1. Scope and Data Controller
This Privacy Policy applies to all personal data collected by phtaya1 ("phtaya1," "we," "us," "our") through the phtaya1 website located at phtaya1.one, its related subdomains, mobile-optimised interfaces, and all associated services, features, and communications (collectively, the "Platform").
phtaya1 acts as the data controller in respect of personal data collected through the Platform. As data controller, phtaya1 determines the purposes and means of processing your personal data and is responsible for ensuring that such processing is carried out in accordance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and all applicable issuances of the National Privacy Commission (NPC).
By registering an account on phtaya1 or by using the Platform in any capacity, you acknowledge that you have read, understood, and consent to the collection, use, and processing of your personal data as described in this Privacy Policy.
2. Personal Data We Collect
2.1 Data You Provide Directly
When you register for a phtaya1 account or use certain features of the Platform, we collect personal data that you provide to us directly, including:
- Identity data: Full legal name, date of birth, gender, and nationality.
- Contact data: Email address, Philippine mobile number, and residential address.
- Identity verification data: Government-issued ID (e.g., PhilSys ID, passport, driver's licence, SSS/GSIS ID), selfie or photograph for facial verification, and utility bill or bank statement for address verification.
- Financial data: GCash account number, Maya account details, bank account information (BPI, BDO, Metrobank), transaction history, deposit and withdrawal records.
- Communications data: Records of your communications with phtaya1 support via live chat or email, including the content of those communications.
2.2 Data Collected Automatically
When you access the Platform, certain data is collected automatically through cookies, log files, and similar technologies, including:
- IP address and approximate geolocation derived therefrom.
- Browser type, version, and settings; operating system; device type and model.
- Pages visited, features used, session duration, and navigation paths within the Platform.
- Login timestamps, device fingerprints, and session identifiers used for security monitoring.
- Referring URLs and search terms used to arrive at the Platform.
2.3 Data from Third Parties
phtaya1 may receive personal data about you from third-party sources in limited circumstances, including identity verification providers engaged to perform KYC checks, payment processors who transmit transaction confirmation data, and fraud detection service providers who flag suspicious activity patterns.
3. How We Use Your Personal Data
phtaya1 uses the personal data we collect for the following purposes:
- Account creation and management: To register your account, verify your identity and age, and maintain your account in good standing.
- Service delivery: To provide you with access to games, process deposits and withdrawals, credit bonuses, and deliver all other Platform features you use.
- Identity verification and KYC compliance: To verify your identity and age in accordance with applicable anti-money laundering (AML) laws and gaming regulations.
- Transaction processing: To process your deposits and withdrawals via GCash, Maya, and other accepted payment methods.
- Customer support: To respond to your enquiries, resolve disputes, and provide assistance with account and technical issues.
- Security and fraud prevention: To detect, investigate, and prevent fraudulent activity, unauthorised account access, and other illegal or prohibited conduct on the Platform.
- Responsible gaming: To monitor gaming patterns for signs of problem gambling, enforce self-exclusion requests, and provide responsible gaming tools.
- Legal compliance: To fulfil our obligations under applicable Philippine laws, including AML reporting requirements, gaming regulatory obligations, and data protection law.
- Service improvement: To analyse usage patterns, conduct internal research, and improve the features, content, and performance of the Platform.
- Communications: To send you transactional notifications (deposit confirmations, withdrawal updates, security alerts) and, where you have opted in, promotional communications about phtaya1 offers.
You may opt out of promotional communications at any time by updating your communication preferences in your phtaya1 account settings or by contacting our support team.
4. Legal Basis for Processing
phtaya1 processes your personal data on the following legal bases as recognised under the Philippine Data Privacy Act of 2012:
- Performance of a contract: Processing necessary to fulfil our obligations to you under the phtaya1 Terms and Conditions, including account management, game access, and payment processing.
- Legal obligation: Processing required to comply with applicable laws, including AML regulations, gaming licensing requirements, and tax reporting obligations.
- Legitimate interests: Processing for fraud prevention, security monitoring, and service improvement, where such interests are not overridden by your privacy rights.
- Consent: Processing for marketing communications and certain optional features, where you have provided explicit consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.
5. Sharing and Disclosure of Your Data
phtaya1 does not sell, rent, or trade your personal data. We share your data with third parties only in the following circumstances and only to the extent necessary:
- Payment processors: GCash, Maya, BPI, BDO, Metrobank, and other payment service providers receive the data necessary to process your transactions.
- Identity verification providers: Third-party KYC and AML verification services receive identity documents and data necessary to perform regulatory verification checks.
- Technology and infrastructure providers: Cloud hosting, content delivery, and cybersecurity service providers who process data on our behalf under strict data processing agreements.
- Regulatory authorities: We may disclose data to the relevant Philippine gaming regulatory authority, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), or law enforcement agencies where required by law or court order.
- Business transfers: In the event of a merger, acquisition, or sale of all or part of phtaya1's business, your data may be transferred to the successor entity, subject to the same privacy protections described in this Policy.
