ph638 Privacy Policy

1. Data Controller

ph638 ("we," "us," or "our"), operating the online casino and sports betting platform accessible at https://ph638.org, is the data controller responsible for the personal data of players registered on the ph638 platform. ph638 operates under the PAGCOR regulatory framework in the Philippines.

As data controller, ph638 determines the purposes and means of processing personal data collected through the platform. For inquiries related to this Privacy Policy or to exercise your data rights, you may contact our Data Protection Officer (DPO) at the address provided in Section 15 of this Policy.

2. Scope & Application

This Privacy Policy applies to all personal data collected from individuals who:

• Register or apply to register an account on ph638;
• Access or browse the ph638 platform without registering;
• Contact ph638 through support channels including live chat and email;
• Participate in ph638 promotions, surveys, or marketing communications; or
• Interact with ph638 through any digital channel associated with the platform.

This Policy applies regardless of the device or network used to access ph638. By using the ph638 platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms of this Policy, you must not use the ph638 platform.

3. Personal Data We Collect

ph638 collects the following categories of personal data, depending on the nature of your interaction with the platform:

3.1 Registration Data

When you create a ph638 account, we collect:

• Full legal name as it appears on your government-issued ID;
• Date of birth (for age verification — you must be 21 or older);
• Philippine mobile number and/or email address;
• Chosen username and encrypted password hash;
• City and region of residence within the Philippines.

3.2 KYC and Identity Verification Data

To comply with PAGCOR regulations and anti-money laundering obligations under RA 9160, ph638 collects:

• Government-issued ID type and number (PhilSys, UMID, Passport, Driver's License, or SSS ID);
• Front and back scans or photographs of the submitted ID document;
• Selfie photograph for biometric matching purposes where required;
• Source-of-funds documentation for transactions above regulatory thresholds.

3.3 Financial Data

• GCash or PayMaya account number or linked mobile number;
• Bank account details (account number and bank name) for bank transfer transactions;
• Masked card numbers and card type for Visa/Mastercard transactions;
• Transaction history including deposits, withdrawals, and internal transfers.

3.4 Gaming Activity Data

• Game play history including bets placed, game results, and session duration;
• Sports betting selections, wager amounts, and outcomes;
• Bonus redemptions and wagering requirement progress;
• Responsible gaming settings and self-exclusion status.

3.5 Technical and Device Data

• IP address and approximate geographic location;
• Device type, operating system, and browser version;
• Session login timestamps and duration;
• Pages visited and features accessed within the platform.

3.6 Communications Data

• Content of support chat conversations and emails sent to ph638;
• Survey responses and feedback submitted through ph638 channels;
• Records of promotional communications sent to your registered contact details.

4. How We Collect Personal Data

ph638 collects personal data through the following means:

• Directly from you: Information you provide when completing the registration form, submitting KYC documents, making deposits or withdrawal requests, or contacting support.
• Automatically through platform use: Technical and device data collected through server logs, session tracking, and cookies during your use of the ph638 platform.
• From payment processors: Transaction confirmation data received from GCash, PayMaya, BDO, BPI, Metrobank, Visa, and Mastercard when you deposit or withdraw funds.
• From identity verification providers: Verification results returned by third-party KYC service providers engaged by ph638 to assist with document verification and biometric matching.
• From fraud prevention services: Risk scoring data from third-party fraud detection providers used to protect the platform and its players from unauthorized activity.

