php36 Privacy Policy

The following definitions apply throughout this Privacy Policy:

• "Personal Data" means any information that identifies or can be used to identify a natural person, directly or indirectly, including name, mobile number, national ID number, email address, and financial account details.
• "Sensitive Personal Information" means personal data about an individual's race, ethnic origin, health, education, criminal records, government-issued ID numbers, financial information, and religious or political beliefs — as defined under the Philippine Data Privacy Act of 2012 (RA 10173).
• "Processing" means any operation or set of operations performed on personal data, including collection, recording, storage, alteration, retrieval, transmission, deletion, or destruction.
• "Data Subject" means the natural person whose personal data is collected and processed — in the context of php36, this primarily refers to registered players and platform visitors.
• "Personal Information Controller" (PIC) means php36, which determines the purposes and means of processing personal data on the platform.
• "Personal Information Processor" (PIP) means third parties authorized by php36 to process personal data on its behalf, such as payment processors and KYC verification providers.
• "NPC" means the National Privacy Commission of the Philippines.
• "PAGCOR" means the Philippine Amusement and Gaming Corporation.

php36 collects the following categories of personal data from players and platform users:

php36 collects personal data through the following means:

• Direct submission: Information you provide when creating your php36 account, completing your player profile, submitting KYC documents, making deposits, requesting withdrawals, or contacting php36 support.
• Automated collection: Technical data such as IP addresses, device identifiers, and session information that our servers and analytics tools collect automatically when you access the platform.
• Third-party providers: Data received from payment processors (GCash, Maya, bank partners), identity verification providers, and fraud prevention services, to the extent required to operate the platform and comply with PAGCOR regulations.
• Cookies and tracking technologies: php36 uses cookies and similar technologies to maintain your session, remember preferences, and generate aggregate analytics. See Section 8 for details.

php36 processes your personal data only for the specific, legitimate purposes listed below. We do not process your data in ways that are incompatible with these declared purposes.

• Account creation and management: To register your php36 account, verify your identity and age, and manage your ongoing relationship with the platform.
• Gaming service delivery: To provide access to all php36 games, process wagers, record results, and maintain your gaming history.
• Payment processing: To facilitate GCash, Maya, BPI, BDO, and other deposits and withdrawals, including communication with payment partners to verify and settle transactions.
• KYC and AML compliance: To fulfill php36's obligations under PAGCOR regulations and Philippine anti-money laundering laws, including identity verification and transaction monitoring.
• Responsible gaming: To monitor gameplay patterns for indicators of problem gambling, implement player-requested limits, and enforce PAGCOR's responsible gaming requirements.
• Fraud prevention and platform security: To detect, prevent, and investigate fraudulent activity, collusion, multi-accounting, and unauthorized access attempts.
• Customer support: To respond to your inquiries, resolve disputes, and provide live chat, email, and other support services.
• Marketing communications: To send you promotional offers and platform updates — only where you have provided consent or where permitted by applicable law. You may opt out at any time.
• Legal and regulatory compliance: To comply with orders from PAGCOR, the NPC, Philippine law enforcement, and other competent authorities.
• Platform improvement: To analyze aggregate usage data and improve the php36 platform's performance, features, and user experience.

Under the Philippine Data Privacy Act of 2012 (RA 10173), php36 processes personal data under the following legal bases:

• Contractual necessity: Processing required to perform our contractual obligations to you as a registered player — including account management, game access, and payment services.
• Legal obligation: Processing required to comply with PAGCOR regulations, anti-money laundering laws (AMLA), and other applicable Philippine legal requirements.
• Legitimate interests: Processing for fraud prevention, platform security, and general risk management, where these interests are not overridden by your privacy rights.
• Consent: Processing for marketing communications and non-essential cookies, where your express consent is obtained and may be withdrawn at any time.

php36 may share your personal data with the following categories of recipients:

• Payment service providers: GCash, Maya, GrabPay, BPI, BDO, Metrobank, and other payment partners, for the purpose of processing your deposits and withdrawals.
• Game content providers: Licensed game developers and studios whose content is integrated on php36, to the extent required for game delivery and auditing.
• KYC and identity verification providers: Third-party services contracted by php36 to verify the identity and age of players as required by PAGCOR.
• Fraud prevention and security services: Providers of fraud detection, IP risk scoring, and device fingerprinting services used to protect the platform and players.
• Regulatory and law enforcement authorities: PAGCOR, the National Privacy Commission, the Anti-Money Laundering Council (AMLC), and other Philippine government authorities, when required by applicable law or court order.
• Professional advisors: Legal counsel, auditors, and compliance consultants engaged by php36, subject to binding confidentiality obligations.

