ph655 Privacy Policy

The data controller responsible for your personal information is ph655, the operator of the online gaming platform accessible at ph655.org. ph655 is registered with the National Privacy Commission (NPC) of the Philippines as a personal information controller in accordance with the requirements of Republic Act No. 10173 (Data Privacy Act of 2012) and its Implementing Rules and Regulations.

ph655 determines the purposes and means of processing your personal data in connection with the delivery of its Services, including the casino, sports betting, bingo, payment processing, loyalty program, and customer support functions. Where third-party service providers process data on behalf of ph655, they do so as personal information processors under contractual data processing agreements that require compliance with the same data protection standards applied by ph655.

All data privacy inquiries, subject access requests, and complaints should be directed to the ph655 Data Privacy Officer at the contact details set out in Section 13 of this Policy.

ph655 collects personal data from multiple sources in the course of providing its Services. The categories of data collected, the source, and the purpose for collection are summarised below:

2.1 Data You Provide Directly

• Registration data: Full legal name, date of birth, email address, mobile number, and chosen username collected at account registration;
• KYC and identity verification data: Government-issued ID (passport, driver's licence, UMID, SSS ID, PhilSys ID), selfie or live photo, proof of address documents, and taxpayer identification number where required;
• Payment information: GCash mobile number, PayMaya account details, bank account information (BDO, BPI, Metrobank), and payment card details — processed through certified payment gateways and not stored in full by ph655 in its primary databases;
• Communications data: Content of customer support interactions via live chat or email, including any personal data you disclose voluntarily during those interactions;
• Responsible gaming data: Deposit limits, session limits, self-exclusion requests, and responsible gaming questionnaire responses submitted through account settings.

2.2 Data Collected Automatically

• Technical data: IP address, device type, operating system, browser type and version, screen resolution, and connection type;
• Usage data: Pages visited, time spent on each page, game sessions initiated and completed, features accessed, and navigation paths within the platform;
• Gaming history: All wagering activity including game titles played, bet amounts, game outcomes, session durations, and cumulative win/loss records;
• Transaction data: Deposit and withdrawal amounts, dates, payment methods used, and transaction reference numbers;
• Cookies and similar technologies: Session identifiers, preference cookies, and analytics data as detailed in Section 6.

2.3 Data Obtained from Third Parties

• Identity verification providers: Results of automated and manual identity verification checks performed by KYC service providers;
• Payment processors: Transaction status updates, fraud screening results, and chargeback notifications from payment service providers;
• Regulatory and law enforcement sources: Sanctions list data, politically exposed persons (PEP) database checks, and adverse media screening results required for AML compliance under RA 9160.

ph655 processes your personal data only where a lawful basis exists under the Data Privacy Act of 2012. The applicable legal bases for ph655's processing activities are as follows:

• Performance of a Contract (Section 12(b), RA 10173): Processing necessary to register your account, verify your identity, process deposits and withdrawals, maintain your game history, and deliver the ph655 Services you have contracted for;
• Compliance with a Legal Obligation (Section 12(c), RA 10173): Processing required to comply with PAGCOR regulatory requirements, obligations under RA 9160 (Anti-Money Laundering Act), RA 10927 (casino-specific AML provisions), the National Internal Revenue Code, and other applicable Philippine legislation;
• Legitimate Interests (Section 12(f), RA 10173): Processing for fraud prevention, platform security, responsible gaming monitoring, customer support improvement, and the compilation of aggregated analytics — where such processing does not override your fundamental rights and freedoms;
• Consent (Section 12(a), RA 10173): Processing for marketing communications, promotional offers, and non-essential analytics — where consent has been obtained and can be freely withdrawn at any time without detriment to your ability to access ph655 Services.

ph655 uses collected personal data for the following specific purposes, each tied to a defined legal basis:

4.1 Account Administration and Service Delivery

Your identity, contact, and payment data are used to create and maintain your ph655 account, process transactions, credit bonuses, maintain your loyalty points balance, provide access to all platform features, and deliver the core ph655 gaming experience to registered players in the Philippines.

4.2 Identity Verification and KYC Compliance

ph655 is legally required by PAGCOR and RA 9160 to verify the identity of all players before processing withdrawals and to conduct ongoing customer due diligence. Your identity documents, date of birth, and associated personal data are processed for this mandatory regulatory purpose. Age verification is a component of this process — confirming that all players are 21 years of age or older in compliance with PAGCOR's minimum age requirement.

4.3 Financial Transaction Processing

Payment data is used exclusively to process deposits and withdrawals through your nominated payment methods (GCash, PayMaya, BDO, BPI, Metrobank, Visa, Mastercard). ph655 does not store full payment card numbers in its primary databases. Payment data is processed through certified and tokenised payment gateways.

