phiwin Privacy Policy

Last Updated: June 2026

1. About This Policy

This Privacy Policy ("Policy") is issued by phiwin ("phiwin," "we," "us," or "our"), the operator of the online gaming platform accessible at phiwin.club. This Policy governs the collection, use, disclosure, storage, and protection of personal data relating to individuals ("you" or "User") who register an account, access, or otherwise interact with the phiwin Platform.

phiwin is committed to complying with the Republic Act No. 10173, known as the Data Privacy Act of 2012 (DPA) of the Philippines, its Implementing Rules and Regulations, and the directives of the National Privacy Commission (NPC). This Policy is drafted to inform you of your rights and our obligations under Philippine data protection law.

2. Information We Collect

phiwin collects personal data necessary to provide its services, comply with legal obligations, and maintain the security and integrity of the Platform. The categories of data we collect include:

2.1 Registration & Identity Data

• Full legal name as it appears on a government-issued ID
• Date of birth (to verify the 21+ age requirement under PAGCOR regulations)
• Philippine mobile number and email address
• Residential address (city, province, postal code)
• Username and encrypted account credentials

2.2 Identity Verification (KYC) Data

• Government-issued photo ID (e.g., Philippine passport, PhilSys ID, SSS ID, driver's license, PRC ID)
• Selfie photographs submitted during identity verification
• Proof of payment method ownership

2.3 Financial & Transaction Data

• Deposit and withdrawal history, amounts, and timestamps
• Payment method identifiers (e.g., GCash mobile number, Maya account reference — full account numbers are not stored by phiwin)
• Bonus credits, wagering activity, and balance records

2.4 Technical & Device Data

• IP address and approximate geographic location derived from IP
• Device type, operating system, and browser information
• Session timestamps, login history, and access logs
• Cookie identifiers and similar tracking data (see Section 6)

2.5 Gameplay Data

• Game session records, bet amounts, outcomes, and session durations
• Responsible gaming tool usage (deposit limits, self-exclusion requests, cooling-off periods)
• Customer support interaction records and correspondence history

2.6 Communications Data

• Support chat transcripts and email correspondence with phiwin
• Responses to surveys or feedback requests (if voluntarily submitted)

3. How We Use Your Information

phiwin uses collected personal data for the following purposes:

• Account creation and management: To register your phiwin account, authenticate your identity at login, and maintain your account in good standing.
• Age and identity verification: To confirm that you meet the 21+ age requirement and that your identity is genuine, in compliance with PAGCOR regulatory obligations.
• Payment processing: To facilitate GCash, Maya, BPI, BDO, and other deposits and withdrawals accurately and securely.
• Legal compliance: To meet anti-money laundering (AML), counter-terrorism financing (CTF), and other regulatory requirements applicable to Philippine online gaming operators.
• Platform security and fraud prevention: To detect unauthorized account access, identify prohibited conduct, and protect the integrity of the phiwin Platform.
• Customer support: To respond to your inquiries, process complaints, and resolve disputes.
• Responsible gaming: To implement deposit limits, self-exclusion requests, and cooling-off periods when requested, and to monitor for problem gaming indicators.
• Service improvement: To analyze aggregated usage data and improve the phiwin Platform's performance, game library, and user experience for Filipino players.
• Marketing communications: To send promotional offers, bonus notifications, and platform updates — only where you have consented to receive such communications, and with an opt-out available at all times.

4. Legal Basis for Processing

Under the Data Privacy Act of 2012, phiwin processes your personal data on the following lawful grounds:

• Consent: For marketing communications and optional data processing activities, where you have provided explicit consent.
• Contractual necessity: For processing required to provide the services described in our Terms & Conditions, including account management, payment processing, and gameplay.
• Legal obligation: For processing required to comply with PAGCOR regulations, AML/CTF obligations, tax reporting requirements, and NPC directives.
• Legitimate interest: For fraud prevention, platform security, and responsible gaming monitoring — where phiwin's legitimate interests do not override your fundamental rights.

5. Sharing of Personal Data

phiwin does not sell your personal data to third parties. We may share your personal data with the following categories of recipients, strictly as necessary:

• Payment service providers: GCash (GXI), Maya (Voyager Innovations), and banking partners, solely for the purpose of processing deposits and withdrawals.
• Identity verification services: Third-party KYC and AML screening providers engaged to perform identity and document verification.
• Game content providers: Game software providers who supply games available on phiwin. These providers receive session data necessary to operate their games but are contractually prohibited from using it for any other purpose.
• Regulatory authorities: PAGCOR, the National Privacy Commission, the Anti-Money Laundering Council (AMLC), and other Philippine government bodies, where disclosure is required by law or regulatory order.
• IT infrastructure providers: Hosting, cloud, and cybersecurity service providers operating under data processing agreements with phiwin.

