser version;
Mobile network carrier;
Session cookies and analytics identifiers (see Section 9).

2.1.5 Communications Data

Live chat transcripts and support ticket history;
Email correspondence with php888 support;
Records of promotional communications you have received and your response to them.

Data Minimisation Principle: php888 collects only the data that is strictly necessary for the purposes described in Section 3. We do not collect sensitive personal information (as defined under the DPA) beyond what is required for KYC identity verification and responsible gaming compliance.

3. How We Use Your Personal Data

3.1 php888 processes your personal data for the following purposes:

Purpose	Data Used	Legal Basis
Account registration and management	Identity, contact, device data	Contract performance
KYC identity and age verification	Identity data, government ID images	Legal obligation (PAGCOR, AMLC)
Processing deposits and withdrawals	Financial data, transaction history	Contract performance
AML transaction monitoring	Financial data, gaming activity, identity	Legal obligation (AMLC / RA 9160)
Responsible gaming compliance	Gaming activity, responsible gaming settings	Legal obligation (PAGCOR)
Customer support	Communications data, account data	Contract performance
Fraud prevention and security	Technical data, financial data, identity	Legitimate interest
Promotional communications	Contact data, gaming activity	Consent
Platform analytics and improvement	Technical data, gaming activity (aggregated)	Legitimate interest
Regulatory reporting	All categories as required	Legal obligation (PAGCOR, NPC, AMLC)

4. Legal Basis for Processing

4.1 Under the Philippine Data Privacy Act, php888 processes your personal data under one or more of the following lawful bases:

Contract Performance: Processing is necessary to fulfil the Terms and Conditions you agreed to when creating your php888 account — including account management, payment processing, and gameplay services.
Legal Obligation: Processing is required to comply with applicable Philippine laws, including the PAGCOR regulatory framework, the Anti-Money Laundering Act (RA 9160 as amended), and the Data Privacy Act (RA 10173).
Legitimate Interest: Processing is necessary for the legitimate interests of php888, including fraud prevention, platform security, and aggregate analytics — where these interests are not overridden by your rights and interests as a data subject.
Consent: For specific processing activities such as marketing communications, php888 will obtain your explicit consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.

5. Data Sharing & Disclosure

5.1 php888 does not sell your personal data to third parties for commercial purposes. Your data may be shared in the following limited circumstances:

5.1.1 Service Providers (Personal Information Processors)

php888 engages third-party service providers who process data on our behalf under written data processing agreements. These include: payment processors (GCash/GXI, Maya/Paymaya, banking partners), KYC verification providers, game software providers (who operate game logic on our platform), cloud hosting and CDN infrastructure providers, and customer support software vendors. These processors are contractually bound to process your data only on php888's instructions and in compliance with the DPA.

5.1.2 Regulatory Authorities

php888 is required to disclose data to PAGCOR, the AMLC, the National Privacy Commission, the Bureau of Internal Revenue (BIR), and other competent Philippine government authorities when required by law, court order, or regulatory directive.

5.1.3 Fraud Prevention & Legal Protection

php888 may share data with law enforcement, other regulated gaming operators, or fraud prevention services when there is a reasonable and documented suspicion of criminal activity, fraud, or AML violations.

Your data is never: sold to marketers, shared with unauthorised third parties for commercial gain, used to build marketing profiles for non-php888 products, or transferred to parties outside the Philippines except as described in Section 6.

6. International Data Transfers

6.1 Some of php888's service providers (including game software providers and cloud infrastructure vendors) may process data outside the Republic of the Philippines. Where such transfers occur, php888 ensures they are conducted in compliance with Section 21 of the DPA, which requires that the receiving jurisdiction provides an adequate level of data protection, or that appropriate contractual safeguards (such as standard contractual clauses) are in place.

6.2 php888 maintains a register of international data transfers and can provide details of these arrangements upon request by contacting our DPO (see Section 14).

7. Data Retention

7.1 php888 retains your personal data for as long as is necessary to fulfil the purposes described in this Policy, subject to applicable legal minimum retention periods:

KYC and identity documents: Minimum 5 years from account closure, as required by PAGCOR regulations and the AMLC;
Transaction records: Minimum 5 years from the date of each transaction, in compliance with AML obligations;
Gaming session logs: 2 years from the session date, extendable in the event of a dispute;
Communications records: 2 years from the last communication;
Marketing consent records: Until consent is withdrawn, plus 3 years for evidence of prior consent.

7.2 Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised so that it can no longer be linked to an identifiable individual.

8. Security Measures

8.1 php888 implements appropriate technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

Encryption in transit: All data transmitted between your device and php888 servers is encrypted using TLS 1.3 / 256-bit SSL;
Encryption at rest: Sensitive personal data and financial records are encrypted in storage;
Access controls: Access to personal data is restricted on a need-to-know basis, with role-based access controls and multi-factor authentication for all administrative systems;
Penetration testing: Regular third-party security assessments of the Platform and its infrastructure;
Incident response: A documented data breach response procedure compliant with the NPC's 72-hour mandatory breach notification requirement under the DPA;
Staff training: All php888 personnel with access to personal data receive regular data privacy and security training.

8.2 Despite these measures, no internet-based platform can guarantee absolute security. You are responsible for maintaining the security of your own Account credentials and for notifying php888 immediately if you suspect unauthorised access.

