Privacy Policy – phpgroup | How We Protect Your Data

Section 1

Introduction & Scope

This Privacy Policy ("Policy") describes how phpgroup ("phpgroup", "we", "us", "our") collects, processes, stores, and shares personal data of individuals ("you", "Player", "User") who access or use the phpgroup online gaming platform at phpgroup.club and all associated subdomains, mobile interfaces, and related services (collectively, the "Platform").

phpgroup operates as a PAGCOR-licensed online gaming platform serving Filipino players. As a licensed gaming operator under the Philippine Amusement and Gaming Corporation ("PAGCOR"), phpgroup is subject to Philippine gaming regulations and to the Philippine Data Privacy Act of 2012 (Republic Act No. 10173, "DPA") and its Implementing Rules and Regulations ("IRR"), enforced by the National Privacy Commission ("NPC").

This Policy applies to all personal data processed in connection with your use of the phpgroup Platform, regardless of whether you access phpgroup via desktop browser, mobile browser, or any other interface. By registering a phpgroup account or using any phpgroup service, you acknowledge that you have read and understood this Policy.

Plain-language summary: This Policy applies to everything phpgroup collects about you when you register, play, deposit, withdraw, or contact support. If you're a Filipino player using phpgroup, the DPA protects your rights and phpgroup is bound by it.

Section 2

Data Controller

For the purposes of the Philippine Data Privacy Act of 2012 and its Implementing Rules and Regulations, the data controller responsible for your personal data collected through the phpgroup Platform is:

Entity: phpgroup

Platform: phpgroup.club

Regulatory Authority: Philippine Amusement and Gaming Corporation (PAGCOR)

Data Privacy Regulator: National Privacy Commission of the Philippines (NPC)

Data Protection Inquiries: [email protected]

phpgroup has designated a Data Protection Officer ("DPO") in accordance with the requirements of the DPA. The DPO is responsible for overseeing phpgroup's data protection practices and ensuring compliance with applicable Philippine data privacy law. Data subject rights requests and privacy inquiries may be directed to the DPO via [email protected].

Section 3

Personal Data We Collect

phpgroup collects the following categories of personal data in connection with your use of the Platform:

Data Category	Examples	Primary Purpose
Identity Data	Full legal name, date of birth, nationality, gender	Account registration, KYC compliance, age verification
Contact Data	Philippine mobile number, email address, residential address	Account management, support communications, security alerts
Government ID Data	PhilSys ID, UMID, passport, driver's license number, ID images	KYC verification, PAGCOR compliance, anti-fraud
Biometric Data	Facial photograph (selfie) for identity matching	KYC verification, account security
Financial Data	GCash number, Maya account, bank details (masked), transaction history	Payment processing, withdrawal, AML compliance
Gaming Data	Wagering history, game session logs, bet amounts, win/loss records	Platform operation, responsible gaming, dispute resolution
Technical Data	IP address, device type, browser type, OS, session timestamps	Security, fraud detection, platform optimisation
Communication Data	Live chat transcripts, support emails, survey responses	Customer support, quality assurance, complaints resolution
Marketing Data	Promotional communication preferences, campaign response data	Marketing (where consent is given)

Sensitive Personal Information: Government-issued ID data, biometric data (facial photographs), and financial account data are classified as sensitive personal information under the DPA. phpgroup applies enhanced security measures to all sensitive personal data categories.

Section 4

How We Collect Data

phpgroup collects personal data through the following channels and methods:

4.1 Direct Collection. The majority of data phpgroup holds about you is provided directly by you during account registration, the KYC verification process, deposit and withdrawal transactions, live chat and email support interactions, and participation in surveys or promotions.

4.2 Automated Technical Collection. When you access phpgroup, certain technical data is collected automatically by our systems. This includes your IP address, device identifiers, browser fingerprint, session duration, page views, and clickstream data. This collection is necessary for platform security, fraud detection, and to maintain the technical operation of phpgroup.