All Personal Information Processors engaged by php36 are required to maintain appropriate data security standards and are permitted to use your data only for the specific purposes for which they are engaged.

php36 retains personal data for as long as necessary to fulfill the purposes for which it was collected, subject to applicable legal retention requirements. The following general retention guidelines apply:

• Active account data: Retained for the duration of your php36 account plus a minimum of five (5) years after account closure, as required for PAGCOR compliance and anti-money laundering recordkeeping obligations.
• KYC verification documents: Retained for a minimum of five (5) years from the date of verification, in compliance with Philippine AML regulations.
• Transaction records: Retained for a minimum of five (5) years from the date of each transaction.
• Gaming history: Retained for the duration required by PAGCOR compliance obligations, typically five (5) years from the date of each gaming session.
• Support communications: Retained for two (2) years from the date of the communication unless part of an ongoing dispute or regulatory investigation.
• Marketing consent records: Retained for the duration of your account plus two (2) years after account closure, to evidence compliance with consent requirements.

After applicable retention periods expire, personal data is securely deleted or anonymized in accordance with php36's data disposal procedures.

php36 uses cookies and similar tracking technologies to operate the platform, maintain your login session, remember your preferences, and collect aggregate analytics about platform usage. The following categories of cookies are in use:

• Strictly necessary cookies: Required for platform functionality — session management, authentication tokens, security features. These cannot be disabled without breaking core platform features.
• Functional cookies: Remember your preferences such as language settings, game lobby layout, and notification choices. These improve your experience but are not essential.
• Analytics cookies: Collect aggregate, anonymized data about how players navigate the platform — pages visited, features used, session duration. This data helps php36 improve the platform but does not identify individual users.
• Security cookies: Used for fraud detection and CAPTCHA functionality to protect the platform from automated abuse and account takeover attempts.

You may control non-essential cookies through your browser settings. Disabling strictly necessary cookies may impair your ability to use the php36 platform. Note that clearing cookies will log you out of your php36 session and reset any saved preferences.

As a data subject under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data held by php36:

To exercise any of the above rights, contact php36 via the support channels in Section 14. php36 will respond to verified requests within thirty (30) calendar days. Some requests may be subject to identity verification before processing. Certain rights may be limited by applicable legal obligations — for example, we cannot erase data we are legally required to retain for PAGCOR or AML compliance purposes.

php36 implements age verification procedures during the registration process and requires identity document submission for KYC verification. If php36 discovers that personal data has been collected from a person under 21 years of age, that data will be deleted and the associated account will be suspended immediately.

If you believe that php36 has inadvertently collected personal data from a minor, please contact us immediately using the contact details in Section 14 so we can investigate and take corrective action.

php36 implements organizational, physical, and technical measures to protect your personal data from unauthorized access, disclosure, alteration, destruction, or loss. Our security framework includes:

• 256-bit SSL/TLS encryption for all data transmitted between your device and php36 servers.
• Encrypted storage of passwords using industry-standard hashing algorithms.
• Two-factor authentication (2FA) via SMS OTP, available to all php36 players.
• Role-based access controls limiting internal staff access to personal data on a need-to-know basis.
• Regular security audits and vulnerability assessments of platform infrastructure.
• Activity logging and anomaly detection to identify potential unauthorized access attempts.
• Incident response procedures aligned with NPC breach notification requirements under RA 10173.

While php36 employs robust security measures, no online platform can guarantee absolute security. We encourage all players to protect their own php36 account by using a strong, unique password, enabling two-factor authentication, and never sharing login credentials with others.

The php36 platform may display content or functionality provided by third-party game studios, payment processors, or other licensed service partners. These third parties operate under their own privacy policies and data processing agreements. php36 is not responsible for the privacy practices of third-party service providers beyond the data processing agreements and compliance requirements it imposes on them as Personal Information Processors.

php36 does not include unsolicited third-party marketing content or external links to non-affiliated websites within the player-facing platform. Any game content from third-party providers integrated into the platform is subject to data sharing agreements consistent with this Privacy Policy and RA 10173.

php36 may update this Privacy Policy from time to time to reflect changes in platform operations, applicable Philippine law, or NPC guidance. Material changes will be communicated to registered players via the email address or mobile number on file, or by prominent notice on the platform, before the changes take effect.

The date at the top of this Privacy Policy reflects when it was last updated. We encourage you to review this policy periodically. Continued use of the php36 platform after the effective date of any update constitutes your acceptance of the revised Privacy Policy.

php36 has appointed a Data Privacy Officer (DPO) in accordance with the requirements of RA 10173 and NPC regulations. If you have any questions, concerns, or requests relating to this Privacy Policy or php36's data processing practices, you may contact us through the following channels:

• Email: [email protected] (plain text — not a clickable link)
• Live Chat: Available 24/7 within the php36 platform after logging in to your account.

php36 aims to respond to all privacy-related inquiries within fifteen (15) business days. Complex requests involving data subject rights may require additional time and identity verification before processing.