phgold Privacy Policy

1. Introduction

phgold ("the Company", "we", "us", or "our") operates the online gaming platform accessible at phgold.co, which provides casino games, live dealer tables, bingo, slots, and related entertainment services to registered Filipino players. In the course of operating this Platform, phgold collects and processes personal data relating to Players, prospective Players, and visitors to the Platform.

This Privacy Policy ("Policy") sets out in full how phgold collects, uses, stores, discloses, and protects personal information. It applies to all personal data processed in connection with your use of the phgold Platform, regardless of whether you access it via desktop browser, mobile browser, or any other supported interface.

By registering a phgold Account or continuing to use the Platform after this Policy has been made available to you, you acknowledge that you have read and understood this Policy. If you do not agree to the data practices described herein, please do not register an Account or use the Platform.

2. Data Controller

For the purposes of the Philippine Data Privacy Act of 2012 (RA 10173) and its Implementing Rules and Regulations, phgold is the personal information controller responsible for the personal data of registered Players and Platform visitors. Our designated Data Protection Officer (DPO) can be contacted using the details provided in Section 15 of this Policy.

phgold is registered with the National Privacy Commission (NPC) of the Philippines and complies with all applicable data protection requirements mandated by RA 10173, PAGCOR regulations, Republic Act No. 9160 (Anti-Money Laundering Act) as amended, and other applicable Philippine laws governing the collection and processing of personal information.

3. Personal Data We Collect

phgold collects the following categories of personal data in connection with Account registration, verification, gameplay, and platform operation:

3.1 Identity & Registration Data

• Full legal name as it appears on a valid Philippine government-issued identification document
• Date of birth (for mandatory 21+ age verification under PAGCOR regulations)
• Gender (optional, for personalisation purposes)
• Nationality and country of residence
• Registered email address and chosen username
• Philippine mobile number (for account verification and two-factor authentication)
• Copies of government-issued ID submitted for KYC verification (e.g., SSS, UMID, Passport, PhilSys ID, Driver's License, PRC ID, Voter's ID)

3.2 Financial & Transaction Data

• GCash mobile number and transaction references (for GCash deposits and withdrawals)
• Maya / PayMaya account identifiers and transaction references
• Online banking account details (e.g., BPI, BDO, Metrobank — account name and masked account number for verification purposes)
• Deposit history, withdrawal records, and complete transaction log within your phgold Account
• Bonus claims, wagering records, and balance adjustments

3.3 Gaming Activity Data

• Game session logs including games played, bets placed, outcomes, and session duration
• Responsible gaming settings applied to your Account (deposit limits, session timers, self-exclusion status)
• Promotional participation history and loyalty points records

3.4 Technical & Device Data

• IP address and approximate geolocation derived from IP data
• Device type, operating system, browser type and version
• Unique device identifiers
• Platform access timestamps and session duration logs
• Cookie data and similar tracking technologies (see Section 9)

3.5 Communications Data

• Records of customer support interactions, including live chat transcripts and email correspondence
• Complaint records and resolution notes
• Your marketing communication preferences

4. How We Collect Personal Data

phgold collects personal data through the following means:

• Direct submission: Information you provide during Account registration, KYC verification document upload, deposit and withdrawal requests, support contact, and promotional opt-ins.
• Automated technical collection: Data collected automatically when you access the phgold Platform, including IP address, device identifiers, browser data, and gameplay logs — collected via server logs, cookies, and session tracking technology.
• Payment processors: Transaction references and payment verification data shared by phgold's payment processing partners (GCash, Maya, banks) in connection with deposit and withdrawal processing.
• Identity verification providers: Data returned from third-party KYC and identity verification services engaged by phgold to verify the accuracy of documents you submit.
• Anti-fraud and compliance systems: Data generated by phgold's internal anti-fraud, anti-money laundering (AML), and responsible gaming monitoring systems in the course of monitoring account activity for regulatory compliance.