4.3 Third-Party Sources. phpgroup may receive supplementary identity verification data from its authorised KYC verification service providers, where you have provided consent for such cross-referencing as part of the verification process. phpgroup may also receive fraud risk scores from payment processors in connection with deposit and withdrawal transactions.

4.4 Cookies and Tracking Technologies. phpgroup uses cookies and related tracking technologies as described in Section 8 of this Policy.

Section 5

Legal Basis for Processing

Under the Philippine Data Privacy Act, phpgroup processes personal data on the following legal grounds:

Contractual Necessity: Processing required to register your phpgroup account, authenticate your phpgroup Login, process deposits and withdrawals, and deliver gaming services you have requested.
Legal Obligation: Processing required to comply with PAGCOR licensing conditions, Philippine anti-money laundering laws (RA 9160 as amended), age verification requirements, and NPC data protection obligations.
Legitimate Interests: Processing for fraud prevention, platform security, responsible gaming monitoring, and internal analytics, where phpgroup's legitimate operational interests are not outweighed by your privacy rights.
Consent: Processing for marketing communications, promotional profiling, and optional platform personalisation features, which requires your separate, freely given, and revocable consent.

Section 6

How We Use Your Data

phpgroup uses collected personal data for the following specific purposes:

Account Management: To create, maintain, authenticate, and manage your phpgroup player account, including processing your phpgroup Login credentials and account security settings.
KYC and Regulatory Compliance: To verify your identity and age (21+ requirement) in accordance with PAGCOR licensing conditions and Philippine law, and to fulfil our obligations under the Anti-Money Laundering Act.
Payment Processing: To process GCash deposits, Maya transfers, bank withdrawals, and other phpgroup financial transactions in Philippine Peso (₱).
Gaming Services: To deliver the phpgroup gaming platform, record game outcomes, calculate winnings, resolve disputes, and maintain complete and auditable game session records.
Responsible Gaming: To monitor gaming behaviour for indicators of problem gambling, to administer self-imposed limits and exclusion tools, and to fulfil phpgroup's responsible gaming obligations under PAGCOR regulations.
Customer Support: To respond to your support requests, resolve complaints, and maintain records of communications for quality assurance and dispute resolution purposes.
Security and Fraud Prevention: To detect, investigate, and prevent fraudulent activity, unauthorised account access, money laundering, and other conduct prohibited under phpgroup's Terms and Conditions.
Platform Improvement: To analyse aggregate, anonymised usage data for the purpose of improving phpgroup's platform performance, game selection, and user experience.
Marketing Communications: To send promotional offers, bonus notifications, and phpgroup news to players who have given explicit consent to receive such communications.

Section 7

Data Sharing

phpgroup does not sell, rent, or trade your personal data to any third party for commercial or marketing purposes. Personal data is shared with third parties only in the circumstances described below:

7.1 Service Providers. phpgroup shares personal data with carefully selected third-party service providers who process data on phpgroup's behalf under contractual data processing agreements. These include:

Game providers (e.g., live casino studios, slot developers) — for game delivery and outcome records;
Payment processors and e-wallet providers (GCash, Maya, banking institutions) — for transaction processing;
KYC and identity verification service providers — for age and identity confirmation;
Fraud prevention and risk management technology providers;
Customer support platform providers — for live chat and ticketing systems;
Cloud hosting and infrastructure providers — for secure platform operation.

7.2 Regulatory and Law Enforcement Disclosure. phpgroup will disclose personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), Philippine law enforcement authorities, or other competent regulatory bodies where phpgroup is legally required to do so or where disclosure is necessary to comply with a valid legal process, such as a court order or official investigation.

7.3 Business Transfers. In the event of a merger, acquisition, restructuring, or sale of all or part of phpgroup's business assets, personal data may be transferred to the acquiring entity as part of that transaction. Affected players will be notified of any such transfer and of any material changes to this Privacy Policy resulting from it.

7.4 With Your Consent. phpgroup may share your personal data with additional third parties where you have given explicit, informed, and freely revocable consent to that specific sharing.

