ph223 Privacy Policy

1. Introduction

1.1 ph223 ("ph223," "we," "us," or "our") is committed to protecting the privacy and personal data of all Members and visitors who access the ph223 platform, including the website at ph223.net and the ph223 mobile application (collectively, the "Platform").

1.2 This Privacy Policy ("Policy") describes how ph223 collects, uses, stores, shares, and protects personal data in connection with the operation of the Platform. It applies to all current and former Members, as well as to visitors who browse the Platform without registering.

1.3 ph223 processes personal data in accordance with the Republic Act No. 10173, also known as the Data Privacy Act of 2012 of the Philippines, its Implementing Rules and Regulations, and all applicable issuances of the National Privacy Commission (NPC). We are committed to upholding the principles of transparency, legitimate purpose, and proportionality in all our data processing activities.

1.4 This Policy should be read together with our Terms & Conditions, which are incorporated herein by reference. Capitalised terms not defined in this Policy have the meanings given to them in the Terms & Conditions.

2. Personal Data We Collect

2.1 ph223 collects the following categories of personal data from Members and Platform visitors:

2.1.1 Identity & Contact Data

• Full legal name, date of birth, and gender;
• Residential address (including city, province, and postal code);
• Email address and mobile phone number;
• Government-issued identification documents (e.g., Philippine passport, SSS ID, PhilSys National ID, driver's licence, UMID) submitted for KYC verification purposes.

2.1.2 Financial Data

• GCash or PayMaya account details (mobile number linked to the account);
• BPI, BDO, Metrobank, or other bank account details where provided for withdrawal purposes;
• Transaction history, including deposit amounts, withdrawal amounts, and dates;
• Wagering history and game activity records.

2.1.3 Technical & Usage Data

• IP address, device type, operating system, and browser type;
• Login timestamps, session duration, and pages visited;
• Geolocation data (where permitted by your device settings);
• Cookies and similar tracking technologies (see Section 10).

2.1.4 Communications Data

• Records of communications between you and ph223 customer support, including live chat transcripts and email correspondence;
• Survey responses and feedback submitted through the Platform.

2.2 ph223 does not intentionally collect sensitive personal information beyond what is strictly necessary for identity verification and regulatory compliance. Where sensitive information is collected (such as government ID numbers), it is handled with the highest level of care and security.

3. How We Collect Your Data

3.1 ph223 collects personal data through the following means:

• Direct submission: Information you provide when registering for an account, completing KYC verification, making deposits or withdrawals, contacting customer support, or participating in promotions;
• Automated collection: Technical and usage data collected automatically when you access or use the Platform, including through cookies, web beacons, and server logs;
• Third-party sources: Information received from payment processors (such as GCash and PayMaya), identity verification service providers, fraud prevention agencies, and regulatory bodies such as PAGCOR, where permitted by applicable law.

4. Purpose of Processing

4.1 ph223 processes your personal data for the following purposes:

• Account management: To create, maintain, and administer your ph223 Member account;
• Identity verification (KYC): To verify your identity and age (21+) in compliance with PAGCOR regulations and anti-money laundering (AML) requirements;
• Transaction processing: To process deposits, withdrawals, and other financial transactions on the Platform;
• Service delivery: To provide access to games, betting markets, promotions, and other Platform features;
• Customer support: To respond to your enquiries, complaints, and requests for assistance;
• Regulatory compliance: To comply with our obligations under Philippine law, PAGCOR licensing conditions, and AML/CTF regulations;
• Fraud prevention and security: To detect, investigate, and prevent fraudulent activity, money laundering, and other illegal conduct;
• Responsible gaming: To monitor gaming activity and implement responsible gaming measures, including deposit limits and self-exclusion;
• Marketing and promotions: To send you information about ph223 promotions, bonuses, and new features, where you have consented to receive such communications;
• Platform improvement: To analyse usage patterns and improve the functionality, performance, and user experience of the Platform.

5. Legal Basis for Processing

5.1 ph223 processes your personal data on the following legal bases under the Data Privacy Act of 2012:

• Contractual necessity: Processing is necessary for the performance of our contract with you (the Terms & Conditions), including account management, transaction processing, and service delivery;
• Legal obligation: Processing is required to comply with applicable Philippine laws and regulations, including PAGCOR licensing conditions, AML/CTF obligations, and NPC requirements;
• Legitimate interests: Processing is necessary for ph223's legitimate interests in operating a secure, fair, and commercially viable gaming platform, including fraud prevention, security monitoring, and Platform improvement, provided such interests are not overridden by your rights and freedoms;
• Consent: Where we rely on your consent as the legal basis for processing (for example, for direct marketing communications), you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

6. Sharing Your Personal Data

6.1 ph223 does not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may share your personal data with the following categories of recipients, strictly on a need-to-know basis:

• Payment processors: GCash, PayMaya, BPI, BDO, Metrobank, and other payment service providers, for the purpose of processing your financial transactions;
• Identity verification providers: Third-party KYC and AML service providers engaged by ph223 to verify Member identities and screen against sanctions lists;
• Regulatory authorities: PAGCOR, the National Privacy Commission, the Anti-Money Laundering Council (AMLC), and other Philippine government agencies, where required by law or regulatory obligation;
• Law enforcement: Philippine law enforcement agencies, where ph223 is legally required or permitted to disclose personal data in connection with the investigation or prosecution of criminal offences;
• Technology and service providers: Cloud hosting providers, IT security firms, customer support platform providers, and other third-party service providers engaged by ph223 to support Platform operations, all of whom are bound by confidentiality obligations;
• Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of ph223's assets, your personal data may be transferred to the acquiring entity, subject to equivalent privacy protections.