4.4 Fraud Prevention and Security

Technical data, gaming activity, and behavioural analytics are used to detect and prevent fraudulent account activity, unauthorised access attempts, collusion, bonus abuse, money laundering, and other prohibited conduct as defined in the ph655 Terms and Conditions. Suspicious activity is reported to relevant Philippine authorities as required by law.

4.5 Responsible Gaming Monitoring

Gaming history, session data, and voluntary self-assessment information are processed to identify playing patterns that may indicate problem gambling behaviour. ph655 may use this analysis to proactively contact players with responsible gaming information, enforce requested limits, or apply protective restrictions where required by PAGCOR guidelines.

4.6 Customer Support

Communication data from live chat and email interactions is used to resolve your support inquiries, maintain a record of the assistance provided, improve support processes, and train the ph655 support team. Support records are retained for a period of three (3) years from the date of the interaction.

4.7 Marketing and Promotional Communications

With your consent, ph655 may use your contact details and gaming preferences to send you promotional offers, bonus notifications, new game announcements, and loyalty program updates via email or SMS. You may withdraw consent for marketing communications at any time through account settings or by contacting support, without affecting your access to the platform.

ph655 does not sell, rent, or trade your personal data to third parties for their own commercial purposes. Data is shared only in the following specific and limited circumstances:

5.1 Service Providers (Personal Information Processors)

ph655 engages third-party service providers who process personal data strictly on our behalf and under data processing agreements that bind them to the same data protection standards. These processors include KYC and identity verification providers, payment gateway operators (processing GCash, PayMaya, and bank transfers), game software providers with access to aggregated gameplay data, cloud infrastructure providers, and customer support platform operators.

5.2 Regulatory and Legal Authorities

ph655 is required by Philippine law to disclose personal data to regulatory authorities including PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and law enforcement agencies when required to do so by lawful process, court order, or regulatory directive. Such disclosures are made without prior notice to the data subject where legally required, such as in active investigations of financial crimes.

5.3 Group Companies and Affiliates

Personal data may be shared within the ph655 corporate group for internal administrative purposes, consolidated compliance reporting, and the delivery of shared technical infrastructure, subject to the same data protection standards and legal bases that govern external processing.

5.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets involving ph655, personal data held by ph655 may be transferred to the acquiring entity as part of that transaction, subject to the acquiring entity assuming equivalent data protection obligations. Affected players will be notified in advance of any such transfer to the extent required by applicable law.

ph655 uses cookies and similar technologies on the ph655.org platform. A cookie is a small text file placed on your device by your browser when you visit the platform. ph655 uses the following categories of cookies:

• Essential Cookies: Strictly necessary for the operation of the platform — maintaining your login session, remembering your language preferences, and enabling security features. These cookies cannot be disabled without impacting core platform functionality;
• Functional Cookies: Store your preferences (such as game display settings and notification preferences) to personalise your experience on ph655;
• Analytics Cookies: Collect aggregated, anonymised data about how players navigate the platform — which pages are visited most, how long sessions last, and where navigation bottlenecks occur. This data is used to improve platform performance and user experience;
• Session Integrity Cookies: Verify the authenticity of login sessions and protect against cross-site request forgery (CSRF) attacks. These are security cookies and cannot be disabled.

ph655 does not use third-party advertising or behavioural tracking cookies that profile you across websites outside of ph655.org. You may manage your cookie preferences through your browser settings. Note that disabling essential cookies will impair or prevent access to platform features including ph655 Login.

ph655 retains personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable Philippine law. The following retention periods apply:

• Active account data: Retained for the duration of your account relationship with ph655 plus five (5) years following account closure, to comply with PAGCOR regulatory requirements and AMLC record-keeping obligations under RA 9160;
• KYC and identity verification documents: Retained for a minimum of five (5) years from the date of the most recent transaction on the account, in compliance with anti-money laundering record-keeping requirements;
• Gaming and transaction history: Retained for five (5) years from the date of each transaction or game session, for regulatory, compliance, and dispute resolution purposes;
• Customer support records: Retained for three (3) years from the date of the interaction;
• Marketing consent records: Retained for three (3) years from the date consent was given or last refreshed, to evidence the lawful basis for marketing communications;
• Technical and log data: Retained for up to twelve (12) months for security monitoring and fraud investigation purposes, after which they are anonymised or deleted.

