phfairy Privacy Policy

1. Introduction and Scope

phfairy ("we," "us," or "our") is committed to protecting the privacy and personal data of every player and visitor who interacts with the phfairy Platform at phfairy.org. This Privacy Policy describes our practices regarding the collection, use, storage, disclosure, and protection of personal information in accordance with the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission of the Philippines.

This policy applies to all personal data collected through the phfairy website, any mobile-optimised interface, customer support communications, and any other interaction you have with phfairy, including during the account registration, KYC verification, deposit and withdrawal processes, and participation in promotions.

Where phfairy's activities are subject to additional regulatory requirements from PAGCOR — the Philippine Amusement and Gaming Corporation — this policy reflects those requirements. In the event of any conflict between this policy and applicable Philippine law, Philippine law shall prevail.

2. Data Controller Identity

phfairy is the Personal Information Controller (PIC) as defined under the Data Privacy Act of 2012 with respect to the personal data collected through the phfairy Platform. phfairy is responsible for ensuring that personal data is processed lawfully, fairly, and transparently, and that appropriate technical and organisational measures are in place to protect data from unauthorised access, loss, or disclosure.

phfairy's designated Data Protection Officer (DPO) can be contacted at:

• Email: [email protected] (subject line: "Data Privacy Request")
• Live Chat: Available 24/7 within your phfairy account — request to speak with the Data Privacy team

3. Personal Data We Collect

phfairy collects the following categories of personal data from players and platform visitors:

3.1 Registration and Identity Data

• Full legal name (as it appears on your government-issued ID);
• Date of birth;
• Gender;
• Philippine residential address (street, city/municipality, province, ZIP code);
• Nationality and country of residence;
• Mobile number (registered Philippine mobile number);
• Email address.

3.2 KYC Verification Documents

• Copy of government-issued photo identification (PhilSys National ID, passport, driver's licence, SSS/GSIS card, PRC ID, or UMID);
• Proof of address documents (utility bill, bank statement, or barangay certificate);
• Proof of payment method ownership (screenshot of GCash or Maya wallet, or bank account statement);
• Source-of-funds documentation where required by AMLA compliance obligations.

3.3 Financial and Transaction Data

• Deposit and withdrawal amounts, dates, and payment methods;
• GCash account reference numbers and mobile numbers (not full wallet credentials);
• BPI, BDO, Metrobank, or other bank account names and last-four digits where applicable;
• Transaction history and running account balance;
• Bonus credit and wagering activity records.

3.4 Gaming Activity Data

• Game sessions played, bet amounts, game outcomes, and session durations;
• Sports betting markets accessed and wager records;
• Game provider interactions and feature usage within the Platform.

3.5 Technical and Device Data

• IP address at time of registration and login;
• Device type, operating system, and browser type;
• Session timestamps and duration;
• Geolocation data (country/region level, derived from IP address).

3.6 Communications Data

• Records of live chat conversations with phfairy support;
• Email correspondence with phfairy;
• Responses to surveys or promotions where you have voluntarily participated.

4. How We Collect Personal Data

phfairy collects personal data through the following channels:

• Directly from you: When you register an account, complete KYC verification, make a deposit or withdrawal, contact support, or participate in a promotion;
• Automatically: Through cookies, session tracking, and server logs when you visit and use the phfairy Platform (see Section 7);
• From payment processors: Transaction confirmation data is returned to phfairy by GCash, Maya, BPI, BDO, and other payment providers when you initiate a deposit or withdrawal;
• From identity verification services: Where phfairy uses a third-party KYC platform to automate document verification, that service returns a verification result and risk assessment to phfairy;
• From fraud and security services: phfairy uses third-party risk assessment tools that may derive device fingerprinting or behavioural signals to detect fraudulent activity.

5. Purposes of Processing Personal Data

phfairy processes your personal data for the following purposes:

6. Legal Basis for Processing

Under the Data Privacy Act of 2012, phfairy processes personal data on the following legal bases:

• Contractual necessity: Processing required to fulfil phfairy's obligations to you as a registered player — including account management, payment processing, and game provision — is necessary for the performance of the contract between you and phfairy.
• Legal obligation: Processing required to comply with PAGCOR licensing conditions, the Anti-Money Laundering Act (RA 9160 as amended), the Data Privacy Act (RA 10173), and other applicable Philippine laws and regulations.
• Legitimate interest: Processing for fraud detection, platform security, responsible gaming monitoring, and internal analytics, where phfairy's legitimate interest in maintaining a safe and compliant platform is not overridden by your privacy rights.
• Consent: Processing for optional purposes such as marketing communications, participation in promotional surveys, and optional analytics features. Consent may be withdrawn at any time without affecting the lawfulness of prior processing.