Commitment: phpgroup never shares your phpgroup gaming history, financial data, or KYC documents with third parties for advertising, data brokering, or any purpose unrelated to the delivery and regulation of the phpgroup service.

Section 8

Cookies & Tracking Technologies

phpgroup uses cookies — small text files stored on your device — and related technologies including local storage and session tokens, to operate and improve the Platform. The following cookie categories are used:

Strictly Necessary Cookies: Required to operate core phpgroup functions, including phpgroup Login session management, account authentication, deposit and withdrawal processing, and security controls. These cookies cannot be disabled without preventing phpgroup from functioning.
Functional Cookies: Used to remember your phpgroup preferences — such as language settings, display options, and responsible gaming limit confirmations — to improve your experience between sessions.
Analytical Cookies: Used to collect anonymised data about how players use the phpgroup platform — pages visited, time spent, features used — to help phpgroup identify areas for improvement. No personally identifiable data is included in analytical reports.
Security & Fraud Detection Cookies: Used to identify unusual or suspicious access patterns, multiple account registrations, and fraudulent login attempts on the phpgroup platform.

You may manage cookie preferences through your browser settings. Note that disabling strictly necessary cookies will impair or prevent phpgroup platform functionality, including the ability to log in and manage your account.

Section 9

Data Retention

phpgroup retains personal data only for as long as is necessary to fulfil the purposes described in this Policy, or as required by applicable law. The following retention periods apply:

Data Category	Retention Period	Basis
Account & Identity Data	Duration of account + 5 years post-closure	PAGCOR licensing, AML compliance
KYC / Government ID Data	Duration of account + 5 years post-closure	RA 9160 Anti-Money Laundering Act
Financial Transaction Records	5 years from transaction date	PAGCOR, AML regulatory requirements
Gaming Session Logs	3 years from session date	Dispute resolution, regulatory audit
Customer Support Communications	3 years from last interaction	Complaints resolution, quality assurance
Technical / IP Logs	12 months from collection	Security, fraud detection
Marketing Preference Data	Until consent is withdrawn	Consent-based processing

Upon expiry of the applicable retention period, phpgroup will securely delete or anonymise the relevant personal data in accordance with its data destruction procedures, unless a specific legal obligation requires extended retention.

Section 10

Security Measures

phpgroup implements technical and organisational security measures proportionate to the sensitivity of the personal data it processes. These measures include:

256-bit SSL/TLS encryption for all data in transit across the phpgroup platform, including phpgroup Login, registration, and payment pages;
Encryption of sensitive data fields at rest in phpgroup's database infrastructure;
Access controls limiting phpgroup staff access to personal data on a strict need-to-know basis, with role-based permissions and audit logging;
Multi-factor authentication for phpgroup system access by staff;
Regular third-party security assessments and penetration testing of the phpgroup platform;
Intrusion detection systems and real-time security monitoring;
Documented incident response procedures aligned with NPC breach notification requirements.

In the event of a personal data breach that is likely to adversely affect your rights and freedoms, phpgroup will notify you and the National Privacy Commission within seventy-two (72) hours of becoming aware of the breach, in accordance with DPA requirements.

While phpgroup maintains robust security measures, no online system can guarantee absolute security. You are responsible for maintaining the confidentiality of your phpgroup Login credentials and for logging out after each session, particularly on shared or public devices.

Section 11

Your Data Rights

Under the Philippine Data Privacy Act of 2012, you have the following rights in relation to personal data phpgroup holds about you:

Right to Access

Request a copy of all personal data phpgroup holds about you, including categories, sources, and processing purposes.

Right to Rectification

Request correction of inaccurate or incomplete personal data in your phpgroup account.

Right to Erasure

Request deletion of your personal data where phpgroup no longer has a legal basis to retain it.

Right to Object

Object to processing of your data for marketing communications or legitimate interest purposes.

Right to Portability

Request your phpgroup personal data in a structured, commonly used, machine-readable format.

Right to Restriction

Request that phpgroup restrict processing of your data while a rectification or objection request is being assessed.