5. Legal Basis for Processing

ph638 processes personal data on the following legal bases as recognized under Republic Act 10173 (Data Privacy Act of 2012):

6. How We Use Your Personal Data

ph638 uses personal data collected from players for the following purposes:

• Account Services: To create and maintain your ph638 account, authenticate your identity at login, process deposits and withdrawals, and manage your wallet balance.
• Regulatory Compliance: To verify that you are 21 years of age or older, complete KYC identity verification as required by PAGCOR, fulfill anti-money laundering monitoring obligations, and respond to regulatory inquiries.
• Customer Support: To respond to your queries, resolve disputes, process responsible gaming requests including self-exclusion, and communicate service-related updates.
• Security and Fraud Prevention: To detect, investigate, and prevent unauthorized account access, bonus abuse, money laundering, and other forms of fraud or prohibited conduct on the platform.
• Responsible Gaming: To monitor gaming activity for signs of problem gambling, apply player-requested limits and exclusions, and fulfill PAGCOR responsible gaming obligations.
• Platform Improvement: To analyze aggregated usage data to improve game offerings, platform performance, and user experience for Filipino players.
• Marketing (with consent only): To send you promotional offers, bonus notifications, and platform updates through your registered contact details, where you have provided explicit consent. You may withdraw consent at any time through your account settings.

7. Data Sharing & Third-Party Disclosure

ph638 does not sell or transfer personal data to third parties for their own commercial use. Personal data may be shared with the following categories of third parties solely for the purposes described in this Policy:

• Payment Processors: GCash, PayMaya, BDO, BPI, Metrobank, Visa, and Mastercard receive the transaction data necessary to process deposits and withdrawals on your behalf.
• KYC Service Providers: Identity verification platforms receive submitted ID documents and biometric data to verify your identity and age on behalf of ph638.
• Game Providers: Software providers (including Pragmatic Play, PG Soft, Jili, Evolution Gaming, and others) receive the data necessary to deliver game services, including your username and session token. Game providers operate under their own privacy and security frameworks and are contractually bound to protect ph638 player data.
• Regulatory Authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other relevant Philippine government bodies may receive data as required by law, including in connection with regulatory examinations, suspicious transaction reports, and court orders.
• Fraud Prevention Services: Third-party risk and fraud detection providers receive technical and behavioral data to generate risk scores and flag suspicious activity.
• Legal and Professional Advisers: Lawyers, auditors, and compliance consultants engaged by ph638 may have access to personal data on a need-to-know basis subject to professional confidentiality obligations.

8. Cookies & Tracking Technologies

ph638 uses cookies and similar tracking technologies to operate and improve the platform. The following categories of cookies are used:

• Strictly Necessary Cookies: These cookies are required for the platform to function. They maintain your login session, remember your language and currency preferences, and ensure security features operate correctly. These cookies cannot be disabled without disabling core platform functionality.
• Analytical Cookies: These cookies collect aggregated, anonymized data about how players use ph638 — which games are most visited, how navigation is used, and where errors occur. This data is used to improve the platform. No personal identification data is collected through these cookies.
• Functional Cookies: These cookies remember your preferences — such as your preferred deposit method or responsible gaming limit settings — to provide a more personalized experience on return visits.

You may manage cookie preferences through your browser settings. Disabling non-essential cookies will not prevent you from accessing the core ph638 platform but may affect certain preference-based features. ph638 does not use third-party advertising cookies or behavioral tracking cookies that serve advertisements on other websites.

9. Data Retention

ph638 retains personal data for the minimum period necessary to fulfill its stated purposes and comply with applicable regulatory obligations. The following retention periods apply:

Upon expiry of the applicable retention period, personal data is securely deleted or anonymized so that it can no longer be associated with an identifiable individual.

10. Your Data Rights Under RA 10173

As a data subject under the Data Privacy Act of 2012, Filipino players have the following rights in relation to their personal data held by ph638:

• Right to Access: You may request a copy of the personal data ph638 holds about you, together with information about how it is being processed.
• Right to Rectification: You may request correction of inaccurate or incomplete personal data. For account details, many corrections can be made directly through your account settings.
• Right to Erasure: You may request deletion of your personal data where it is no longer necessary for the purposes collected, where you withdraw consent, or where processing was unlawful — subject to overriding regulatory retention obligations.
• Right to Object: You may object to processing of your personal data for direct marketing purposes at any time. You may also object to processing based on legitimate interests.
• Right to Data Portability: You may request a structured, machine-readable copy of the personal data you provided to ph638 where processing was based on consent or contract.
• Right to Damages: You are entitled to claim compensation for damages suffered as a result of inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorizedly used personal data, consistent with RA 10173.
• Right to Complain: If you are not satisfied with ph638's response to a data rights request, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines.

