php99 Privacy Policy

This Privacy Policy ("Policy") is issued by php99 ("php99," "we," "us," or "our"), the operator of the online gaming platform at https://php99.vip. This Policy applies to all personal data processed in connection with your use of the php99 platform, including account registration, game play, financial transactions, customer support interactions, and communications we send to you.

php99 is committed to processing personal data lawfully, fairly, and transparently, in accordance with Republic Act No. 10173 (Data Privacy Act of 2012), its Implementing Rules and Regulations, and all applicable issuances of the National Privacy Commission of the Philippines. php99 is also subject to PAGCOR's data handling requirements as a condition of its gaming licence.

This Policy applies to all personal data collected and processed by php99 through the following touchpoints:

• The php99 website at https://php99.vip and all pages and subdomains thereof.
• Account registration, login, and profile management processes.
• Deposit and withdrawal transactions processed through GCash, Maya, BPI, BDO, Metrobank, Coins.ph, USDT, and 7-Eleven.
• Live chat, email support communications, and any other direct communications with php99.
• Promotional and marketing activities, subject to your communication preferences.

Data Controller: php99 acts as the personal information controller (PIC) as defined under the Philippine Data Privacy Act with respect to the personal data described in this Policy. php99 determines the purposes and means of processing your personal data and bears full responsibility for its lawful handling.

This Policy does not govern data collected by third-party payment providers (e.g., GCash, Maya, BPI), game software vendors, or other external services that you interact with through the php99 platform. Those parties maintain their own privacy policies, which govern their respective data practices.

php99 collects and processes the following categories of personal data:

php99 does not intentionally collect special categories of sensitive personal information (e.g., health data, racial or ethnic origin, religious beliefs, political opinions) beyond what may be incidentally contained in government ID documents submitted for KYC purposes, and such data is not used for any purpose other than identity verification.

php99 collects personal data through the following means:

• Direct Provision: Data you actively provide when registering an account, completing KYC verification, making a deposit or withdrawal, contacting support, or updating your profile settings.
• Automated Collection: Technical and behavioural data collected automatically through cookies, server logs, and analytics tools when you browse and interact with the php99 platform.
• Payment Processors: Transaction confirmation and payment method details received from GCash, Maya, BPI, BDO, Metrobank, Coins.ph, and other payment partners when you initiate a financial transaction.
• Identity Verification Services: Verification outcomes and identity data elements received from third-party KYC providers engaged by php99 to fulfil its PAGCOR-mandated identity verification obligations.
• Regulatory Sources: Data received from PAGCOR or other regulatory authorities in connection with player self-exclusion lists, prohibited player registries, or compliance inquiries.

php99 processes your personal data only where a lawful basis exists under the Philippine Data Privacy Act. The following table outlines the primary processing purposes and their corresponding legal bases:

Where php99 relies on your consent as the legal basis for processing, you have the right to withdraw that consent at any time by contacting our Data Protection Officer. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

php99 does not sell, rent, or trade your personal data. Your data may be shared with the following categories of recipients, strictly on a need-to-know basis and subject to appropriate data processing agreements where required:

• Payment Processors: GCash, Maya, BPI, BDO, Metrobank, Coins.ph, and other payment service providers receive the transaction data necessary to process your deposits and withdrawals.
• KYC and Identity Verification Providers: Third-party providers engaged to verify your identity, age, and document authenticity in compliance with PAGCOR KYC requirements.
• Game Software Providers: Game vendors providing licensed content to the php99 platform may receive limited technical identifiers necessary to deliver personalised game sessions and record outcomes.
• Cloud Infrastructure and Hosting Providers: Third-party infrastructure providers hosting the php99 platform and data storage systems, all of whom are bound by contractual data processing obligations.
• Regulatory and Law Enforcement Authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other Philippine government authorities as required by applicable law.
• Professional Advisers: Lawyers, auditors, and compliance consultants engaged by php99 in connection with legal, financial, or regulatory matters, subject to professional confidentiality obligations.

The php99 platform uses cookies and similar tracking technologies to operate core platform functions, analyse user behaviour, and improve your experience. The following categories of cookies are used:

• Strictly Necessary Cookies: Essential for the operation of the platform — including maintaining your login session, remembering security settings, and enabling basic navigation. These cannot be disabled.
• Performance and Analytics Cookies: Used to measure how users interact with the platform — which pages are visited most, how long sessions last, and where errors occur — allowing php99 to improve performance. These are deployed subject to your cookie consent.
• Functional Cookies: Remember your preferences such as language settings, preferred game categories, and responsible gaming settings configured in your Account.
• Security Cookies: Used to detect and prevent fraudulent login attempts, bot activity, and suspicious access patterns.

You may manage non-essential cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of some Platform features. php99 does not use third-party advertising cookies or behavioural tracking cookies for the purpose of selling advertising inventory.

php99 retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable legal and regulatory obligations. The following general retention periods apply:

• Active Account Data: Retained for the duration of your Account's active status.
• KYC and Identity Documents: Retained for a minimum of five (5) years following Account closure, in compliance with PAGCOR licence conditions and AMLC requirements.
• Financial Transaction Records: Retained for a minimum of five (5) years following the transaction date, as required under Philippine anti-money laundering regulations.
• Support Communications: Retained for three (3) years following the resolution of the relevant support case, to facilitate audit trails and dispute resolution.
• Gaming and Betting Records: Retained for five (5) years following Account closure to support regulatory audits and dispute resolution.
• Technical and Log Data: Typically retained for twelve (12) months for security monitoring purposes, unless required for longer by an ongoing investigation or legal proceeding.
• Marketing Communications: Retained until you withdraw consent to receive marketing communications, after which your data will be moved to a suppression list to ensure no further contact.