To exercise any of these rights, submit a written request to phpgroup's Data Protection Officer at [email protected]. phpgroup will respond within thirty (30) days of receipt of a valid request. phpgroup may need to verify your identity before processing a rights request.

Please note that certain rights are subject to limitations where phpgroup has a legal obligation to retain data — for example, KYC and transaction records required by PAGCOR and the Anti-Money Laundering Council cannot be deleted upon request while the regulatory retention obligation remains in effect.

Section 12

Minors & Age Restriction

phpgroup's gaming services are strictly for individuals aged 21 years and older, as required by PAGCOR. phpgroup does not knowingly collect personal data from individuals under 21 years of age. The KYC verification process — which requires a valid government-issued ID and real-time facial photograph — is specifically designed to prevent minors from registering phpgroup accounts.

If phpgroup determines that personal data has been collected from an individual under 21 years of age, that data will be immediately deleted, the account will be closed, and any balance will be voided in accordance with phpgroup's Terms and Conditions. If you believe phpgroup has inadvertently collected data from a minor, please notify us immediately at [email protected].

21+ Policy: phpgroup is for players 21 years and older only. This is not merely a terms requirement — it is enforced through mandatory government ID verification before any withdrawal is processed.

Section 13

Third-Party Links & Services

The phpgroup platform may contain references to or integrations with third-party services, including game provider interfaces and payment provider portals. These third parties operate their own privacy practices independently of phpgroup. When you interact directly with a third-party interface — for example, when completing a GCash transaction — you are subject to that provider's privacy policy, not phpgroup's.

phpgroup is not responsible for the privacy practices of third-party services accessed through or in connection with the phpgroup platform. Players are encouraged to review the privacy policies of payment providers and game studios where relevant. phpgroup selects service providers that meet appropriate data protection standards and binds them to contractual privacy obligations.

Section 14

Policy Changes

phpgroup may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal obligations, or regulatory requirements. Material changes — those that significantly affect your rights or the way phpgroup uses your data — will be communicated to registered players by email to the address on file, at least seven (7) days before the revised Policy takes effect.

Non-material changes (such as corrections of typographical errors or clarifications that do not alter the substance of the Policy) may be made without specific notification, and the updated Policy will be posted on this page with a revised effective date.

Your continued use of the phpgroup platform after any Policy revision constitutes your acceptance of the updated terms. The current version of this Policy, including the effective date shown at the top of this page, is always the binding version.

Section 15

Complaints & Regulatory Authority

If you believe that phpgroup has not handled your personal data in accordance with this Privacy Policy or the Philippine Data Privacy Act, you have the right to lodge a formal complaint. phpgroup encourages you to raise the matter with us directly in the first instance, so that we have the opportunity to address your concern.

Privacy complaints should be submitted in writing to phpgroup's Data Protection Officer at [email protected]. phpgroup will acknowledge your complaint within five (5) business days and provide a substantive response within thirty (30) days of receipt.

If you are not satisfied with phpgroup's response, or if you prefer to raise the matter directly with the supervisory authority, you have the right to file a complaint with the National Privacy Commission of the Philippines (NPC), the government body responsible for enforcing the Data Privacy Act.

Section 16

Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data by phpgroup, please contact phpgroup's Data Protection Officer through the following channels:

Email (Data Protection): [email protected]

Live Chat: Available 24 hours a day, 7 days a week on the phpgroup platform

Response Commitment: Email within 4 hours · Formal DPO responses within 30 days

Jurisdiction: Republic of the Philippines · PAGCOR Regulated · NPC Supervised

When contacting phpgroup regarding a data privacy matter, please include your phpgroup account username, a description of your request or concern, and any relevant reference numbers to assist with a prompt and accurate response.

phpgroup Privacy Policy

Your Data, Our Commitment

256-Bit SSL Encryption

No Data Sales — Ever

PAGCOR-Compliant KYC

Your Right to Access

Marketing Opt-Out

Defined Retention Periods