ph679 Privacy Policy — Your Data, Our Responsibility

1.1  ph679 — accessible at ph679.club — is the personal information controller responsible for the collection and processing of personal data described in this Privacy Policy. In this document, "ph679," "we," "us," and "our" refer to the ph679 platform and its operators.

1.2  ph679 operates as an online gaming platform serving Filipino players across the Philippines, including Metro Manila, Cebu, Davao, Quezon City, and all other regions of the archipelago. The platform offers slots, live casino games, sports betting, sabong, and bingo.

1.3  ph679 operates within the regulatory framework established by the Philippine Amusement and Gaming Corporation (PAGCOR) for online gaming activities. Data processing activities described in this policy are conducted in accordance with PAGCOR's operator guidelines and the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations.

1.4  For all privacy-related queries, requests, and concerns, you may contact ph679's Data Protection Officer (DPO) at the contact details set out in Section 17.

2.1  This Privacy Policy applies to all personal data collected by ph679 in connection with:

• The registration and operation of ph679 user accounts;
• Deposits and withdrawals processed through GCash, Maya, QR Ph, GrabPay, BPI, BDO, UnionBank, Metrobank, 7-Eleven CLiQQ, USDT TRC20, Coins.ph, and any other payment methods offered on the platform;
• Gameplay, wager history, and gaming session data;
• Customer support interactions via live chat and email;
• Marketing and promotional communications where consent has been given;
• Browsing activity on ph679.club captured through cookies and analytics tools; and
• KYC (Know Your Customer) identity and address verification.

2.2  This policy does not apply to third-party websites, platforms, or services that may be linked from ph679.club. ph679 is not responsible for the privacy practices of third-party operators, including game developers whose titles are hosted on the platform through licensing arrangements.

3.1  ph679 collects the following categories of personal data in the course of operating the platform:

3.2  ph679 does not collect sensitive personal information as defined in Section 3(l) of RA 10173 — such as racial or ethnic origin, religious beliefs, health data, or political affiliation — unless specifically required by applicable law (e.g., health data relevant to responsible gaming assessments in exceptional circumstances).

4.1  Directly from You. ph679 collects personal data that you provide directly when you: register an Account; complete KYC verification; make deposits or request withdrawals; contact our customer support team via live chat or email; complete a responsible gaming assessment or set account limits; or respond to surveys or promotions.

4.2  Automatically During Platform Use. When you access ph679.club, certain technical data is collected automatically through cookies, session logs, and analytics tools. This includes your IP address, device identifiers, browser type, pages visited, time on page, and game activity. See Section 8 for details on cookies.

4.3  From Third Parties. ph679 may receive data about you from the following third-party sources:

• Payment providers (GCash, Maya, BPI, BDO, etc.) — confirmation of transaction status and basic account holder details for fraud prevention;
• Identity verification services — results of document and liveness verification checks;
• Fraud prevention and AML screening services — risk scoring and watchlist screening results; and
• PAGCOR and other regulators — where required by law, regulatory data exchanges may occur.

5.1  ph679 uses your personal data for the following purposes:

• Account Management: Creating, maintaining, and securing your ph679 Account, processing your login sessions, and communicating account-related information to you;
• Payment Processing: Facilitating deposits and withdrawals through your chosen payment methods, reconciling transactions, and maintaining financial records;
• Identity & Age Verification: Confirming that you are aged 21 or above and that your identity matches your account registration, as required by PAGCOR;
• Regulatory Compliance: Meeting ph679's obligations under the Anti-Money Laundering Act (RA 9160, as amended), PAGCOR online gaming regulations, and any other applicable Philippine law — including transaction monitoring and regulatory reporting;
• Fraud Prevention & Security: Detecting, investigating, and preventing unauthorized access, account fraud, payment fraud, collusion, money laundering, and other prohibited activities;
• Gaming Operations: Providing access to games, recording wager outcomes, processing winnings, resolving game disputes, and maintaining game audit trails;
• Responsible Gaming: Monitoring account activity for signs of problem gambling behaviour, enforcing self-exclusion decisions, applying deposit and loss limits, and communicating responsible gaming resources;
• Customer Support: Responding to your queries, resolving complaints, and improving support quality;
• Platform Improvement: Analyzing aggregated usage data to optimize platform performance, user experience, and game library curation; and
• Marketing (where consented): Sending promotional offers, bonus notifications, and platform updates to users who have opted in to marketing communications.

5.2  ph679 will not use your personal data for any purpose incompatible with those listed above without first providing you with notice and, where required by law, obtaining your consent.