9. Cookies & Tracking Technologies

9.1 php888 uses cookies and similar tracking technologies on the Platform for the following purposes:

Essential cookies: Required for the Platform to function, including session management, authentication, and security. These cannot be disabled without impairing Platform functionality.
Functional cookies: Remember your preferences (such as language settings and preferred game categories) to personalise your experience.
Analytics cookies: Collect aggregated, anonymised data about Platform usage to improve performance and user experience. php888 uses this data internally and does not share it with external analytics platforms in an individually identifiable form.
Security cookies: Detect and prevent fraudulent logins, bot activity, and account takeover attempts.

9.2 php888 does not use advertising or cross-site tracking cookies. No third-party advertising networks have access to your browsing data through the php888 Platform.

9.3 You may manage cookie preferences through your browser settings. Disabling essential cookies will impair your ability to log in and use the Platform. Disabling functional and analytics cookies will not prevent access to the Platform.

10. Your Data Subject Rights

10.1 Under the Philippine Data Privacy Act (RA 10173), you have the following rights with respect to your personal data held by php888:

Right to Be Informed

You have the right to know what personal data php888 holds about you, for what purposes it is processed, with whom it is shared, and how long it is retained. This Privacy Policy is our primary mechanism for fulfilling this right.

Right to Access

You may request a copy of the personal data php888 holds about you. Requests can be made by contacting our DPO at the details in Section 14. php888 will respond within 15 business days.

Right to Correction

If any personal data php888 holds about you is inaccurate or incomplete, you have the right to request its correction. Identity data corrections may require re-submission of KYC documents.

Right to Erasure / Blocking

You may request the deletion or blocking of your personal data where it is no longer necessary for the purposes it was collected, or where processing is unlawful. This right is subject to overriding legal retention obligations (e.g., PAGCOR and AMLC 5-year retention requirements for KYC and transaction data).

Right to Object

You have the right to object to processing of your personal data for direct marketing purposes at any time. You may also object to processing based on legitimate interest where you have grounds relating to your particular situation. Objection to essential processing (e.g., KYC, payment processing) may require Account closure.

Right to Data Portability

You may request a copy of your personal data in a commonly used, structured, machine-readable format for transfer to another service. This right applies to data provided directly by you and processed by automated means on the basis of consent or contract.

Right to Lodge a Complaint

If you believe php888 has processed your personal data in violation of the DPA, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines at privacy.gov.ph. You may also first contact php888's DPO to attempt resolution directly.

11. Minors

11.1 The php888 Platform is strictly prohibited for individuals under 21 years of age. php888 does not knowingly collect or process personal data from persons under 21.

11.2 If php888 discovers that personal data has been collected from a person under 21 years of age, the relevant Account will be immediately suspended, the data will be deleted in accordance with applicable law, and any associated funds will be subject to review.

11.3 If you are a parent or guardian and believe your child has registered on the php888 Platform, please contact our DPO immediately at the contact details in Section 14 so we can investigate and take appropriate action.

12. Links to Other Websites

12.1 The php888 Platform may contain links to third-party websites for reference purposes (for example, links to PAGCOR or the NPC in this Policy). These sites are not operated by php888 and are governed by their own privacy policies.

12.2 php888 is not responsible for the privacy practices of external websites. We encourage you to review the privacy policies of any third-party site you visit.

13. Changes to This Privacy Policy

13.1 php888 may update this Privacy Policy periodically to reflect changes in our data practices, applicable law, or PAGCOR regulatory requirements. Material changes will be communicated to registered Players via email or in-platform notification at least 7 days before the changes take effect.

13.2 The effective date of the current version of this Policy is stated at the top of the page. The most current version is always available at https://php888.biz/privacy-policy. Continued use of the Platform after the effective date of any updated Policy constitutes your acknowledgement of the changes.

14. Contact & Data Protection Officer

php888 has appointed a Data Protection Officer (DPO) in compliance with Section 21(c) of the Philippine Data Privacy Act. To exercise any of the rights described in Section 10, to ask questions about this Policy, or to report a privacy concern:

Email: [email protected] (mark the subject line: "Data Privacy Request")
Live Chat: Available 24/7 in-platform after login — request to be connected to the DPO team
Response time: Privacy requests will be acknowledged within 48 hours and resolved within 15 business days

NPC Registration: php888 has registered its data processing activities with the National Privacy Commission (NPC) of the Philippines as required under NPC Circular No. 17-01. Players have the right to escalate unresolved privacy complaints to the NPC at privacy.gov.ph.

Your Privacy at php888 — At a Glance

Six commitments that define how php888 handles your personal information.

Never Sold, Never Shared for Profit

php888 does not sell, rent, or licence your personal data to marketers or data brokers. Your information exists to operate your account and comply with Philippine law — full stop.

256-bit Encryption

All data in transit between your device and php888's servers is protected by TLS 1.3 encryption. Sensitive stored data — including KYC documents and financial records — is encrypted at rest.

Full DPA Compliance

php888 operates in full compliance with the Philippine Data Privacy Act of 2012 (RA 10173), including DPO appointment, NPC registration, and documented breach response procedures.

Minimal Data Collection

php888 follows the data minimisation principle — we collect only what is strictly necessary to operate your account, verify your identity, process your payments, and comply with PAGCOR regulations. Nothing more.

Clear Retention Limits

Your data is not kept indefinitely. php888 follows documented retention schedules aligned with PAGCOR, AMLC, and DPA requirements. When the retention period expires, data is securely deleted or anonymised.

NPC Complaint Right

If you believe your privacy rights have been violated, you have the legal right to escalate to the National Privacy Commission of the Philippines. php888's DPA compliance means this formal recourse is always available to you.