5. Purposes & Legal Basis for Processing

phgold processes your personal data for the following purposes, each supported by a corresponding legal basis under RA 10173:

• Account creation and management — necessary for the performance of the Player Account agreement between you and phgold.
• Age verification (21+ enforcement) — processing is necessary for compliance with PAGCOR regulations and to fulfil phgold's legal obligations under Philippine gaming law.
• Payment processing — necessary for performance of the contractual obligation to process deposits and withdrawals denominated in PHP.
• Anti-money laundering (AML) and fraud prevention compliance — processing is necessary for compliance with RA 9160 (AMLA) as amended, PAGCOR AML directives, and related legal obligations.
• Responsible gaming monitoring — necessary for phgold's legal obligations under PAGCOR responsible gaming regulations, including enforcement of deposit limits, session controls, and self-exclusion orders.
• Customer support — necessary for the performance of the Player Account agreement and to fulfil phgold's legitimate interest in resolving player queries and complaints efficiently.
• Platform improvement and analytics — based on phgold's legitimate interest in improving platform performance and user experience, using aggregated and, where possible, anonymised data.
• Direct marketing communications — based on your explicit consent at registration or as subsequently provided. You may withdraw consent at any time by updating your communication preferences within your phgold Account settings.
• Regulatory reporting — required by PAGCOR, the AMLC (Anti-Money Laundering Council), the NPC, and other competent Philippine authorities.

6. Sharing of Personal Data

phgold does not sell, rent, or trade your personal data to any third party for their own commercial purposes. phgold may share your personal data with the following categories of recipients, solely to the extent necessary for the purposes identified in this Policy:

• Payment service providers: GCash, Maya, PayMaya, BPI, BDO, Metrobank, InstaPay, and other Philippine payment processors, for the purpose of processing your deposits and withdrawals.
• KYC and identity verification providers: Third-party identity verification and document authentication services engaged by phgold to verify Player identities and satisfy PAGCOR KYC requirements.
• Game software providers: Licensed game studios and live casino operators that power the games on the phgold Platform. These providers may receive technical session data necessary to operate the games.
• Anti-fraud and AML screening providers: Third-party services that assist phgold in screening transactions and account activity for fraud, money laundering, and sanctions compliance.
• Regulatory authorities: PAGCOR, the AMLC, the NPC, the Bureau of Internal Revenue (BIR), and law enforcement or judicial authorities where disclosure is required by applicable Philippine law or a lawful order.
• IT and cloud infrastructure providers: Third-party hosting and infrastructure providers that support phgold's platform operations, bound by data processing agreements requiring confidentiality and security standards equivalent to or higher than those in this Policy.

7. Data Retention

phgold retains personal data only for as long as necessary to fulfil the purposes for which it was collected, subject to the minimum retention periods required by applicable Philippine law:

• Active Account data: Retained for the full duration of your phgold Account and for five (5) years following Account closure, in compliance with PAGCOR record-keeping requirements.
• Transaction and financial records: Retained for a minimum of five (5) years following the date of each transaction, as required by RA 9160 (AMLA) and PAGCOR AML directives.
• KYC verification documents: Retained for a minimum of five (5) years following Account closure.
• Support and communications records: Retained for three (3) years from the date of the last interaction, or for the duration of any related unresolved dispute.
• Technical logs and cookies: Retained for up to twelve (12) months from collection, unless a longer period is required for fraud investigation or regulatory compliance.

Following the expiry of applicable retention periods, phgold will securely delete or anonymise personal data in accordance with its data lifecycle management procedures.

8. Data Security

phgold implements industry-standard technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, loss, or destruction. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and phgold's servers
• Encryption of sensitive data at rest within phgold's database systems
• Access controls restricting internal access to personal data on a strict need-to-know basis, with full audit logging of access events
• Multi-factor authentication requirements for phgold staff accessing systems containing personal data
• Regular penetration testing and vulnerability assessments conducted by independent third-party security specialists
• Incident response procedures aligned with NPC Circular 16-03 requirements for personal data breach notification

9. Cookies & Tracking Technologies

phgold uses cookies and similar tracking technologies on its Platform for the following purposes:

• Strictly necessary cookies: Required for the Platform to function, including session authentication, login state maintenance, and security tokens. These cannot be disabled.
• Functional cookies: Remember your preferences such as language settings, responsible gaming limits display, and game lobby layout configuration.
• Analytics cookies: Collect aggregated, anonymised data on how Players navigate and use the Platform, enabling phgold to identify and fix usability issues and improve the player experience.
• Anti-fraud cookies: Assist phgold's security and AML monitoring systems in identifying unusual or suspicious account activity patterns.

phgold does not use third-party advertising or retargeting cookies. You may manage your cookie preferences through your browser settings, noting that disabling strictly necessary cookies will impair Platform functionality. A cookie consent notice is presented to new visitors and allows management of non-essential cookie categories.