All third-party service providers engaged by phtaya1 are contractually required to process personal data only for the purposes for which it was shared and to maintain appropriate security measures.
6. Cookies and Tracking Technologies
phtaya1 uses cookies, web beacons, pixel tags, and similar tracking technologies to operate and improve the Platform. Cookies are small text files stored on your device by your browser.
6.1 Types of Cookies Used
- Strictly necessary cookies: Required for the Platform to function. These include session authentication tokens, security identifiers, and load-balancing cookies. These cannot be disabled.
- Functional cookies: Enable personalised features such as remembered language preferences, saved game settings, and login state persistence when you select "Remember me."
- Analytics cookies: Help us understand how members use the Platform, which pages are visited most, and where performance improvements are needed. Data collected is aggregated and anonymised.
- Security cookies: Support fraud detection and suspicious login monitoring by maintaining a device fingerprint associated with your authenticated session.
You may manage non-essential cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of the Platform.
7. Data Retention
phtaya1 retains personal data for no longer than is necessary to fulfil the purposes for which it was collected, subject to the following minimum retention periods required by law:
- Account and transaction records: Retained for a minimum of five (5) years following account closure, as required for AML compliance and gaming regulatory purposes.
- KYC and identity verification documents: Retained for a minimum of five (5) years following the completion of the verification process or account closure, whichever is later.
- Customer support communications: Retained for three (3) years following the resolution of the relevant enquiry or dispute.
- Analytics and log data: Retained for up to twenty-four (24) months in identifiable form, after which it is anonymised or deleted.
Following the expiry of the applicable retention period, personal data is securely deleted or anonymised in accordance with industry-standard data disposal procedures.
8. Security Measures
phtaya1 implements a comprehensive set of technical and organisational security measures to protect your personal data from unauthorised access, disclosure, alteration, and destruction:
- 256-bit SSL/TLS encryption for all data in transit between your device and phtaya1 servers.
- Encryption of sensitive data at rest, including financial data and identity documents.
- Role-based access controls ensuring that only authorised personnel have access to personal data, on a strict need-to-know basis.
- Multi-factor authentication for all internal systems that process personal data.
- Real-time security monitoring and intrusion detection systems.
- Regular security audits, vulnerability assessments, and penetration testing.
- Staff data protection training and confidentiality obligations.
While phtaya1 implements strong security measures, no online platform can guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and should notify us immediately of any suspected unauthorised account access.
9. Your Privacy Rights
Under the Philippine Data Privacy Act of 2012 (RA 10173), you have the following rights with respect to your personal data held by phtaya1:
- Right to be informed: The right to know what personal data phtaya1 holds about you, how it is used, and with whom it is shared.
- Right to access: The right to request a copy of the personal data phtaya1 holds about you.
- Right to rectification: The right to request correction of inaccurate or incomplete personal data.
- Right to erasure: The right to request deletion of your personal data, subject to applicable legal retention requirements.
- Right to object: The right to object to the processing of your personal data on grounds of legitimate interests or for direct marketing purposes.
- Right to data portability: The right to receive your personal data in a structured, commonly used, and machine-readable format.
- Right to lodge a complaint: The right to file a complaint with the National Privacy Commission (NPC) if you believe your data privacy rights have been violated.
To exercise any of these rights, please contact phtaya1's Data Protection Officer (DPO) via the contact details provided in Section 12. We will respond to all valid requests within thirty (30) days of receipt. We may request proof of identity before processing a data rights request.
10. Children's Privacy
The phtaya1 Platform is strictly for use by adults who are twenty-one (21) years of age or older. phtaya1 does not knowingly collect personal data from individuals under the age of 21. If phtaya1 becomes aware that personal data has been collected from a person under 21, we will take immediate steps to delete such data and close the associated account.
If you are a parent or guardian and believe that a minor has created a phtaya1 account, please contact us immediately via live chat or email so that we can take appropriate action without delay.
11. Amendments to This Policy
phtaya1 reserves the right to update this Privacy Policy at any time. Material changes — such as new categories of data collected, new third-party sharing arrangements, or changes to your rights — will be communicated to registered members via email and/or a prominent notice on the Platform at least seven (7) days before the changes take effect.
The "Last Updated" date at the top of this Policy reflects the most recent revision. Your continued use of the Platform following the effective date of any revised Privacy Policy constitutes your acknowledgement of the changes. If you do not agree to the revised Policy, you must cease using the Platform and contact support to close your account.
12. Contact and Data Protection Officer
For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data by phtaya1, please contact our Data Protection Officer (DPO) through the following channels:
- Live Chat: Available 24/7 via the phtaya1 Platform. Average response time: under 3 minutes. For data privacy requests, please state "Data Privacy Request" at the start of your message.
- DPO Email: [email protected] (plain text — not a clickable link). Subject line: "Privacy / Data Request."
If you are not satisfied with phtaya1's response to your privacy concern, you have the right to file a complaint with the National Privacy Commission of the Philippines (NPC) through the NPC's official complaint process.