php22 Privacy Policy

1 Introduction

php22 takes your privacy seriously. As a PAGCOR-licensed online gaming operator serving Filipino players across the Philippines — from Metro Manila to Cebu, Davao, Iloilo, and beyond — php22 is committed to handling your personal data with transparency, integrity, and care.

This Policy applies to all personal data collected through the php22 website (php22.vip), mobile web platform, customer support channels, and any other php22 service. It applies to all registered players and to visitors who access the php22 website without registering.

This Policy should be read alongside php22's Terms & Conditions (php22.vip/terms-conditions) and Responsible Gaming Policy (php22.vip/responsible-gaming), which together constitute the full agreement between php22 and its players.

2 Data Controller

php22 is the personal information controller for the personal data collected through the php22 platform, as defined under Republic Act No. 10173. php22 determines the purposes and means of processing personal data in connection with the operation of the php22 online gaming platform.

php22 has designated a Data Protection Officer (DPO) responsible for overseeing compliance with RA 10173 and this Policy. Contact details for the php22 DPO are provided in Section 14 of this Policy.

3 Personal Data We Collect

3.1 Data You Provide Directly

When you register for a php22 account, use the platform, or contact customer support, we collect the following categories of personal data:

• Identity data: Full legal name, date of birth, gender, and government-issued ID number (SSS, UMID, PhilSys, passport, or driver's licence number).
• Contact data: Email address and Philippine mobile number (Globe, Smart, or DITO).
• Financial data: GCash account number, Maya/PayMaya account details, bank account information (BPI, BDO, Metrobank, or other Philippine bank), and transaction history.
• KYC documentation: Copies of government-issued identification documents and proof of address required for identity verification and AMLA compliance.
• Account data: php22 username, password (stored in hashed, non-reversible form), account preferences, and responsible gaming settings.
• Communications data: Records of your communications with php22 customer support, including live chat transcripts and email correspondence.

3.2 Data Collected Automatically

When you access php22, we automatically collect technical and usage data, including:

• IP address and approximate geographic location.
• Device type, operating system, and browser information.
• Session duration, pages visited, and game activity logs.
• Cookies and similar tracking technologies (see Section 7).
• Deposit and withdrawal transaction timestamps and values.

4 How We Use Your Personal Data

php22 uses your personal data for the following purposes:

• To create, verify, and manage your php22 account.
• To process deposits and withdrawals via GCash, Maya, and other Philippine payment methods.
• To conduct KYC and AML (Anti-Money Laundering) verification as required by PAGCOR and the Anti-Money Laundering Council (AMLC).
• To verify that you meet the 21+ age requirement and other eligibility criteria.
• To provide and improve php22's games, features, and services.
• To communicate with you regarding your account, transactions, and support requests.
• To send you promotional communications about php22 bonuses and offers, where you have consented to receive them.
• To detect, investigate, and prevent fraud, money laundering, and other prohibited activity.
• To comply with our PAGCOR licensing obligations, Philippine law, and any applicable regulatory requirements.
• To support responsible gaming monitoring and player protection measures.

5 Legal Basis for Processing

Under the Philippine Data Privacy Act, php22 processes your personal data on the following legal grounds:

• Contractual necessity: Processing necessary to create your account and provide the php22 gaming service as described in our Terms & Conditions.
• Legal obligation: Processing required to comply with PAGCOR licensing conditions, the Anti-Money Laundering Act, the Data Privacy Act, and other applicable Philippine law.
• Legitimate interests: Processing for fraud prevention, security monitoring, and platform improvement, where these interests are not overridden by your data protection rights.
• Consent: Processing for marketing communications and non-essential cookies, where you have given clear, informed, and freely given consent. You may withdraw consent at any time.

6 Data Sharing & Third Parties

php22 does not sell your personal data. We may share your data with the following categories of recipients, strictly on a need-to-know basis:

• Payment processors: GCash, Maya, InstaPay, PesoNet, BPI, BDO, Metrobank, and other Philippine payment service providers, for the purpose of processing deposits and withdrawals.
• Game providers: Third-party game developers and platform providers who supply the casino games available on php22, to the extent necessary for game operation and dispute resolution.
• PAGCOR: As required under php22's operating licence, certain player data and transaction records must be reported to the Philippine Amusement and Gaming Corporation.
• AMLC and law enforcement: php22 is required by the Anti-Money Laundering Act and other Philippine law to report suspicious transactions to the Anti-Money Laundering Council and to cooperate with law enforcement investigations.
• KYC and identity verification providers: Third-party identity verification services used to conduct document verification and age checks.
• IT and security providers: Cloud hosting, cybersecurity, and data analytics providers who process data on php22's behalf under strict data processing agreements.