11. Data Security Measures

ph638 implements a comprehensive set of technical and organizational security measures to protect personal data against unauthorized access, accidental loss, destruction, or disclosure:

• TLS/SSL Encryption: All data transmitted between player devices and ph638 servers is encrypted using industry-standard TLS protocols.
• Password Hashing: Passwords are stored as one-way cryptographic hashes. ph638 cannot retrieve your original password — only reset it.
• Two-Factor Authentication: OTP-based login verification provides a second layer of protection for all ph638 accounts.
• Access Controls: Internal access to player personal data is restricted to authorized personnel on a need-to-know basis. All internal data access is logged and audited.
• Regular Security Testing: ph638 conducts periodic security assessments including penetration testing and vulnerability scanning of its platform infrastructure.
• Breach Response Plan: ph638 maintains an incident response plan that includes procedures for containing breaches, notifying affected players, and reporting to the National Privacy Commission within 72 hours where required.

While ph638 takes every reasonable precaution to protect your personal data, no system is completely immune to risk. Players are encouraged to use strong, unique passwords and to report any suspected unauthorized access to their ph638 account immediately via live chat or support email.

12. Children's and Minors' Privacy

The ph638 platform is intended exclusively for individuals aged 21 years and above. ph638 does not knowingly collect, process, or store personal data from individuals under 21 years of age. Registration attempts by individuals who cannot confirm they are 21 or older will be rejected.

If ph638 discovers that personal data has been collected from an individual under the age of 21, that data will be promptly deleted and the associated account closed. Any funds deposited into an underage account will be returned to the payment source after identity verification. If you believe a person under 21 has registered on ph638, please contact support immediately at [email protected] (plain text only — not a link).

13. Cross-Border Data Transfers

Some of ph638's third-party service providers — including game studios, payment technology providers, and KYC platforms — may process data in jurisdictions outside the Philippines. Where such transfers occur, ph638 ensures that:

• The recipient country provides an adequate level of data protection as determined by the NPC, or appropriate contractual safeguards (such as data processing agreements incorporating the NPC's standard contractual clauses) are in place;
• The transfer is limited to the minimum data necessary for the specific service provided; and
• All third-party processors are bound by contractual obligations to maintain security standards equivalent to those required under RA 10173.

ph638 does not transfer player data outside the Philippines for purposes other than those described in this Privacy Policy.

14. Updates to This Privacy Policy

ph638 may update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable law, or PAGCOR regulatory requirements. The "Last Updated" date at the top of this Policy reflects the most recent revision.

Where updates are material — meaning they significantly affect your rights or the way we process your personal data — ph638 will notify registered players via email to their registered address at least fourteen (14) days before the changes take effect. For non-material updates, the revised Policy will be published on ph638.org and will take effect upon publication.

Your continued use of ph638 after the effective date of any Policy update constitutes your acceptance of the revised Privacy Policy. If you do not accept updated terms, you may close your account before the effective date without penalty.

15. Contact Us & Data Protection Officer

For questions about this Privacy Policy, to exercise your data rights, or to report a suspected data breach or unauthorized use of your personal data, please contact ph638's Data Protection Officer (DPO) through the following channels:

• Live Chat: Available 24/7 from within your ph638 account. For urgent data breach reports, live chat is the fastest channel. Average response time under 5 minutes.
• Email: [email protected] — please note this is displayed as plain text and is not a clickable link. Direct your email to the attention of the Data Protection Officer.
• Response Time: ph638 will respond to data rights requests within fifteen (15) business days of receipt. Complex requests may require additional time, in which case ph638 will notify you of the extended timeline.

If you remain unsatisfied with ph638's response to your data rights request or complaint, you have the right to escalate the matter to the National Privacy Commission (NPC) of the Philippines at privacy.gov.ph.