6.2 Where ph223 shares personal data with third-party service providers, we require those providers to implement appropriate technical and organisational security measures and to process personal data only in accordance with ph223's instructions and applicable law.

7. Data Retention

7.1 ph223 retains your personal data for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

7.2 In accordance with PAGCOR licensing conditions and Philippine AML regulations, ph223 is required to retain KYC documentation and transaction records for a minimum period of five (5) years from the date of the relevant transaction or the closure of your account, whichever is later.

7.3 Where personal data is no longer required for any lawful purpose, ph223 will securely delete or anonymise that data in accordance with its internal data retention and disposal procedures.

7.4 Technical and usage data collected through cookies and similar technologies is retained for shorter periods as described in Section 10 of this Policy.

8. Data Security

8.1 ph223 implements appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures include:

• SSL/TLS encryption for all data transmitted between your device and the ph223 Platform;
• Encryption of sensitive data at rest, including financial information and government ID data;
• Role-based access controls limiting access to personal data to authorised personnel only;
• Regular security audits, vulnerability assessments, and penetration testing;
• Multi-factor authentication for administrative access to systems containing personal data;
• Staff training on data privacy and security obligations.

8.2 While ph223 takes all reasonable steps to protect your personal data, no method of electronic transmission or storage is completely secure. ph223 cannot guarantee the absolute security of data transmitted over the internet. You are responsible for keeping your ph223 account credentials confidential and for notifying ph223 immediately if you suspect any unauthorised access to your account.

8.3 In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, ph223 will notify the National Privacy Commission and affected Members in accordance with the requirements of the Data Privacy Act of 2012 and NPC Circular No. 16-03.

9. Your Data Privacy Rights

9.1 Under the Data Privacy Act of 2012, you have the following rights in relation to your personal data held by ph223:

• Right to be informed: The right to be informed of how your personal data is being collected and processed, as set out in this Policy;
• Right of access: The right to request a copy of the personal data ph223 holds about you;
• Right to rectification: The right to request correction of any inaccurate or incomplete personal data ph223 holds about you;
• Right to erasure: The right to request deletion of your personal data, subject to ph223's legal and regulatory retention obligations;
• Right to object: The right to object to the processing of your personal data on grounds relating to your particular situation, or to withdraw consent where processing is based on consent;
• Right to data portability: The right to receive your personal data in a structured, commonly used, and machine-readable format;
• Right to lodge a complaint: The right to lodge a complaint with the National Privacy Commission if you believe ph223 has violated your data privacy rights.

9.2 To exercise any of the above rights, please contact ph223's Data Protection Officer (DPO) using the contact details provided in Section 13 of this Policy. ph223 will respond to all verified data subject requests within fifteen (15) business days of receipt, in accordance with NPC guidelines.

9.3 ph223 may need to verify your identity before processing a data subject request. This is to ensure that personal data is not disclosed to unauthorised parties.

10. Cookies & Tracking Technologies

10.1 ph223 uses cookies and similar tracking technologies (such as web beacons and pixel tags) to enhance your experience on the Platform, to analyse usage patterns, and to support security and fraud prevention functions.

10.2 The following categories of cookies are used on the ph223 Platform:

• Strictly necessary cookies: Essential for the operation of the Platform, including session management and security functions. These cookies cannot be disabled;
• Functional cookies: Used to remember your preferences and settings, such as language and display preferences;
• Analytical cookies: Used to collect anonymised information about how Members use the Platform, to help ph223 improve its services;
• Marketing cookies: Used to deliver relevant promotional content to you, where you have consented to receive marketing communications.

10.3 You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform. Strictly necessary cookies cannot be disabled as they are essential for the Platform to operate.

10.4 Analytical and marketing cookies are retained for a maximum period of twelve (12) months from the date of your last visit to the Platform, after which they are automatically deleted.

11. Protection of Minors

11.1 The ph223 Platform is strictly intended for persons aged 21 years and above. ph223 does not knowingly collect personal data from individuals under the age of 21. If ph223 becomes aware that personal data has been collected from a person under the age of 21, it will take immediate steps to delete that data and close the associated account.

11.2 If you are a parent or guardian and believe that your child under the age of 21 has provided personal data to ph223, please contact us immediately using the details in Section 13 so that we can take appropriate action.

12. Changes to This Privacy Policy

12.1 ph223 reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or regulatory requirements. Where changes are material, ph223 will provide reasonable advance notice to Members via email or a prominent notice on the Platform.

12.2 Your continued use of the ph223 Platform following the effective date of any amendment constitutes your acceptance of the revised Privacy Policy. The "Last Updated" date at the top of this page will always reflect the date of the most recent revision.

12.3 If you do not agree to any changes to this Privacy Policy, you must cease using the Platform and may request account closure in accordance with the Terms & Conditions.

13. Contact Us & Data Protection Officer

13.1 ph223 has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with the Data Privacy Act of 2012 and this Privacy Policy. If you have any questions, concerns, or requests relating to this Policy or the processing of your personal data, please contact our DPO.

13.2 You may reach the ph223 Data Protection Officer and customer support team via email at: [email protected] (plain text — not a clickable link). Our support team is available 24 hours a day, 7 days a week.

13.3 If you are not satisfied with ph223's response to your data privacy concern, you have the right to lodge a complaint with the National Privacy Commission of the Philippines through its official channels.

13.4 ph223 aims to acknowledge all written data privacy enquiries within one (1) business day and to resolve complaints within fifteen (15) business days of receipt.