7. Cookies and Tracking Technologies

7.1 Types of Cookies Used

phfairy uses the following categories of cookies and similar tracking technologies on the phfairy Platform:

• Strictly Necessary Cookies: Required for the Platform to function. These include session authentication cookies that keep you logged into your phfairy account and security cookies that prevent cross-site request forgery. These cannot be disabled without breaking core Platform functionality.
• Functional Cookies: Store your preferences such as language settings, game display options, and last-visited sections of the Platform. Disabling these cookies will mean your preferences are not remembered between sessions.
• Analytics Cookies: Used to understand how players navigate and use the phfairy Platform in aggregate, enabling us to identify technical issues and improve the user experience. Data collected by analytics cookies is anonymised or pseudonymised before analysis.
• Fraud Prevention Cookies: Support phfairy's device fingerprinting and fraud detection systems. These cookies help identify unusual access patterns consistent with account takeover or bonus abuse.

7.2 Managing Cookies

You can manage non-essential cookies through your browser settings. Most browsers allow you to refuse cookies entirely, delete existing cookies, or be notified when a new cookie is set. Note that disabling strictly necessary cookies will prevent you from accessing your phfairy account. Instructions for managing cookies are available in your browser's help documentation.

8. Sharing Personal Data with Third Parties

phfairy does not sell your personal data. We share personal data with third parties only in the following circumstances:

• Payment processors and e-wallet providers: GCash, Maya, BPI, BDO, Metrobank, GrabPay, and other payment service providers receive the minimum data necessary to process your requested transaction. All such providers are bound by their own privacy policies and data processing agreements with phfairy.
• KYC and identity verification services: Third-party identity verification platforms receive copies of KYC documents for automated or manual verification. These providers process data under phfairy's instructions and are contractually prohibited from using data for their own purposes.
• Game providers: Game studios and live dealer operators (such as Pragmatic Play, PG Soft, Evolution Gaming) may receive a session token and pseudonymous player identifier to initiate your game session. No directly identifiable personal data such as your full name, ID number, or payment details is shared with game providers.
• PAGCOR and regulatory authorities: phfairy is required by PAGCOR licensing conditions to report certain player activity and transaction data. phfairy cooperates fully with all lawful requests from PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission, and other Philippine government bodies.
• Fraud prevention and security services: Anonymised or pseudonymised risk signals may be shared with fraud detection networks for the purpose of preventing financial crime.
• Professional advisers: Lawyers, accountants, auditors, and insurers who provide services to phfairy, subject to professional confidentiality obligations.

9. International Data Transfers

Some of phfairy's service providers — including certain game studios, cloud infrastructure providers, and fraud detection services — may process personal data outside the Philippines. Where such transfers occur, phfairy ensures that they are made only to countries or entities that provide an adequate level of data protection, or are governed by appropriate contractual safeguards consistent with the Data Privacy Act of 2012 and NPC regulations.

phfairy's primary data storage infrastructure is located within the Asia-Pacific region. Player financial data and KYC documents are processed in environments that comply with ISO 27001 information security standards.

10. Data Security Measures

phfairy implements the following technical and organisational security measures to protect your personal data:

• Encryption in transit: All data transmitted between your device and the phfairy Platform is protected using TLS 1.2 or higher (256-bit SSL);
• Encryption at rest: Sensitive personal data stored in phfairy's databases — including KYC documents and financial records — is encrypted using AES-256;
• Access controls: Access to personal data within phfairy's systems is restricted on a strict need-to-know basis, with multi-factor authentication required for administrative access;
• Regular security audits: phfairy undergoes periodic penetration testing and vulnerability assessments conducted by independent security firms;
• Incident response: phfairy maintains a documented data breach response procedure. In the event of a breach affecting your personal data, you will be notified as required by the Data Privacy Act and NPC breach notification requirements;
• Staff training: All phfairy personnel with access to personal data undergo data privacy training as part of their onboarding and annual compliance programme.

