php22 Privacy Policy
How we collect, use, and protect your personal information

This Privacy Policy describes how php22 ("we," "us," "our," or "the Company") collects, processes, stores, and protects the personal information of individuals ("you," "the Player," "the data subject") who access or use the php22 platform at php22.club and any associated services.

php22 takes data privacy seriously — not merely as a legal obligation but as a foundational commitment to the trust of every Filipino player who entrusts us with their personal information. Whether you are logging in from Manila, Cebu, Davao, Cagayan de Oro, or anywhere else in the Philippine archipelago, the same data protection standards apply to your account.

By registering an account with php22, depositing funds, placing wagers, or otherwise using the php22 platform, you acknowledge that you have read and understood this Privacy Policy and that you consent to the collection and processing of your personal data as described herein. If you do not agree with this Privacy Policy, please do not use the php22 platform.

This Privacy Policy should be read in conjunction with the php22 Terms & Conditions, which govern the overall use of the platform.

For the purposes of the Philippine Data Privacy Act of 2012 and applicable data protection law, the data controller responsible for your personal information is the entity operating the php22 platform. php22 determines the purposes for which, and the means by which, your personal data is processed.

As data controller, php22 is responsible for ensuring that your personal data is processed in compliance with applicable Philippine data protection legislation. Where php22 engages third-party data processors — such as payment processors, KYC verification providers, or technical infrastructure providers — such processors are contractually bound to process personal data only on php22's instructions and in compliance with applicable law.

Contact details for data privacy inquiries are provided in Section 15 of this Policy.

php22 collects the following categories of personal data from players and platform visitors:

php22 collects personal data through the following means:

• Direct provision: Information you actively provide when registering an account, completing KYC, making deposits or withdrawals, setting responsible gaming limits, or contacting customer support.
• Automated collection: Technical and gaming data collected automatically through your interaction with the platform — including server logs, session activity, browser fingerprinting (for fraud detection), and device identification data.
• Third-party sources: Identity verification data returned by our KYC provider following document authentication; transaction confirmation data from GCash, Maya, BPI, BDO, and other payment processors; fraud-screening data from risk management service providers.
• Cookies and similar technologies: Data collected via cookies and local storage on your device — see Section 9 of this Policy for full details.

php22 processes your personal data only where a lawful basis exists under the Philippine Data Privacy Act. The following table sets out our primary processing purposes and their corresponding legal bases:

1. Account registration and management — Necessary for the performance of our contract with you (the php22 Terms & Conditions). Without this data, we cannot create or maintain your account.
2. Identity verification (KYC) — Necessary for compliance with our legal obligations under anti-money laundering regulations applicable to Philippine gaming operators.
3. Processing deposits and withdrawals — Necessary for the performance of our contract with you. Financial data is required to facilitate fund transfers via GCash, Maya, and bank channels in PHP.
4. Fraud prevention and security monitoring — Necessary for the purposes of our legitimate interests in protecting the platform and our players from fraud, account takeover, and financial crime.
5. Regulatory compliance and record-keeping — Necessary for compliance with our legal obligations under PAGCOR regulations and applicable Philippine law, including mandatory data retention periods.
6. Responsible gaming monitoring — Necessary for compliance with our legal and regulatory obligations to identify and support players who may be experiencing problem gambling.
7. Customer support and dispute resolution — Necessary for the performance of our contract with you and for the purposes of our legitimate interests in resolving complaints fairly.
8. Marketing and promotional communications — Based on your consent. You may withdraw consent for marketing communications at any time via your account notification settings.
9. Platform analytics and improvement — Necessary for the purposes of our legitimate interests in understanding how players use the php22 platform and improving our service.

php22 does not sell your personal data to third parties. We share your personal data only in the following limited circumstances:

• KYC and identity verification providers: We share identity documents and verification data with our authorized KYC partner to conduct identity and age verification before your first withdrawal.
• Payment processors: We share the minimum necessary financial data with GCash, Maya, BPI, BDO, UnionBank, and other payment processors to facilitate deposits and withdrawals in PHP.
• Fraud and risk management providers: Technical data including IP addresses and device fingerprints may be shared with third-party fraud detection services for the purpose of protecting the platform and our players.
• Technology and infrastructure providers: We utilize cloud hosting, database, and technical service providers who process data on our behalf as data processors under contractual data protection agreements.
• Regulatory and law enforcement authorities: php22 is legally required to share transaction data and identity information with PAGCOR and Philippine law enforcement agencies upon lawful request. This includes mandatory suspicious transaction reporting under anti-money laundering law.
• Legal and professional advisers: We may share data with lawyers, auditors, or other professional advisers where necessary to obtain legal or regulatory advice.

php22 retains your personal data only for as long as necessary to fulfil the purposes for which it was collected, and to comply with applicable legal and regulatory retention obligations. The following general retention periods apply:

• Account and identity data: Retained for the duration of your active account, plus a minimum of five (5) years following account closure — in accordance with anti-money laundering record-keeping requirements under Philippine law.
• Financial transaction records: Retained for a minimum of five (5) years from the date of each transaction, as required by applicable financial regulations.
• Gaming session and wager history: Retained for a minimum of three (3) years following the date of each session, for regulatory compliance and dispute resolution purposes.
• Customer support communications: Retained for a minimum of two (2) years from the date of each communication, for quality assurance and dispute resolution.
• Marketing consent records: Retained for the duration of your account, and for one (1) year following account closure or withdrawal of consent — to demonstrate compliance with consent obligations.
• Self-exclusion and responsible gaming records: Retained for a minimum of five (5) years from the date of self-exclusion, to prevent the re-registration of excluded individuals.

