phpgroup Privacy Policy

This Privacy Policy applies to all personal data collected and processed by phpgroup in connection with the operation of its online casino and sports betting platform accessible at phpgroup.co, including all associated pages, subdomains, mobile-optimized interfaces, and any communications phpgroup sends to registered players or prospective users.

phpgroup is committed to protecting the privacy and personal data of all individuals who interact with the platform — whether as registered players, visitors browsing the website, or individuals who have contacted phpgroup's support team without creating an account. This Policy sets out clearly what data phpgroup collects, why it collects it, who it may share it with, how long it is kept, and what rights you have over it.

This Policy is to be read together with the phpgroup Terms and Conditions, which govern the overall relationship between phpgroup and its players. In the event of a conflict between this Policy and the Terms and Conditions on a privacy matter, this Policy shall prevail.

For the purposes of the Data Privacy Act of 2012 (RA 10173) and its Implementing Rules and Regulations, phpgroup acts as the Personal Information Controller (PIC) with respect to the personal data of all players and users of the phpgroup platform.

As Personal Information Controller, phpgroup determines the purpose and means of processing your personal data and is responsible for ensuring that such processing complies with RA 10173 and the directives of the National Privacy Commission of the Philippines.

phpgroup has designated a Data Privacy Officer (DPO) as required by RA 10173. The DPO is responsible for overseeing phpgroup's data privacy compliance program, handling data subject requests and complaints, and serving as the primary point of contact with the National Privacy Commission. Contact details for the DPO are provided in Section 15 of this Policy.

phpgroup collects the following categories of personal data from players and users of the platform:

• IP address, device type, operating system, browser type and version
• Login timestamps, session duration, pages visited on the phpgroup platform
• Geolocation data (country/region level) derived from IP address
• Game preference history, bet frequency, and session patterns (used for responsible gaming monitoring)
• Communication logs when you contact phpgroup support via live chat or email

phpgroup collects personal data through the following primary channels:

Information you provide directly to phpgroup when you register for an account, complete KYC verification, make a deposit or withdrawal request, contact support, or participate in phpgroup promotions. This includes all information entered into account registration forms, verification submission portals, and support chat conversations.

phpgroup automatically collects technical and behavioral data through the use of cookies, web beacons, server logs, and similar tracking technologies when you access and interact with the phpgroup platform. This automated collection occurs without requiring any action on your part beyond accessing the website or application. Please refer to Section 9 of this Policy for full details on phpgroup's use of cookies and tracking technologies.

phpgroup may receive data about you from third parties in limited circumstances, including: identity verification service providers used to assist with KYC processing; payment processing partners (GCash, PayMaya, BPI, BDO, Metrobank) who confirm transaction status; and fraud prevention and AML screening services who provide risk signals related to your account or transactions. phpgroup does not purchase personal data from data brokers.

Under RA 10173, phpgroup processes your personal data under one or more of the following lawful bases depending on the processing activity involved:

• Consent: Where you have given your freely given, specific, informed, and unambiguous consent to the processing, such as subscribing to phpgroup promotional communications or enabling optional personalization features.
• Contract Performance: Processing necessary for phpgroup to fulfill its obligations under the player agreement — including account creation, transaction processing, game provision, and customer support.
• Legal Obligation: Processing required to comply with applicable Philippine laws, including PAGCOR licensing requirements, the Anti-Money Laundering Act (AMLA), RA 10173, and other financial and gaming regulations applicable to phpgroup's operations.
• Legitimate Interests: Processing necessary for phpgroup's legitimate business interests, such as fraud prevention, security monitoring, platform improvement, and responsible gaming risk assessment — provided these interests are not overridden by your own data protection rights.

phpgroup uses the personal data collected for the following specific purposes:

• Account Registration & Management: Creating and maintaining your phpgroup player account, verifying your identity and age eligibility (21+), managing your authentication credentials, and enabling access to the platform.
• Payment Processing: Facilitating deposits and withdrawals via GCash, PayMaya, BPI, BDO, and Metrobank; maintaining accurate PHP balance records; and generating transaction confirmations.
• Game Provision & Platform Operation: Delivering casino games, sports betting, bingo, and fishing games; maintaining game session records; and resolving game disputes using logged data.
• Regulatory Compliance: Fulfilling PAGCOR licensing obligations, AML/CTF monitoring requirements, KYC record-keeping, and reporting obligations to relevant Philippine government authorities.
• Fraud Prevention & Security: Detecting and preventing unauthorized account access, fraudulent transactions, bonus abuse, money laundering, and other activities that violate phpgroup's Terms and Conditions or Philippine law.
• Responsible Gaming: Monitoring betting patterns to identify signs of potential problem gambling; applying deposit limits, cooling-off periods, and self-exclusions; and providing responsible gaming interventions where appropriate.
• Customer Support: Responding to your inquiries, resolving account issues, and maintaining records of support interactions for quality assurance.
• Marketing Communications: Sending promotional offers, bonus notifications, and platform updates to players who have consented to receive such communications. You may withdraw consent at any time via your phpgroup account settings or by contacting support.
• Platform Improvement: Analyzing aggregated and anonymized usage data to improve phpgroup's interface, game selection, and overall player experience.

phpgroup does not sell, rent, or trade your personal data. phpgroup shares personal data with third parties only in the following strictly limited circumstances:

phpgroup shares necessary data with third-party service providers who assist in operating the platform — including game studios (Pragmatic Play, Evolution Gaming, PG Soft, and others), payment gateway operators, KYC verification service providers, cloud infrastructure providers, and customer support technology vendors. All such providers are bound by data processing agreements that restrict their use of phpgroup player data to the specific services they provide.

phpgroup is required by law to disclose certain player data to PAGCOR and other relevant Philippine government agencies (including the Anti-Money Laundering Council, the Bureau of Internal Revenue, and law enforcement agencies) where required by applicable law, regulation, court order, or lawful demand. phpgroup will notify affected players of such disclosures where legally permitted to do so.

In the event of a merger, acquisition, or transfer of all or substantially all of phpgroup's business assets, player personal data may be transferred to the acquiring entity. phpgroup will notify affected players of any such transfer and the acquiring entity will be bound by the same privacy obligations as set out in this Policy.

Some of phpgroup's service providers — including licensed game studios and cloud infrastructure providers — may process data outside the Philippines. Where such international transfers occur, phpgroup ensures that appropriate safeguards are in place to protect your personal data in accordance with RA 10173 and NPC guidelines on cross-border data flows.

These safeguards may include contractual clauses in data processing agreements requiring the recipient to maintain data protection standards equivalent to those required under Philippine law, or transferring data only to countries or organizations recognized as providing adequate data protection by the National Privacy Commission.

phpgroup maintains a current record of all international data transfers and the safeguards applied to each, available to the Data Privacy Officer upon request from the NPC or in response to a data subject inquiry.

phpgroup uses cookies and similar tracking technologies to operate and improve the platform. A cookie is a small text file placed on your device by the phpgroup website when you visit. Cookies allow phpgroup to recognize your device, maintain your login session, and remember your platform preferences.

• Strictly Necessary Cookies: Required for the phpgroup platform to function. These include session cookies that maintain your authenticated login state and security cookies that protect against CSRF attacks. These cannot be disabled.
• Functional Cookies: Used to remember your phpgroup preferences — such as language settings, game lobby filters, and notification settings — so you don't have to re-configure them on each visit.
• Analytics Cookies: phpgroup uses privacy-respecting analytics tools to understand aggregate platform usage patterns, including which games are most popular, average session lengths, and common navigation paths. This data is used in anonymized, aggregate form only.
• Marketing Cookies: Used only where you have given explicit consent, to personalize phpgroup promotional content shown to you based on your game preferences and platform activity.

You can manage non-essential cookie preferences through the phpgroup cookie settings panel accessible from the platform footer. Please note that disabling functional cookies may affect the phpgroup user experience. Disabling strictly necessary cookies will prevent the phpgroup platform from functioning.

phpgroup retains your personal data for no longer than is necessary for the purposes for which it was collected, or as required by applicable Philippine law. The following retention periods apply:

Upon expiry of the applicable retention period, phpgroup will securely delete or anonymize your personal data in accordance with its data destruction protocols. Data subject to an active regulatory inquiry, legal proceedings, or dispute will be retained until the matter is fully resolved.