10. Your Data Subject Rights

Under the Philippine Data Privacy Act of 2012 (RA 10173), you have the following rights in relation to your personal data held by phgold:

• Right to be Informed: You have the right to be informed of how your personal data is being collected, processed, and used — which is the primary purpose of this Policy.
• Right of Access: You may request a copy of the personal data phgold holds about you, together with information about how it is being processed.
• Right to Rectification: You may request correction of any inaccurate or incomplete personal data held in your phgold Account.
• Right to Erasure or Blocking: You may request deletion or blocking of your personal data where it is no longer necessary for the purpose for which it was collected, subject to phgold's legal retention obligations under PAGCOR and AMLA regulations.
• Right to Object: You may object to the processing of your personal data for direct marketing purposes at any time by updating your communication preferences in your Account settings.
• Right to Data Portability: You may request your personal data in a structured, commonly used, machine-readable format where technically feasible.
• Right to File a Complaint: You have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines if you believe phgold has processed your personal data in violation of RA 10173.

To exercise any of these rights, please submit a written request to phgold's Data Protection Officer using the contact details in Section 15. phgold will respond to all data subject requests within fifteen (15) business days of receipt, subject to identity verification. Some rights may be limited by phgold's legal obligations, including PAGCOR record-keeping requirements and AMLA compliance duties.

11. Minors

If phgold becomes aware that personal data has been collected from an individual under 21 years of age, that Account will be immediately and permanently suspended, all associated data will be securely deleted to the extent not required to be retained for regulatory purposes, and the incident will be documented in accordance with phgold's compliance procedures.

If you are a parent or guardian and believe that a minor in your care has registered a phgold Account, please contact us immediately using the details in Section 15 so that appropriate action can be taken without delay.

12. Third-Party Links

The phgold Platform may contain links to third-party websites, services, or resources — for example, to payment service provider portals such as GCash or Maya. phgold is not responsible for the privacy practices, data collection activities, or content of any third-party sites. Your use of any third-party platform linked from phgold is governed solely by that third party's own privacy policy and terms of service. phgold recommends reviewing the privacy policies of any third-party services you access in connection with your phgold Account.

13. International Data Transfers

phgold's primary data processing infrastructure is located within the Philippines. Where phgold engages third-party service providers — such as cloud infrastructure, KYC verification, or game software providers — that may process data outside the Philippines, phgold ensures that appropriate safeguards are in place, including contractual data processing agreements that impose data protection standards equivalent to those required under RA 10173.

phgold does not transfer personal data to jurisdictions that do not provide an adequate level of data protection without first putting in place appropriate contractual protections, in compliance with NPC guidelines on cross-border data transfers.

14. Amendments to This Policy

phgold reserves the right to update this Privacy Policy from time to time to reflect changes in applicable Philippine law, PAGCOR regulatory requirements, NPC guidance, or phgold's data processing practices. Material changes will be communicated to registered Players by email to the address on file and/or through a prominent notice on the Platform prior to the effective date of the amendment.

The effective date at the top of this Policy will be updated each time the Policy is revised. Your continued use of the phgold Platform following notification of material amendments constitutes acceptance of the revised Policy. If you do not agree to the revised Policy, you must cease using the Platform and may request Account closure.

15. Contact & Data Protection Officer

For any questions about this Privacy Policy, to exercise your data subject rights under RA 10173, or to report a suspected data breach, please contact phgold's Data Protection Officer:

For concerns related to data protection compliance that are not resolved to your satisfaction through phgold's internal process, you may file a complaint with the National Privacy Commission (NPC) of the Philippines, accessible at privacy.gov.ph.