At the conclusion of the applicable retention period, personal data is securely deleted or irreversibly anonymised in accordance with ph655's data deletion procedures. You may request early erasure of data in certain circumstances as described in Section 10.

ph655 implements technical and organisational security measures designed to protect your personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures include:

• Encryption in transit: All data transmitted between your device and ph655 servers is encrypted using 256-bit SSL/TLS, including ph655 Login credentials, payment information, and KYC documents;
• Encryption at rest: Sensitive data fields — including passwords (stored as salted hashes), payment identifiers, and identity document references — are encrypted in ph655 databases;
• Access controls: Access to personal data within ph655's internal systems is restricted on a need-to-know basis. Staff access is logged, monitored, and reviewed regularly;
• Two-factor authentication: Internal administrative systems require multi-factor authentication for all staff with access to personal data;
• Regular security audits: ph655 conducts periodic penetration testing, vulnerability assessments, and security code reviews of platform infrastructure;
• Incident response procedures: ph655 maintains a formal data breach response procedure. In the event of a personal data breach that poses risk to data subjects, ph655 will notify the National Privacy Commission within 72 hours of becoming aware of the breach, and will notify affected data subjects without undue delay, as required by NPC Circular 16-03.

ph655 primarily stores and processes personal data on servers located within the Philippines or in jurisdictions that provide an adequate level of data protection as assessed by the National Privacy Commission. In cases where data is processed by service providers operating infrastructure outside the Philippines — such as global cloud infrastructure providers or international KYC verification services — ph655 ensures appropriate safeguards are in place through:

• Standard contractual clauses approved by the NPC or equivalent international data protection authorities;
• Contractual data processing agreements requiring the service provider to apply data protection standards at least equivalent to those required by RA 10173;
• Assessments of the adequacy of data protection laws in the destination country prior to transfer approval.

ph655 does not transfer personal data to jurisdictions that are listed on AMLC's high-risk or non-cooperative jurisdictions list, and takes additional safeguards when processing data in jurisdictions with less developed data protection frameworks.

You may request information about the specific safeguards in place for any cross-border transfer of your personal data by contacting the ph655 Data Privacy Officer at the details in Section 13.

As a data subject under the Data Privacy Act of 2012, you hold the following rights with respect to your personal data held by ph655. ph655 will respond to all valid rights requests within thirty (30) calendar days of receipt, or within a reasonable extension period where the complexity of the request requires it:

To exercise any of these rights, please submit a written request to the ph655 Data Privacy Officer at [email protected] with the subject line "Data Subject Rights Request." ph655 may require identity verification before processing your request to protect against unauthorised access to your personal data.

ph655 is strictly an adult gaming platform. In compliance with PAGCOR regulations and the Terms and Conditions of ph655, the platform is available only to individuals who are 21 years of age or older. ph655 does not knowingly collect personal data from individuals under the age of 21.

Age verification is performed during the account registration process and as part of KYC verification prior to first withdrawal. Accounts found to belong to individuals under the age of 21 are terminated immediately, and any associated personal data is deleted or retained only to the minimum extent required for compliance and fraud prevention purposes.

If ph655 becomes aware that personal data has been collected from an individual under the age of 21 without parental or guardian consent, ph655 will take immediate steps to delete that data and terminate the associated account. If you believe a minor has registered on ph655, please contact the ph655 Data Privacy Officer immediately at [email protected].

ph655 reviews this Privacy Policy at least annually and updates it whenever material changes to data processing activities, applicable law, or regulatory guidance require disclosure. Material changes include alterations to the categories of personal data collected, new purposes for which existing data is used, new categories of third parties with whom data is shared, or changes to data retention periods.

Notification of material amendments will be provided to registered players via the email address associated with their ph655 account at least seven (7) calendar days before the amendment takes effect. For non-material amendments — such as typographical corrections or clarifications that do not alter the substance of ph655's data processing practices — updates will be made to this page without prior notice, with the version number and effective date updated accordingly.

Your continued use of the ph655 platform following the effective date of an amended Privacy Policy constitutes acknowledgment of the updated terms. If you object to any amendment, your options are to exercise your right to object to the specific processing activities affected, or to close your ph655 account and request deletion of your data in accordance with Section 10.

Previous versions of this Privacy Policy are available from the ph655 Data Privacy Officer on request.

ph655 has designated a Data Privacy Officer (DPO) in accordance with Section 21 of RA 10173 and NPC Circular 17-01. The DPO is responsible for ensuring ph655's compliance with the Data Privacy Act, handling data subject rights requests, responding to NPC inquiries, and maintaining ph655's registration with the National Privacy Commission.

To exercise your data subject rights, submit a privacy complaint, or ask any questions regarding this Privacy Policy or ph655's data processing practices, please contact the ph655 Data Privacy Officer using the following details:

• Email: [email protected] — Subject line: "Data Privacy Inquiry" or "Data Subject Rights Request"
• Response Commitment: ph655 will acknowledge receipt of your inquiry within two (2) business days and provide a substantive response within thirty (30) calendar days, or within an extended period not exceeding sixty (60) days for complex requests
• NPC Complaint: If you are not satisfied with ph655's response to your data privacy concern, you may file a complaint with the National Privacy Commission of the Philippines through the NPC's official channels