6.1  Under the Data Privacy Act of 2012, ph679 processes your personal data on one or more of the following lawful grounds:

• Contractual Necessity: Processing required to perform the contract between ph679 and you — specifically, to operate your Account, process deposits and withdrawals, and provide access to gaming services;
• Legal Obligation: Processing required to comply with ph679's obligations under Philippine law, including AML regulations, PAGCOR requirements, and tax reporting obligations;
• Legitimate Interests: Processing carried out for ph679's legitimate business interests where these are not overridden by your rights — including fraud prevention, security monitoring, platform performance analysis, and responsible gaming compliance; and
• Consent: Processing based on your explicit consent — in particular, marketing communications and the use of non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.

6.2  Where ph679 relies on legitimate interests as a legal basis, it conducts a balancing assessment to ensure that your privacy interests are not disproportionately affected.

7.1  Service Providers. ph679 shares personal data with third-party service providers who assist in the operation of the platform, including:

• Payment processors — GCash, Maya, BPI, BDO, UnionBank, Metrobank, and other payment partners — for transaction processing and settlement;
• KYC and identity verification providers, for document checking and liveness verification;
• AML screening and fraud prevention services;
• Cloud hosting and data storage providers operating servers used by ph679;
• Game software providers — such as PG Soft, JiLi, and Pragmatic Play — to the extent that session data is exchanged for game integrity, RTP reporting, and audit purposes; and
• Customer support platform providers who process support chat transcripts on ph679's behalf.

7.2  Regulatory and Law Enforcement Authorities. ph679 is required to disclose personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), the Bureau of Internal Revenue (BIR), and other Philippine government authorities where required by applicable law, regulation, court order, or lawful regulatory request.

7.3  Business Transfers. In the event of a merger, acquisition, or sale of ph679's assets, your personal data may be transferred to the acquiring entity, subject to the acquiring entity providing equivalent privacy protections. You will be notified of any such transfer in advance.

7.4  With Your Consent. ph679 may share your data with additional third parties where you have expressly consented to such sharing — for example, if you participate in a partner promotion.

8.1  ph679 uses cookies and similar tracking technologies (including local storage and session tokens) on ph679.club. The types of cookies used are:

• Essential Cookies: Required for the platform to function — including session authentication, security tokens, and login state persistence. These cannot be disabled without preventing use of the platform.
• Functional Cookies: Store user preferences such as language settings, game lobby view preferences, and responsible gaming limit configurations.
• Analytics Cookies: Collect anonymized usage data (pages visited, session duration, error logs) to help ph679 understand how the platform is used and identify areas for improvement. This data is aggregated and does not identify individual users.
• Marketing Cookies: Used only where you have consented to marketing communications. Track interactions with ph679 promotional emails and on-site content to measure campaign effectiveness.

8.2  You may manage cookie preferences through your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, and receive alerts when cookies are set. Disabling essential cookies will prevent platform login and gameplay.

8.3  ph679 does not currently use third-party advertising networks that place tracking cookies for cross-site behavioural profiling unrelated to ph679's own services.

9.1  ph679 retains personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable law. The following retention periods apply:

9.2  Where a regulatory investigation, legal dispute, or law enforcement request is ongoing, ph679 may extend the retention period for relevant data beyond the standard periods above until the matter is resolved.

9.3  Upon expiry of the applicable retention period, ph679 will securely delete or anonymize the relevant data so that it can no longer be associated with any identifiable individual.

10.1  ph679 implements technical and organizational security measures proportionate to the risk of processing personal data in an online gaming environment. These measures include:

• TLS 1.2 / 1.3 encryption for all data in transit between users' devices and ph679's servers;
• AES-256 encryption for sensitive data at rest, including KYC documents and financial records;
• Access controls limiting internal access to personal data on a need-to-know basis, with role-based permissions and audit logging;
• Two-factor authentication (2FA) for internal staff accessing data management systems;
• Regular vulnerability assessments and penetration testing by independent security professionals;
• Intrusion detection and DDoS mitigation systems;
• Secure data backup procedures with offsite redundancy; and
• Staff training on data protection obligations and incident response procedures.

10.2  Notwithstanding these measures, no online system is entirely immune to unauthorized access. ph679 cannot guarantee absolute security of data transmitted over the internet. Users are encouraged to protect their own account credentials — see the ph679 Terms & Conditions for account security responsibilities.

10.3  In the event of a personal data breach affecting your data, ph679 will comply with the notification requirements of RA 10173 and the NPC's breach notification rules — notifying affected users and the NPC within the prescribed timeframes. See Section 15 for ph679's breach response procedure.

11.1  Under the Data Privacy Act of 2012 (RA 10173), you have the following rights in relation to your personal data held by ph679:

11.2  To exercise any of these rights, contact ph679's Data Protection Officer using the contact details in Section 17. ph679 will verify your identity before processing any data subject rights request to protect against unauthorized requests. There is no charge for exercising your rights, except where requests are manifestly unfounded or excessive — in which case a reasonable administrative fee may apply.

