php22 Privacy Policy

1. Who We Are

php22 ("php22", "we", "us", "our") operates the online gaming and sports betting platform accessible at php22.app. php22 is the data controller responsible for the personal information collected and processed in connection with your use of our services. php22 operates in compliance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, the directives of the National Privacy Commission (NPC), and applicable PAGCOR regulatory requirements.

This Privacy Policy applies to all personal data collected from players, registered account holders, visitors to php22.app, and any other individuals whose personal information is processed by php22 in connection with our services.

2. Information We Collect

php22 collects the following categories of personal information:

2.1 Identity & Contact Data

• Full legal name as it appears on a valid government-issued Philippine ID;
• Date of birth (collected for mandatory age verification — php22 is strictly for players aged 21 and above);
• Philippine mobile number (used as primary account identifier and for two-factor authentication OTPs);
• Email address;
• Residential address (collected during KYC verification).

2.2 Verification Documents

• Copies of government-issued photo identification (e.g., Philippine passport, SSS ID, driver's license, PhilSys National ID, UMID);
• Proof of residential address (e.g., utility bill, bank statement issued within 3 months);
• Proof of payment method ownership (e.g., screenshot or statement confirming a GCash or Maya account is registered in the player's name).

2.3 Financial Data

• Deposit and withdrawal transaction records denominated in Philippine Peso;
• E-wallet and bank account identifiers (e.g., GCash mobile number, Maya account reference) solely for payment processing and fraud prevention;
• Account balance history and transaction logs.

2.4 Gaming Data

• Game session history, including games played, stakes, outcomes, and session duration;
• Bonus and promotion activity records;
• Responsible gaming preferences and any self-imposed deposit limits or self-exclusion elections.

2.5 Technical & Usage Data

• IP address and approximate geolocation at the time of login;
• Device type, operating system, and browser information;
• Session timestamps, page navigation patterns, and feature usage logs;
• Cookie identifiers and similar tracking technology data as described in Section 9.

3. How We Collect Your Data

php22 collects personal data through the following means:

• Direct submission: Information you provide when registering an account, completing KYC verification, making deposits or withdrawal requests, contacting support, or participating in promotions;
• Automated collection: Technical and usage data collected automatically when you access php22.app through cookies, log files, and similar tracking technologies;
• Third-party sources: Identity verification data from licensed KYC service providers; fraud risk scores from payment processing partners; and, where applicable, self-exclusion status from regulatory databases.

4. Legal Basis for Processing

php22 processes your personal data on the following legal bases under the Data Privacy Act of 2012:

• Contractual necessity: Processing required to register and maintain your account, process deposits and withdrawals, and deliver gaming services;
• Legal obligation: Processing required to comply with PAGCOR licensing requirements, anti-money laundering obligations under AMLA, KYC mandates, and NPC data governance rules;
• Legitimate interests: Processing for fraud detection, platform security monitoring, and improvement of php22 services, where such interests are not overridden by your fundamental rights;
• Consent: Processing for optional communications such as promotional emails and SMS notifications, where you have provided explicit consent and may withdraw it at any time.

5. How We Use Your Data

php22 uses your personal data for the following purposes:

• To create, verify, maintain, and secure your php22 account;
• To process deposits, withdrawals, and other financial transactions in Philippine Peso;
• To comply with KYC and anti-money laundering obligations, including identity and age verification for the 21+ requirement;
• To detect, prevent, and investigate fraud, collusion, money laundering, and other prohibited conduct as defined in the php22 Terms and Conditions;
• To provide customer support and respond to account inquiries;
• To administer bonuses, promotions, and loyalty programs;
• To monitor compliance with responsible gaming commitments, including enforcing self-exclusion elections and deposit limits;
• To send account-related service notifications (transaction confirmations, security alerts, OTPs);
• To send promotional communications where you have consented, and to allow you to opt out at any time;
• To improve the php22 platform through aggregated, anonymized analysis of player behavior and feature usage.

6. Data Sharing & Disclosure

php22 does not sell, rent, or trade your personal data to third parties for their independent marketing purposes. We share personal data only in the following circumstances:

• Service providers: KYC identity verification partners, payment processors (GCash, Maya, BPI, BDO, Metrobank, InstaPay, GrabPay, QR Ph, 7-Eleven CLiQQ), cloud infrastructure providers, fraud detection services, and customer support platform vendors — all engaged under data processing agreements requiring compliance with the Data Privacy Act;
• Regulatory authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other Philippine government agencies where disclosure is required by law or regulation;
• Law enforcement: Philippine law enforcement agencies in response to lawful court orders, subpoenas, or similar legal process;
• Corporate transactions: Successors or assignees of php22 in the event of a merger, acquisition, or sale of assets, subject to continued compliance with this Privacy Policy;
• With your consent: Any other disclosure made with your explicit, prior consent.

