phlein Privacy Policy

1. Who We Are

phlein ("phlein," "we," "us," or "our") is an online gaming platform operating in the Philippines under PAGCOR regulations. This Privacy Policy applies to all personal data collected and processed by phlein through the phlein website, mobile interfaces, and any related services (collectively, the "Platform").

phlein is the data controller responsible for your personal data as defined under the Philippine Data Privacy Act of 2012 (Republic Act No. 10173, "DPA") and its Implementing Rules and Regulations. If you have any questions about how phlein handles your personal data, please contact our Data Protection Officer using the details provided in Section 13 of this Policy.

2. Personal Data We Collect

phlein collects personal data that you provide directly, data generated through your use of the Platform, and data obtained from third parties where permitted by law. The categories of personal data we collect include:

• Identity Data: Full legal name, date of birth, gender, nationality, and government-issued identification numbers (e.g., passport, driver's license, SSS, PhilSys National ID, UMID).
• Contact Data: Email address, Philippine mobile number, and residential address.
• Financial Data: GCash account details, PayMaya/Maya account details, Philippine bank account information (BPI, BDO, Metrobank, UnionBank, Landbank, PNB, Security Bank), transaction history, deposit and withdrawal records, and account balances.
• KYC & Verification Data: Copies of government-issued identification documents, proof of address, and source of funds documentation as required by PAGCOR's KYC and AML compliance framework.
• Technical Data: IP address, device identifiers, browser type and version, operating system, time zone, and login timestamps.
• Usage Data: Game history, wagering activity, session duration, pages visited, features used, and Platform interaction logs.
• Communications Data: Records of your correspondence with phlein's customer support team, including chat logs, emails, and support ticket records.
• Responsible Gaming Data: Self-exclusion requests, deposit limit settings, cooling-off period activations, and any responsible gaming assessments conducted by phlein.

phlein does not collect sensitive personal information beyond what is strictly necessary for identity verification, AML compliance, and responsible gaming obligations. phlein does not collect biometric data except where required by PAGCOR regulations for enhanced KYC verification.

3. How We Use Your Personal Data

phlein uses your personal data for the following purposes:

• Account Registration & Management: To create and manage your phlein account, verify your identity, and maintain accurate account records.
• Service Delivery: To provide access to phlein's games, process deposits and withdrawals, and deliver customer support.
• KYC & AML Compliance: To verify your identity, assess source of funds, and comply with PAGCOR's anti-money laundering and counter-terrorism financing requirements.
• Fraud Prevention & Security: To detect, investigate, and prevent fraudulent activity, unauthorized account access, and other security threats.
• Responsible Gaming: To monitor gaming activity for signs of problem gambling, enforce self-exclusion and deposit limit settings, and comply with PAGCOR's responsible gaming obligations.
• Legal & Regulatory Compliance: To comply with applicable Philippine laws, PAGCOR regulations, court orders, and requests from law enforcement or regulatory authorities.
• Platform Improvement: To analyze usage patterns, troubleshoot technical issues, and improve the functionality and user experience of the phlein Platform.
• Marketing Communications: To send you promotional offers, bonus notifications, and Platform updates where you have provided consent or where permitted by applicable law. You may opt out of marketing communications at any time.

4. Legal Basis for Processing

phlein processes your personal data on the following legal bases under the DPA and its Implementing Rules and Regulations:

• Contractual Necessity: Processing is necessary to perform the contract between you and phlein (i.e., the Terms & Conditions), including account management, game access, and payment processing.
• Legal Obligation: Processing is required to comply with phlein's legal and regulatory obligations under PAGCOR regulations, the Anti-Money Laundering Act (AMLA), and other applicable Philippine laws.
• Legitimate Interests: Processing is necessary for phlein's legitimate interests in fraud prevention, Platform security, and service improvement, provided these interests are not overridden by your rights and freedoms.
• Consent: Where phlein relies on your consent as the legal basis for processing (e.g., for marketing communications), you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

5. Sharing Your Personal Data

phlein does not sell, rent, or trade your personal data to third parties for their own commercial purposes. phlein may share your personal data with the following categories of recipients where necessary and permitted by law:

• PAGCOR and Regulatory Authorities: phlein is required to share certain player data with PAGCOR and other Philippine regulatory authorities in connection with its gaming licence obligations, AML reporting, and responsible gaming compliance.
• Payment Service Providers: phlein shares financial data with GCash, PayMaya, and Philippine banking partners solely for the purpose of processing deposits and withdrawals.
• KYC & Identity Verification Providers: phlein may use third-party identity verification services to assist with KYC compliance. These providers process your data solely on phlein's instructions.
• IT & Platform Service Providers: phlein engages third-party technology providers for hosting, security, analytics, and customer support infrastructure. All such providers are bound by data processing agreements requiring them to protect your data.
• Law Enforcement & Legal Proceedings: phlein may disclose your personal data to law enforcement agencies, courts, or other authorities where required by law or where necessary to protect phlein's legal rights.

