phiwin Privacy Policy

1.1 This Privacy Policy ("Policy") applies to all personal data collected by phiwin ("phiwin," "we," "us," or "our") through the phiwin website located at phiwin.net, including all associated services, games, mobile applications, and customer support channels.

1.2 phiwin is committed to compliance with the Republic Act No. 10173, also known as the Data Privacy Act of 2012 of the Philippines ("DPA 2012"), and its implementing rules and regulations issued by the National Privacy Commission of the Philippines.

1.3 This Policy should be read in conjunction with phiwin's Terms and Conditions and Responsible Gaming Policy, which govern your use of the phiwin platform.

1.4 By accessing or using phiwin, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein.

2.1 For the purposes of the Data Privacy Act of 2012, phiwin is the data controller responsible for your personal information collected through the phiwin platform.

2.2 phiwin determines the purposes and means of processing your personal data and is responsible for ensuring that such processing complies with applicable Philippine data protection laws.

2.3 If you have any questions, concerns, or requests regarding the processing of your personal data, you may contact phiwin's Data Protection Officer using the contact details provided in Section 14 of this Policy.

3.1 phiwin collects several categories of personal information from users of the phiwin platform. The types of information we collect include:

3.1.1 Account Registration Information

When you create a phiwin account, we collect the following information:

• Full legal name (first name, middle name, last name);
• Date of birth (to verify you are at least 21 years of age);
• Residential address (street address, barangay, city, province, postal code);
• Email address;
• Valid Philippine mobile number;
• Username and password (password is stored in encrypted form only);
• Nationality and country of residence.

3.1.2 Identity Verification Information

To comply with anti-money laundering (AML) regulations and PAGCOR requirements, phiwin may request:

• Government-issued photo identification (e.g., Philippine passport, SSS ID, UMID, driver's license, PhilSys National ID);
• Proof of residential address (e.g., utility bill, bank statement, barangay certificate);
• Proof of payment method ownership (e.g., screenshot of GCash or PayMaya account, bank statement from BPI, BDO, or Metrobank);
• Selfie or live photo for identity confirmation purposes.

3.1.3 Financial Transaction Information

When you make deposits or withdrawals on phiwin, we collect:

• Payment method details (e.g., GCash mobile number, PayMaya account reference, bank account details);
• Transaction amounts in Philippine Peso (PHP / ₱);
• Transaction timestamps and reference numbers;
• Deposit and withdrawal history.

3.1.4 Technical and Usage Information

When you access phiwin, we automatically collect certain technical information, including:

• IP address and approximate geographic location;
• Device type, operating system, and browser information;
• Pages visited, features used, and time spent on the platform;
• Game history, betting activity, and session logs;
• Cookies and similar tracking technologies (see Section 10).

3.1.5 Communications Data

When you contact phiwin customer support or communicate with us through any channel, we collect records of those communications, including chat transcripts, email correspondence, and support ticket details.

4.1 phiwin uses the personal information we collect for the following purposes:

• Account Management: To create, maintain, and manage your phiwin account, including verifying your identity and age (21+ requirement);
• Service Delivery: To provide you with access to phiwin games, betting markets, and all associated platform features;
• Payment Processing: To process deposits and withdrawals through GCash, PayMaya, BPI, BDO, Metrobank, and other supported payment methods;
• Regulatory Compliance: To comply with PAGCOR licensing requirements, anti-money laundering (AML) obligations, and other applicable Philippine laws and regulations;
• Fraud Prevention: To detect, investigate, and prevent fraudulent activity, cheating, bonus abuse, and other prohibited conduct on the phiwin platform;
• Responsible Gaming: To monitor gaming activity and identify players who may be at risk of problem gambling, and to enforce self-exclusion and limit-setting tools;
• Customer Support: To respond to your inquiries, resolve disputes, and provide technical assistance;
• Platform Improvement: To analyze usage patterns and improve the phiwin platform, user experience, and game offerings;
• Marketing Communications: To send you promotional offers, bonus notifications, and platform updates, where you have consented to receive such communications;
• Legal Obligations: To comply with court orders, regulatory investigations, or other legal processes requiring disclosure of your information.

4.2 phiwin will not use your personal data for any purpose that is incompatible with the purposes listed above without first obtaining your explicit consent.