Upon expiry of applicable retention periods, personal data is securely deleted or anonymized so that it can no longer be linked to an identifiable individual.

php22 implements technical and organizational security measures designed to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These measures include:

• TLS encryption: All data transmitted between your device and php22's servers is encrypted using Transport Layer Security (TLS 1.2 or higher). This is the same encryption standard used by Philippine banks for online banking.
• Encryption at rest: Sensitive personal data — including identity documents and financial account details — is encrypted at rest in php22's secure data stores using industry-standard encryption algorithms.
• Access controls: Access to personal data within php22's systems is restricted to personnel who require it to fulfil their job functions, and is governed by role-based access controls and authentication requirements.
• Two-factor authentication: php22 offers two-factor authentication (2FA) for player accounts, providing an additional layer of protection against unauthorized account access.
• Regular security assessments: php22 conducts regular security reviews and vulnerability assessments of its platform infrastructure.
• Data breach response: php22 maintains a data breach response procedure. In the event of a breach that poses a risk to data subjects, php22 will notify the National Privacy Commission and affected players in accordance with the timelines prescribed by the Philippine Data Privacy Act and its implementing rules.

Notwithstanding these measures, no online platform can guarantee absolute security. Players are responsible for maintaining the security of their own account credentials — see the php22 Terms & Conditions for account security obligations.

php22 uses cookies and similar local storage technologies to operate the platform, maintain your session, and improve your experience. The following categories of cookies are in use:

1. Strictly necessary cookies: Required for basic platform functionality — including maintaining your login session, preserving your game state, and ensuring the security of your connection. These cannot be disabled without affecting core platform functionality.
2. Functional cookies: Remember your preferences — such as language settings and responsible gaming limit configurations — so you do not need to reconfigure them each session.
3. Analytical cookies: Collect aggregated, anonymized information about how players navigate the php22 platform — which pages are visited most frequently, session duration patterns, and common user paths. This data is used to improve the platform experience.
4. Security cookies: Support fraud detection and account security monitoring — including session integrity checks and device fingerprinting for login authentication.

You may manage cookie preferences through your browser settings. Disabling strictly necessary cookies will impair or prevent your ability to use the php22 platform. php22 does not use cookies to serve third-party advertising.

php22 does not knowingly collect personal data from persons under the age of 21. The php22 platform is restricted to adults aged 21 and over, in accordance with PAGCOR regulations governing online casino gaming in the Philippines.

If php22 becomes aware that personal data has been collected from a person under 21 — whether through registration, KYC review, or any other means — that account will be immediately suspended, all associated data will be handled in accordance with applicable law, and any balance will be returned to the payment method from which it was deposited, subject to confirmation of ownership.

Some of php22's technology and service providers — including cloud infrastructure providers and KYC verification services — may process personal data on servers located outside the Philippines. Where personal data is transferred internationally, php22 ensures that appropriate safeguards are in place to protect your data to the standard required by the Philippine Data Privacy Act, including contractual data protection clauses binding the recipient to equivalent data protection standards.

php22's primary operational systems and all player-facing services are accessible from the Philippines and optimized for Philippine Standard Time. Customer support is staffed and managed in the Philippine time zone, and all player communications are conducted in English appropriate to the Philippine market.

As a data subject under the Philippine Data Privacy Act of 2012, you may exercise the rights described in the summary at the top of this Policy by submitting a request to php22 through the following channels:

• Live chat: Available 24/7 on the php22 platform — fastest response, typically within 5 minutes on Philippine Standard Time.
• Email: Submit your request to the support email address displayed in Section 15 and the site footer.

When submitting a data rights request, please identify yourself clearly with your registered php22 account details (username or registered mobile number) and specify the right you wish to exercise and the data it concerns. php22 will respond to rights requests within thirty (30) calendar days of receipt. Where a request is complex or numerous, this period may be extended by a further thirty (30) days — in which case you will be informed of the extension and the reason for it.

php22 may need to verify your identity before processing a rights request, to ensure that personal data is not disclosed to unauthorized individuals. We may ask you to confirm your registered identity details or to provide a copy of your government ID for verification purposes.

If you believe that php22 has processed your personal data in breach of the Philippine Data Privacy Act or this Privacy Policy, you have the right to lodge a complaint. We encourage you to contact php22 in the first instance to allow us the opportunity to investigate and address your concern directly — see Section 15 for contact details.

If you remain unsatisfied following php22's response, you have the right to escalate your complaint to the National Privacy Commission of the Philippines, which is the supervisory authority responsible for enforcing the Philippine Data Privacy Act. The National Privacy Commission accepts complaints from Philippine data subjects regarding the handling of their personal data by data controllers operating in or targeting the Philippine market.

php22 reserves the right to update this Privacy Policy at any time to reflect changes in our data processing practices, regulatory requirements, or platform features. The effective date of the current version is displayed at the top of this page.

Material changes to this Privacy Policy — particularly those that affect how we use your personal data or your rights as a data subject — will be communicated to registered players via a notification in their php22 account dashboard. Where changes require your fresh consent (for example, a new category of data processing based on consent), we will seek that consent before the new processing begins.

Your continued use of the php22 platform following publication of an updated Privacy Policy constitutes acceptance of the updated terms. If you do not agree with changes to the Privacy Policy, you may request account closure by contacting php22 customer support.

For all data privacy inquiries — including requests to exercise your data subject rights, questions about this Privacy Policy, or notifications of potential data breaches — please contact php22 through the following channels:

• Live Chat: Available 24/7 directly within the php22 platform. Average response time: under 5 minutes on Philippine Standard Time.
• Support Email: [email protected] — please mark your subject line with "DATA PRIVACY REQUEST" for priority routing.

For broader platform information, visit our About Us page. For platform rules governing account use, see our Terms & Conditions. For gambling-related welfare support, visit our Responsible Gaming page.