All third parties with whom phlein shares personal data are required to implement appropriate technical and organizational security measures and to process your data only for the specified purpose.

6. Data Retention

phlein retains your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. Specifically:

• Account and KYC data is retained for a minimum of five (5) years following account closure, in accordance with PAGCOR's record-keeping requirements and the AMLA.
• Transaction records are retained for a minimum of five (5) years from the date of the transaction.
• Responsible gaming records, including self-exclusion requests, are retained for the duration of the exclusion period and for five (5) years thereafter.
• Marketing consent records are retained until you withdraw consent and for a reasonable period thereafter to demonstrate compliance.

Upon expiry of the applicable retention period, phlein will securely delete or anonymize your personal data in accordance with its data disposal procedures.

7. Cookies & Tracking Technologies

phlein uses cookies, web beacons, and similar tracking technologies on the Platform to enhance your user experience, remember your preferences, maintain your session, and analyze Platform usage. The types of cookies phlein uses include:

• Strictly Necessary Cookies: Essential for the Platform to function correctly, including session management and security features. These cannot be disabled.
• Functional Cookies: Remember your preferences, such as language settings and display options, to personalize your experience.
• Analytics Cookies: Collect aggregated, anonymized data about how users interact with the Platform to help phlein improve its services.
• Marketing Cookies: Used to deliver relevant promotional content to you based on your interests and Platform activity, where you have provided consent.

You can manage or disable non-essential cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform. For more information about managing cookies, refer to your browser's help documentation.

8. Data Security

phlein implements appropriate technical and organizational security measures to protect your personal data against unauthorized access, accidental loss, destruction, or disclosure. These measures include:

• Transport Layer Security (TLS/SSL) encryption for all data transmitted between your device and the phlein Platform.
• Encryption of sensitive data at rest, including financial information and identification documents.
• Role-based access controls limiting access to personal data to authorized phlein personnel on a need-to-know basis.
• Regular security assessments, penetration testing, and vulnerability management.
• Incident response procedures for detecting, reporting, and managing personal data breaches in accordance with the DPA's breach notification requirements.

While phlein takes all reasonable steps to protect your personal data, no method of electronic transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your phlein account credentials and for notifying phlein immediately if you suspect unauthorized access to your account.

9. Your Rights as a Data Subject

Under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data held by phlein:

• Right to be Informed: The right to be informed about how your personal data is collected and processed, as set out in this Privacy Policy.
• Right of Access: The right to request a copy of the personal data phlein holds about you.
• Right to Rectification: The right to request correction of inaccurate or incomplete personal data.
• Right to Erasure: The right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to phlein's legal retention obligations.
• Right to Object: The right to object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interests.
• Right to Data Portability: The right to receive your personal data in a structured, commonly used format where technically feasible.
• Right to Lodge a Complaint: The right to lodge a complaint with the National Privacy Commission (NPC) if you believe phlein has violated your data privacy rights.

To exercise any of these rights, please contact phlein's Data Protection Officer using the contact details in Section 13. phlein will respond to all data subject requests within thirty (30) days of receipt, subject to identity verification requirements.

10. Children's Privacy

phlein's Platform is strictly intended for persons aged 21 years and above, in compliance with Philippine gaming regulations. phlein does not knowingly collect personal data from persons under the age of 21. If phlein becomes aware that personal data has been collected from a person under 21, phlein will immediately close the relevant account and delete the associated personal data. If you believe that phlein may have inadvertently collected data from a person under 21, please contact phlein's Data Protection Officer immediately.

11. International Data Transfers

phlein primarily processes and stores personal data within the Philippines. Where phlein engages third-party service providers located outside the Philippines (for example, cloud infrastructure or technology providers), phlein ensures that appropriate safeguards are in place to protect your personal data in accordance with the DPA's requirements for cross-border data transfers. These safeguards may include contractual clauses approved by the National Privacy Commission or equivalent data protection standards.

12. Changes to This Privacy Policy

phlein reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, legal requirements, or Platform features. Where changes are material, phlein will notify registered players via email or a prominent notice on the Platform prior to the changes taking effect. The "Last Updated" date at the top of this Policy indicates when it was most recently revised. Your continued use of the Platform following the effective date of any amendment constitutes your acceptance of the revised Privacy Policy.

13. Contact & Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or phlein's data processing practices, please contact phlein's Data Protection Officer:

Data Protection Officer – phlein
Email: [email protected]
General Support: [email protected]

phlein will acknowledge all privacy-related inquiries within five (5) business days and will endeavour to resolve all requests within thirty (30) days. If you are not satisfied with phlein's response, you have the right to lodge a complaint with the National Privacy Commission of the Philippines (NPC).