Where personal data is transferred to service providers operating outside the Philippines, php22 ensures appropriate contractual safeguards are in place consistent with NPC requirements for cross-border data transfers.

7. Data Retention

php22 retains personal data for as long as necessary to fulfill the purposes for which it was collected and to comply with applicable legal, regulatory, and business record-keeping obligations. Specific retention periods include:

• Account and KYC records: Retained for a minimum of five (5) years following account closure, as required by PAGCOR and AMLA regulations;
• Transaction records: Retained for a minimum of five (5) years in compliance with anti-money laundering record-keeping requirements;
• Gaming session logs: Retained for a minimum of two (2) years for dispute resolution and auditing purposes;
• Support communications: Retained for two (2) years from the date of the relevant interaction;
• Marketing consent records: Retained for the duration of the consented activity plus one (1) year to evidence consent compliance.

Upon expiry of applicable retention periods, personal data is securely deleted or anonymized in accordance with NPC-approved data disposal procedures.

8. Security Measures

php22 implements technical, organizational, and physical security measures designed to protect your personal data against unauthorized access, disclosure, alteration, and destruction. Our key security controls include:

• 256-bit SSL/TLS encryption on all data transmitted between your device and php22 servers;
• Encryption of sensitive personal data fields at rest using industry-standard algorithms;
• Two-factor authentication (2FA) via SMS OTP to your Philippine mobile number for account login;
• Role-based access controls ensuring php22 staff access personal data only on a need-to-know basis;
• 24/7 automated intrusion detection and security event monitoring;
• Regular penetration testing and security audits conducted by independent third parties;
• Formal incident response procedures aligned with NPC mandatory breach notification requirements.

In the event of a personal data breach that poses a real risk of serious harm to affected data subjects, php22 will notify the National Privacy Commission and affected individuals within seventy-two (72) hours of becoming aware of the breach, in accordance with NPC Circular 16-03.

9. Cookies & Tracking Technologies

php22 uses cookies and similar technologies to operate the platform, remember your session and preferences, and analyze site usage. The categories of cookies we use include:

• Strictly necessary cookies: Essential for the platform to function — authentication, session management, fraud prevention. These cannot be disabled.
• Functional cookies: Remember your language and display preferences to personalize your experience.
• Analytics cookies: Collect aggregated, anonymized data about how players use php22 to help us improve platform performance and user experience.

You may manage non-essential cookies through your browser settings. Disabling cookies may affect certain platform features. php22 does not use tracking cookies for the purpose of selling player behavioral data to third-party advertisers.

10. Your Rights Under the Data Privacy Act

As a data subject under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data held by php22:

• Right to be informed: The right to know what personal data php22 collects, how it is used, and with whom it is shared — as described in this Privacy Policy;
• Right of access: The right to request a copy of the personal data php22 holds about you;
• Right to rectification: The right to request correction of inaccurate or incomplete personal data;
• Right to erasure: The right to request deletion of your personal data where retention is no longer legally required, subject to php22's regulatory record-keeping obligations;
• Right to object: The right to object to processing based on legitimate interests, including the right to withdraw consent to marketing communications at any time;
• Right to data portability: The right to receive your personal data in a structured, commonly used format where technically feasible;
• Right to lodge a complaint: The right to file a complaint with the National Privacy Commission if you believe php22 has violated your rights under the Data Privacy Act.

To exercise any of the above rights, contact php22's Data Protection Officer via live chat or at the email address listed in Section 13. php22 will respond to verified data subject requests within fifteen (15) business days.

11. Minors

php22 does not knowingly collect personal data from individuals under the age of 21. php22 is strictly an adult gaming platform and enforces the 21+ age requirement through mandatory KYC identity and age verification prior to the processing of any withdrawal transaction. If php22 determines that personal data has been submitted by or on behalf of a minor, that data will be deleted and the associated account will be immediately closed. If you believe a minor has created a php22 account, please notify us immediately via live chat or support email.

12. Changes to This Privacy Policy

php22 may update this Privacy Policy from time to time to reflect changes in our data practices, regulatory requirements, or platform features. Material changes will be communicated to registered players via an in-platform notification displayed upon login, and the updated effective date will be clearly stated at the top of this page. Your continued use of php22 services after the effective date of any revision constitutes your acknowledgment of the updated Privacy Policy. We encourage you to review this page periodically to stay informed about how php22 protects your data.

13. Contact the Data Protection Officer

If you have questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data by php22, please contact our Data Protection Officer (DPO):

• Live Chat: Available 24/7 on the php22 platform — the fastest way to reach our team.
• Email: [email protected] — Subject line: "Data Privacy Request"
• Response time: php22 acknowledges all data privacy requests within two (2) business days and resolves verified requests within fifteen (15) business days.
• NPC complaints: If you are unsatisfied with php22's response, you have the right to file a complaint with the National Privacy Commission of the Philippines at privacy.gov.ph.