11. Data Retention

phfairy retains personal data for the following periods:

After the applicable retention period expires, phfairy will securely delete or anonymise the relevant personal data. Where legal proceedings are ongoing at the expiry of a retention period, phfairy will retain the relevant data until those proceedings are finally resolved.

12. Your Rights as a Data Subject

Under the Data Privacy Act of 2012, you have the following rights with respect to your personal data held by phfairy:

• Right to be Informed: You have the right to be informed of how your personal data is being processed. This Privacy Policy fulfils that obligation.
• Right of Access: You may request a copy of the personal data phfairy holds about you, including information about the purposes for which it is processed, the categories of data held, and any third parties to whom it has been disclosed.
• Right to Rectification: You may request correction of any inaccurate or incomplete personal data. Basic account information such as email address and mobile number can be updated directly within your phfairy account settings. Changes to identity data (full name, date of birth) require submission of supporting documentation.
• Right to Erasure: You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you withdraw consent, or where processing is unlawful. This right is subject to phfairy's legal obligations to retain certain data under PAGCOR and AMLA requirements, which may override erasure requests.
• Right to Object: You may object to processing based on phfairy's legitimate interests, including direct marketing. Objections to direct marketing will be actioned immediately. Other objections will be assessed on a case-by-case basis.
• Right to Data Portability: You may request that phfairy provide your personal data in a structured, commonly used, machine-readable format (such as CSV) where technically feasible and where processing is based on consent or contractual necessity.
• Right to Lodge a Complaint: If you believe phfairy has not handled your personal data in accordance with the Data Privacy Act, you have the right to lodge a complaint with the National Privacy Commission of the Philippines.

To exercise any of the above rights, contact phfairy's Data Protection Officer at [email protected] with the subject line "Data Subject Rights Request." phfairy will acknowledge your request within 72 hours and provide a substantive response within 30 calendar days.

13. Children's Privacy

The phfairy Platform is strictly intended for individuals who are 21 years of age or older as required by PAGCOR regulations. phfairy does not knowingly collect personal data from individuals under 21 years of age. If phfairy becomes aware that personal data has been collected from a person under the age of 21, the account will be immediately closed, any funds processed will be handled in accordance with applicable law, and the personal data will be deleted as soon as legally permissible.

If you believe a minor has registered a phfairy account, please contact our support team immediately at [email protected].

14. Marketing Communications and Opt-Out

With your consent, phfairy may send you promotional communications regarding bonuses, new games, tournaments, and other phfairy offers via email or SMS to your registered Philippine mobile number. phfairy does not use phone calls for unsolicited marketing.

You can withdraw consent to marketing communications at any time by:

• Clicking the unsubscribe link in any marketing email from phfairy;
• Updating your communication preferences within your phfairy account settings;
• Contacting phfairy support via live chat or at [email protected] and requesting removal from marketing lists.

Withdrawal of marketing consent does not affect phfairy's ability to send you service-related communications such as deposit confirmations, withdrawal notifications, account security alerts, and mandatory regulatory notices — these are sent as part of phfairy's contractual obligations and cannot be opted out of while your account remains active.

15. Amendments to This Privacy Policy

phfairy reserves the right to update this Privacy Policy from time to time to reflect changes in our data practices, applicable Philippine law, NPC guidance, or PAGCOR regulatory requirements. Material changes will be communicated to registered players via email or in-platform notification at least 7 days prior to the effective date of the revised policy, except where immediate changes are required by law.

The "Last Updated" date at the top of this policy reflects the date of the most recent revision. Continued use of the phfairy Platform after the effective date of a revised policy constitutes your acceptance of the updated terms. If you do not agree with a revised policy, you may close your account and request deletion of your data subject to the retention obligations described in Section 11.

16. Contact and Data Protection Officer

For all data privacy-related inquiries, requests, and complaints, please contact phfairy's Data Protection Officer through the following channels:

• Email: [email protected] — use the subject line "Data Privacy Request" for fastest routing. Acknowledgement within 72 hours; substantive response within 30 calendar days.
• Live Chat: Available 24/7 within your phfairy account — request to speak with the Data Privacy team for urgent matters.

If you are not satisfied with phfairy's response to your data privacy concern, you have the right to escalate your complaint to the National Privacy Commission of the Philippines (NPC) through official NPC channels.