All third-party processors engaged by php22 are required to maintain appropriate technical and organisational security measures and to process data only in accordance with php22's instructions.

7 Cookies & Tracking Technologies

php22 uses cookies and similar tracking technologies to operate the platform, analyse usage, and improve the player experience. The categories of cookies php22 uses include:

• Strictly necessary cookies: Essential for platform operation, including session management and security. These cannot be disabled without breaking core platform functionality.
• Performance cookies: Used to analyse how players interact with php22, to identify errors, and to improve platform performance. Data collected is aggregated and anonymised where possible.
• Functional cookies: Used to remember your account preferences and settings between sessions.

You may manage cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of the php22 platform.

8 Data Retention

php22 retains your personal data for the following periods, or such longer period as required by applicable Philippine law:

• Account and identity data: For the duration of your php22 account, and for five (5) years following account closure, as required by PAGCOR regulations and AMLA obligations.
• Transaction records: For a minimum of five (5) years from the date of the transaction, as required by the Anti-Money Laundering Act.
• KYC documentation: For five (5) years following account closure or the completion of the relevant transaction, whichever is later.
• Support communications: For two (2) years from the date of the communication, unless a longer period is required for an ongoing dispute or investigation.
• Marketing preferences: Until you withdraw consent or until three (3) years of inactivity, whichever occurs first.

Upon expiry of applicable retention periods, personal data is securely deleted or anonymised so that it can no longer be linked to an individual.

9 Data Security

php22 implements industry-standard technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and php22's servers.
• Encryption of sensitive data at rest, including payment account details and government ID information.
• Passwords stored exclusively as salted cryptographic hashes — php22 staff cannot read your password.
• Role-based access controls limiting staff access to personal data to what is strictly necessary for their job function.
• Regular security assessments and penetration testing of the php22 platform.
• 24/7 security monitoring and intrusion detection systems.

While php22 takes all reasonable precautions to protect your data, no internet transmission or electronic storage system is completely secure. You are responsible for maintaining the confidentiality of your php22 login credentials.

10 Your Data Subject Rights

Under the Philippine Data Privacy Act, you have the following rights with respect to your personal data held by php22:

To exercise any of these rights, contact php22's Data Protection Officer at the details provided in Section 14. php22 will respond to data subject requests within thirty (30) days. We may need to verify your identity before processing your request.

11 Children's Privacy

php22 is strictly an adult platform. Access is limited to persons who are at least twenty-one (21) years of age. php22 does not knowingly collect personal data from individuals under 21. If php22 becomes aware that an account belongs to a person under 21, the account will be immediately closed and any personal data collected will be deleted, except where retention is required by law.

If you believe a person under 21 has created a php22 account, please notify us immediately at [email protected].

12 International Data Transfers

php22's primary data storage and processing infrastructure is located within the Philippines or in jurisdictions that maintain data protection standards comparable to or exceeding those required under RA 10173. Where personal data is transferred outside the Philippines — for example, to certain third-party technology providers — php22 ensures that appropriate safeguards are in place, such as contractual data processing agreements that incorporate the NPC's standard contractual clauses or equivalent protections.

13 Changes to This Privacy Policy

php22 may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or platform features. The date of the most recent update is displayed at the top of this page. For material changes, php22 will notify registered players via their registered email address and/or via a prominent notice on the php22 website.

Your continued use of the php22 platform following notification of changes constitutes your acceptance of the revised Policy. If you do not agree with any changes, you must stop using the platform and may request account closure.

14 Contact & Data Protection Officer

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact php22's Data Protection Officer:

• Email: [email protected]
• Subject line: Privacy / DPO Request
• Response time: Within 30 days for formal data subject requests; within 48 hours for general privacy inquiries
• Live Chat: Available 24/7 through the php22 platform for general inquiries

You also have the right to lodge a complaint directly with the National Privacy Commission (NPC) of the Philippines if you believe your data rights have been violated. The NPC can be reached through its official government channels.