Under the Data Privacy Act of 2012 (RA 10173), all phpgroup players who are Philippine residents or data subjects hold the following rights in relation to their personal data:

To exercise any of these rights, submit a written request to phpgroup's Data Privacy Officer at the contact details in Section 15. phpgroup will acknowledge your request within three (3) business days and provide a substantive response within fifteen (15) business days, consistent with NPC requirements. There is no fee for exercising data subject rights. Where a request is complex or numerous, phpgroup may extend the response period by a further fifteen (15) business days with notification to you.

If you are dissatisfied with phpgroup's response to your data subject request, you have the right to lodge a complaint with the National Privacy Commission of the Philippines.

phpgroup implements a comprehensive set of technical, organizational, and physical security measures designed to protect your personal data against unauthorized access, disclosure, alteration, loss, or destruction. These measures are reviewed and updated regularly to address evolving security threats.

• 256-bit SSL/TLS encryption for all data in transit between your device and phpgroup servers
• Encryption at rest for sensitive personal data including passwords (bcrypt hashing), payment details, and government ID documents
• Multi-factor authentication (MFA) on all phpgroup administrative systems
• Automated intrusion detection and anomaly monitoring systems
• Regular penetration testing and vulnerability assessments by qualified security professionals
• Web application firewall (WAF) protection on all phpgroup-facing systems

• Role-based access control limiting employee access to personal data on a strict need-to-know basis
• Mandatory data privacy training for all phpgroup personnel with access to personal data
• Formal data breach response plan with NPC notification procedures consistent with RA 10173
• Due diligence and contractual obligations imposed on all third-party data processors
• Annual independent privacy compliance review by phpgroup's Data Privacy Officer

phpgroup's services are strictly intended for individuals aged 21 years and above, consistent with PAGCOR regulations governing casino-style gaming in the Philippines. phpgroup does not knowingly collect, process, or store personal data from individuals under the age of 21.

phpgroup verifies the age of all players as part of the mandatory KYC process. If phpgroup becomes aware that it has inadvertently collected personal data from an individual under 21, it will immediately close the relevant account, void any associated transactions, return any deposited funds, and securely delete all personal data associated with that individual.

If you have reason to believe that a minor under 21 has registered on phpgroup or has provided personal data to the platform, please contact phpgroup's Data Privacy Officer immediately at the contact details provided in Section 15.

phpgroup reserves the right to update or amend this Privacy Policy at any time to reflect changes in data processing activities, applicable law, regulatory requirements, or platform operations. Any material changes to this Policy will be communicated to registered players via the email address or mobile number on their phpgroup account, and the updated Policy will be posted on this page with a revised effective date.

For non-material changes — such as clarifications, typographical corrections, or editorial improvements that do not alter your substantive rights — phpgroup may update the Policy without individual notification. The current version will always be accessible at phpgroup.co/privacy-policy.

Your continued use of the phpgroup platform following notification of a material Policy update constitutes your acknowledgment of and agreement to the revised Privacy Policy. If you do not agree with any changes to this Policy, you should cease using phpgroup and may request account closure in accordance with the phpgroup Terms and Conditions.

For all inquiries, data subject requests, privacy complaints, or concerns relating to phpgroup's data processing practices, please contact phpgroup's Data Privacy Officer using the details below. When submitting a data subject request, please include your registered phpgroup username or mobile number and a clear description of your request to allow efficient processing.

• Email: [email protected] — include "DPO Request" in the subject line for privacy matters.
• Live Chat: phpgroup's 24/7 live chat service — select "Privacy / Data Request" as the inquiry category.

phpgroup's DPO will acknowledge receipt of all privacy requests within three (3) business days. Where a data subject is unsatisfied with phpgroup's response, they have the right to escalate the matter to the National Privacy Commission of the Philippines. phpgroup fully cooperates with all NPC inquiries and investigations.

For general account support unrelated to privacy matters, please use the standard phpgroup support channels available via live chat on the platform. The phpgroup FAQ page also contains answers to common questions about account management, deposits, and withdrawals.