5.1 phiwin processes your personal data on the following legal bases as recognized under the Data Privacy Act of 2012:

• Contractual Necessity: Processing is necessary to perform the contract between you and phiwin — specifically, to provide you with access to the phiwin platform and its services;
• Legal Obligation: Processing is required to comply with applicable Philippine laws, including AML regulations, PAGCOR licensing requirements, and tax reporting obligations;
• Legitimate Interests: Processing is necessary for phiwin's legitimate business interests, including fraud prevention, platform security, and responsible gaming monitoring, provided such interests are not overridden by your rights and freedoms;
• Consent: For certain processing activities, such as marketing communications and the use of non-essential cookies, phiwin relies on your freely given, specific, and informed consent.

5.2 Where phiwin relies on your consent as the legal basis for processing, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

6.1 phiwin may share your personal information with the following categories of third parties:

• Payment Service Providers: GCash, PayMaya, BPI, BDO, Metrobank, and other payment processors, solely to facilitate deposits and withdrawals on your phiwin account;
• Identity Verification Services: Third-party KYC (Know Your Customer) and AML compliance providers engaged to verify your identity and comply with regulatory requirements;
• Game Software Providers: Licensed game developers and content providers whose games are available on the phiwin platform, to the extent necessary to deliver game services;
• IT and Cloud Service Providers: Trusted technology partners who provide hosting, data storage, security, and platform infrastructure services to phiwin;
• Regulatory Authorities: PAGCOR, the National Privacy Commission, the Anti-Money Laundering Council (AMLC), and other Philippine government agencies, where required by law or regulation;
• Law Enforcement: Philippine law enforcement agencies, courts, or other public authorities, where phiwin is legally required or permitted to disclose your information.

6.2 All third-party service providers engaged by phiwin are contractually required to process your personal data only in accordance with phiwin's instructions and to implement appropriate security measures to protect your data.

6.3 In the event of a merger, acquisition, or sale of all or part of phiwin's business, your personal data may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy.

7.1 phiwin implements a comprehensive set of technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These measures include:

• 256-Bit SSL/TLS Encryption: All data transmitted between your device and phiwin servers is encrypted using industry-standard SSL/TLS protocols;
• Password Hashing: Account passwords are never stored in plain text. phiwin uses strong cryptographic hashing algorithms to store password data securely;
• Access Controls: Access to personal data within phiwin is restricted on a strict need-to-know basis. All staff with access to personal data are subject to confidentiality obligations;
• Firewalls and Intrusion Detection: phiwin's servers are protected by enterprise-grade firewalls and continuous intrusion detection and prevention systems;
• Regular Security Audits: phiwin conducts regular security assessments and penetration testing to identify and address potential vulnerabilities;
• Two-Factor Authentication: phiwin offers optional two-factor authentication (2FA) to provide an additional layer of security for your account.

7.2 While phiwin takes all reasonable steps to protect your personal data, no method of electronic transmission or storage is completely secure. phiwin cannot guarantee absolute security of your data and encourages you to take steps to protect your own account, including using a strong, unique password and enabling 2FA.

7.3 In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, phiwin will notify the National Privacy Commission and affected users in accordance with the requirements of the Data Privacy Act of 2012.

8.1 phiwin retains your personal data for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

8.2 The following retention periods apply to different categories of personal data held by phiwin:

• Account Information: Retained for the duration of your active phiwin account, plus a minimum of five (5) years following account closure, in accordance with PAGCOR and AML record-keeping requirements;
• Financial Transaction Records: Retained for a minimum of five (5) years from the date of each transaction, as required by Philippine AML regulations;
• Identity Verification Documents: Retained for a minimum of five (5) years following account closure or the completion of the relevant verification process;
• Customer Support Communications: Retained for a period of three (3) years from the date of the last communication;
• Technical and Usage Logs: Retained for a period of twelve (12) months, unless a longer retention period is required for security or legal purposes.

8.3 When personal data is no longer required for the purposes for which it was collected and no legal obligation requires its continued retention, phiwin will securely delete or anonymize the data.