11.3  If you believe ph679 has failed to comply with your data subject rights or the requirements of RA 10173, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines.

12.1  ph679 employs age verification at registration (date-of-birth confirmation) and during KYC processing (government ID verification) to prevent underage access. Where ph679 has reason to believe that an account holder may be under 21, the account will be suspended pending verification.

12.2  If ph679 discovers that it has inadvertently collected personal data from a person under 21, that data will be deleted promptly and the account closed. Any deposits made will be returned to the original payment source.

12.3  Parents and guardians who believe their child may have registered on ph679 should contact our support team immediately at the address provided in Section 17. ph679 will act on such reports promptly and without delay.

13.1  ph679 primarily stores and processes personal data within the Philippines or within servers operated by providers in jurisdictions with adequate data protection standards. Where data is transferred to a jurisdiction outside the Philippines, ph679 ensures that appropriate safeguards are in place, including:

• Data processing agreements incorporating the standard contractual clauses recognized by the NPC;
• Transfer to jurisdictions that the NPC has determined provide an adequate level of data protection; or
• Other mechanisms recognized under RA 10173 as providing sufficient protection for cross-border data transfers.

13.2  Game providers (such as PG Soft, JiLi, and Pragmatic Play) are licensed software developers operating internationally. Game session data exchanged with these providers for RTP verification, audit, and game integrity purposes is governed by contractual data protection obligations requiring them to handle this data in compliance with applicable privacy law.

14.1  ph679 sends transactional communications (account confirmations, deposit receipts, KYC status updates, security alerts) to all registered users regardless of marketing preference. These are necessary for the operation of your Account and cannot be opted out of while your Account is active.

14.2  ph679 sends promotional communications — bonus offers, new game announcements, promotions, cashback notifications — only to users who have given explicit consent to receive such communications at registration or through Account settings. Consent is recorded at the time it is given.

14.3  You may withdraw your marketing consent at any time by:

• Updating your communication preferences in your ph679 Account dashboard;
• Using the unsubscribe link in any marketing email received from ph679; or
• Contacting ph679 support via live chat.

14.4  Withdrawal of marketing consent will not affect the lawfulness of marketing communications sent prior to your withdrawal, and will not affect your ability to use the ph679 platform.

15.1  ph679 maintains a documented personal data breach response procedure in compliance with the NPC's Circular on Personal Data Breach Management. In the event of a breach affecting your personal data, ph679 will:

• Assess the breach within 24 hours of detection to determine its scope and severity;
• Notify the National Privacy Commission (NPC) within 72 hours of discovering a breach that is likely to result in a risk to the rights and freedoms of data subjects;
• Notify affected users via their registered email address within 72 hours where the breach is likely to result in a high risk to their rights — including information about the nature of the breach, categories of data affected, likely consequences, and measures taken or proposed to address the breach;
• Contain the breach and implement remedial technical measures to prevent recurrence; and
• Maintain a breach register documenting all incidents, regardless of whether NPC notification is required.

15.2  Users are encouraged to report any suspected unauthorized access to their ph679 Account — unusual login activity, unauthorized password changes, or suspicious transactions — to ph679 support immediately. Early reporting assists ph679 in containing potential breaches promptly.

16.1  ph679 may update this Privacy Policy from time to time to reflect changes in applicable Philippine law, NPC guidance, PAGCOR regulations, or ph679's operational practices. The effective date at the top of this document will be updated to reflect the date of the most recent revision.

16.2  Where material changes are made — particularly changes that reduce your rights or expand how ph679 uses your data — ph679 will notify registered users by email to the address on file at least seven (7) days before the changes take effect.

16.3  Continued use of ph679 after the effective date of a revised Privacy Policy constitutes acceptance of the updated terms. If you do not accept the revised policy, you must stop using ph679 and may request Account closure.

16.4  The current version of this Privacy Policy is always accessible at ph679.club/privacy-policy.

17.1  For any questions, concerns, or requests relating to this Privacy Policy or ph679's handling of your personal data, please contact the ph679 Data Protection Officer through the following channels:

• Live Chat: Available 24 hours a day, 7 days a week on ph679.club. Average response time: 3–5 minutes. For DPO matters, indicate "Privacy Request" in your first message.
• Email: [email protected] — use the subject line "Privacy Policy Request – [Your Account Username]." ph679 will acknowledge privacy requests within 5 business days and respond substantively within 15 business days.

17.2  If you wish to escalate a privacy concern that ph679 has failed to resolve to your satisfaction, you may file a complaint with the National Privacy Commission of the Philippines.