All third parties with whom phiwin shares personal data are required to maintain appropriate technical and organizational security measures and are prohibited from processing your data for their own independent purposes.

6. Cookies & Tracking Technologies

phiwin uses cookies and similar technologies to operate the Platform, remember your preferences, maintain your session, and analyze Platform usage. The types of cookies used include:

• Essential cookies: Required for the Platform to function — session management, login state, and security tokens. These cannot be disabled.
• Functional cookies: Store your preferences such as language settings, display options, and recently played games.
• Analytics cookies: Collect aggregated, anonymized data about how users navigate the Platform to help phiwin improve its services.
• Marketing cookies: Used only where you have provided consent, to measure the effectiveness of phiwin promotions.

You may adjust your cookie preferences through your browser settings. Disabling non-essential cookies will not prevent you from using the phiwin Platform, but may affect some functionality.

7. Data Retention

phiwin retains personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable Philippine law. Specific retention periods include:

• Active account data: Retained for the duration of your phiwin account and for a minimum of five (5) years after account closure, in compliance with PAGCOR and AMLC record-keeping requirements.
• KYC documents: Retained for a minimum of five (5) years from submission, or longer if required by law.
• Financial transaction records: Retained for a minimum of five (5) years in compliance with anti-money laundering regulations.
• Support correspondence: Retained for three (3) years from the date of last interaction.
• Marketing consent records: Retained until withdrawal of consent plus one (1) year.

After applicable retention periods have elapsed, personal data is securely deleted or anonymized in accordance with phiwin's data disposal procedures.

8. Data Security

phiwin implements appropriate technical and organizational security measures to protect your personal data against unauthorized access, accidental loss, destruction, or disclosure. These measures include:

• 256-bit SSL/TLS encryption on all data in transit between your device and phiwin's servers
• Encryption of sensitive data at rest, including identity documents and payment references
• Access controls limiting internal staff access to personal data on a strict need-to-know basis
• Regular security assessments and penetration testing
• Two-factor authentication available and encouraged for all phiwin accounts
• Incident response procedures to detect, report, and respond to personal data breaches in accordance with NPC notification requirements

9. Your Rights Under Philippine Law

As a data subject under the Data Privacy Act of 2012, you have the following rights with respect to your personal data held by phiwin:

To exercise any of the above rights, contact phiwin's Data Protection Officer using the contact details in Section 14 below.

10. Children & Minors

The phiwin Platform is strictly intended for individuals aged 21 years and above. phiwin does not knowingly collect personal data from individuals under 21. Age verification checks are conducted during registration and KYC processes. If phiwin discovers that personal data has been collected from a person under 21, the account will be suspended immediately, any funds will be returned where legally permissible, and the associated data will be deleted or reported to the appropriate authority.

11. Cross-Border Data Transfers

phiwin may engage service providers located outside the Philippines for hosting, KYC verification, or technical support purposes. Where personal data is transferred outside the Philippines, phiwin ensures that such transfers comply with the requirements of the Data Privacy Act of 2012, including the requirement that the recipient country or organization provides an adequate level of protection equivalent to Philippine data protection standards, or that appropriate contractual safeguards (such as data processing agreements) are in place.

12. Third-Party Services

The phiwin Platform may reference or interact with third-party services such as payment processors (GCash, Maya, BPI, BDO) and game content providers. phiwin is not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party service you interact with through the phiwin Platform.

13. Changes to This Policy

phiwin may update this Privacy Policy from time to time to reflect changes in our data practices, legal obligations, or Platform functionality. Material changes will be communicated via the email address associated with your phiwin account or via a notice on the Platform prior to the effective date of the change. Your continued use of the phiwin Platform following notification of a change constitutes your acceptance of the revised Policy. If you do not accept the revised Policy, you must cease using the Platform and may request account closure.

14. Contact & Data Requests

For any questions about this Privacy Policy, to exercise your data subject rights, or to contact phiwin's Data Protection Officer, please reach out through the following channels:

• Live Chat: Available 24/7 directly on the phiwin Platform
• Email: [email protected]
• Subject line for data requests: "Data Privacy Request – [Your Registered Name]"

phiwin aims to acknowledge all data privacy requests within 72 hours and resolve them within 30 calendar days of receipt, in accordance with NPC guidelines.