9.1 Under the Data Privacy Act of 2012 of the Philippines, you have the following rights with respect to your personal data held by phiwin:

• Right to be Informed: The right to be informed about how your personal data is being collected and processed, as described in this Privacy Policy;
• Right of Access: The right to request a copy of the personal data phiwin holds about you, along with information about how it is being used;
• Right to Rectification: The right to request correction of any inaccurate or incomplete personal data phiwin holds about you;
• Right to Erasure: The right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to phiwin's legal retention obligations;
• Right to Data Portability: The right to receive a copy of your personal data in a structured, commonly used, and machine-readable format;
• Right to Object: The right to object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interests;
• Right to Lodge a Complaint: The right to lodge a complaint with the National Privacy Commission of the Philippines if you believe your data rights have been violated.

9.2 To exercise any of the rights listed above, please contact phiwin's Data Protection Officer using the contact details provided in Section 14. phiwin will respond to all valid data rights requests within thirty (30) days of receipt.

9.3 Please note that certain data rights may be limited where phiwin is required to retain your data to comply with legal obligations, including AML and PAGCOR record-keeping requirements.

10.1 phiwin uses cookies and similar tracking technologies to enhance your experience on the phiwin platform, analyze usage patterns, and deliver relevant content. A cookie is a small text file placed on your device when you visit a website.

10.2 phiwin uses the following categories of cookies:

• Strictly Necessary Cookies: Essential for the operation of the phiwin platform, including maintaining your login session and enabling core platform functionality. These cookies cannot be disabled;
• Performance and Analytics Cookies: Used to collect anonymous information about how visitors use phiwin, helping us improve platform performance and user experience;
• Functional Cookies: Used to remember your preferences, such as language settings and game display options, to provide a more personalized experience;
• Marketing Cookies: Used to deliver relevant promotional content and track the effectiveness of phiwin marketing campaigns. These cookies are only placed with your consent.

10.3 You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling certain cookies may affect the functionality of the phiwin platform.

10.4 phiwin may also use web beacons, pixel tags, and similar technologies in emails and on the platform to track engagement and measure the effectiveness of communications.

11.1 phiwin takes the protection of minors very seriously. The phiwin platform is not directed at, and is not intended for use by, individuals under the age of 21 years, in accordance with PAGCOR regulations governing online gambling in the Philippines.

11.2 phiwin employs age verification procedures during account registration to prevent underage individuals from accessing the platform. If phiwin discovers that personal data has been collected from a person under the age of 21, that account will be immediately terminated and all associated data will be deleted.

11.3 If you are a parent or guardian and believe that your child has provided personal information to phiwin, please contact us immediately using the details in Section 14 so that we can take appropriate action.

12.1 phiwin primarily stores and processes your personal data within the Philippines. However, in certain circumstances, your personal data may be transferred to and processed in countries outside the Philippines, for example where phiwin uses cloud infrastructure or third-party service providers located in other jurisdictions.

12.2 Where personal data is transferred outside the Philippines, phiwin ensures that appropriate safeguards are in place to protect your data, including contractual data protection clauses that require the recipient to provide a level of protection equivalent to that required under the Data Privacy Act of 2012.

12.3 By using phiwin and providing your personal data, you consent to the transfer of your data to other countries as described in this section, subject to the safeguards described above.

13.1 phiwin reserves the right to update or modify this Privacy Policy at any time to reflect changes in our data practices, legal requirements, or platform features. The date of the most recent revision will always be displayed at the top of this page.

13.2 When material changes are made to this Privacy Policy, phiwin will notify registered users via email or a prominent notice on the phiwin platform prior to the changes taking effect. We encourage you to review this Policy periodically to stay informed about how phiwin protects your personal data.

13.3 Your continued use of the phiwin platform after any changes to this Privacy Policy have been posted constitutes your acceptance of the revised Policy. If you do not agree to the updated Policy, you must stop using phiwin and may request account closure.

14.1 If you have any questions, concerns, or requests regarding this Privacy Policy or the way phiwin handles your personal data, please contact our Data Protection Officer. All data-related inquiries will be handled in accordance with the Data Privacy Act of 2012 and responded to within thirty (30) days.

14.2 You may reach phiwin's Data Protection Officer at the contact details below. Please note that the email address is provided as plain text only and is not a clickable link:

14.3 If you are not satisfied with phiwin's response to your data privacy concern, you have the right to lodge a complaint with the National Privacy Commission of the Philippines, which is the supervisory authority responsible for enforcing the Data Privacy Act of 2012.

14.4 For responsible gaming support, self-exclusion requests, or gaming limit tools, please visit our dedicated Responsible Gaming page.