Upon expiry of applicable retention periods, personal data is securely deleted or anonymised in accordance with php99's data disposal procedures.

php99's primary operations are based in the Philippines and personal data is stored on servers located within or compliant with Philippine data protection standards. Where the engagement of third-party service providers — such as cloud infrastructure platforms, KYC verification services, or game software vendors — requires the transfer of personal data to servers located outside the Philippines, php99 ensures that such transfers are conducted in accordance with the requirements of the Philippine Data Privacy Act.

Safeguards applied to international transfers include:

• Data processing agreements incorporating standard contractual clauses aligned with NPC guidance on cross-border data flows.
• Transfers only to jurisdictions or processors that provide adequate levels of personal data protection as assessed by php99 and, where applicable, recognised by the NPC.
• Encryption of personal data in transit and at rest.

For questions about international transfers of your specific personal data, please contact php99's Data Protection Officer at the details provided in Section 13.

Under the Philippine Data Privacy Act of 2012 (RA 10173), you have the following rights with respect to your personal data held by php99:

1. Right to Be Informed: The right to know what personal data is being collected, the purpose of collection, and how it will be processed — as described in this Policy.
2. Right to Access: The right to request a copy of the personal data php99 holds about you, along with information about how it is processed.
3. Right to Object: The right to object to the processing of your personal data, including processing for direct marketing purposes. Objection to processing based on legitimate interests may be overridden where php99 can demonstrate compelling legitimate grounds.
4. Right to Erasure or Blocking: The right to request deletion or blocking of your personal data where it is no longer necessary for the purpose for which it was collected, or where processing is unlawful. This right is subject to php99's legal retention obligations.
5. Right to Rectification: The right to correct inaccurate, incomplete, or outdated personal data held by php99.
6. Right to Data Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.
7. Right to File a Complaint: The right to lodge a complaint with the National Privacy Commission of the Philippines if you believe your data rights have been violated.

To exercise any of the above rights, please submit a written request to php99's Data Protection Officer via live chat or email at [email protected]. php99 will respond to data subject requests within fifteen (15) business days of receipt, in accordance with NPC requirements.

The php99 platform is strictly restricted to individuals who are twenty-one (21) years of age or older, as required by Philippine law and PAGCOR regulations. php99 does not knowingly collect or process personal data from individuals under the age of 21.

If php99 discovers or is notified that personal data has been collected from an individual under 21 years of age, the relevant Account will be immediately suspended, all associated data will be reviewed, and the personal data of the underage individual will be securely deleted in accordance with applicable law. The matter may be reported to PAGCOR where required by the terms of our licence.

Parents or guardians who believe a minor may have registered on the php99 platform should contact our Data Protection Officer immediately at [email protected]. php99 will treat such notifications with the highest priority.

php99 implements a comprehensive set of technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, and destruction. Key measures include:

• Encryption: All data transmitted between your device and the php99 platform is protected using 256-bit TLS/SSL encryption. Personal data stored on php99 servers is encrypted at rest using industry-standard encryption algorithms.
• Access Controls: Personal data is accessible only to authorised php99 staff and contractors on a strict need-to-know basis. Access privileges are role-based, regularly reviewed, and logged.
• Multi-Factor Authentication: Administrative access to systems holding personal data requires multi-factor authentication. php99 also offers SMS OTP two-factor authentication to players for Account login security.
• Penetration Testing: php99 conducts regular security testing, including vulnerability assessments and penetration testing, to identify and remediate security weaknesses.
• Data Breach Response: php99 maintains a documented data breach response procedure. In the event of a breach that poses a real risk of harm to data subjects, php99 will notify affected users and the NPC within the timeframes required by the Data Privacy Act and NPC Circular 2016-03.
• Staff Training: All php99 staff with access to personal data receive regular data privacy and security training. Confidentiality obligations are a condition of employment.

php99 may update this Privacy Policy from time to time to reflect changes in our data processing practices, regulatory requirements, or platform services. When material changes are made, php99 will:

• Post the updated Policy on this page with a revised "Last Revised" date.
• Notify registered users of material changes via the email address on file or via a notice displayed upon login to the php99 platform.
• Where required by the Philippine Data Privacy Act, obtain renewed consent from data subjects whose processing activities are materially affected by the changes.

Your continued use of the php99 platform following the posting of an updated Policy constitutes your acknowledgment of the revised terms. We encourage you to review this Policy periodically to stay informed about how php99 protects your personal information.

php99 has designated a Data Protection Officer (DPO) in compliance with Section 21 of the Philippine Data Privacy Act. The DPO is responsible for overseeing php99's data protection compliance programme and is the first point of contact for data subject rights requests and privacy-related concerns.

You may contact php99's Data Protection Officer or our general support team through the following channels:

• Live Chat: Available 24 hours a day, 7 days a week, via the on-site chat widget at php99.vip
• Email: [email protected] — please include "Privacy Request" in the subject line for priority routing to the DPO

php99 undertakes to acknowledge all privacy-related communications within two (2) business days and to provide a substantive response within fifteen (15) business days, in line with NPC requirements. For complaints that are not resolved to your satisfaction through php99's internal process, you have the right to escalate to the National Privacy Commission of the Philippines through their official government channels.