phshy Casino Privacy Policy

1.1 This Privacy Policy ("Policy") describes how phshy Casino ("phshy," "we," "us," or "our"), the operator of the online casino platform accessible at phshy.vip, collects, processes, stores, shares, and protects the personal data of individuals ("you," "Player," or "User") who access or use our platform.

1.2 phshy is committed to protecting the privacy and data security of all Filipino players. This Policy is drafted in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and the directives of the National Privacy Commission (NPC) of the Philippines. It also reflects the data handling obligations imposed on phshy under its PAGCOR operating license.

1.3 By accessing phshy.vip and creating an Account, or by continuing to use our services following any notification of updates to this Policy, you acknowledge that you have read and understood how your personal data is processed as described herein.

1.4 This Policy should be read alongside our Terms & Conditions and Responsible Gaming Policy, which together govern your use of the phshy platform.

2.1 For the purposes of the Data Privacy Act of 2012, phshy Casino is the Personal Information Controller (PIC) responsible for the personal data collected from Players on the phshy platform.

2.2 All data processing activities carried out by phshy are subject to the oversight of a designated Data Protection Officer (DPO). Queries and formal data privacy requests may be directed to the DPO using the contact details provided in Section 15 of this Policy.

3.1 phshy collects personal data proportionate to what is necessary to provide our services, satisfy our legal obligations, and comply with PAGCOR licensing conditions. The categories of personal data we collect are as follows:

3.2 phshy does not collect sensitive personal information as defined under RA 10173 (such as health data, political opinions, religious beliefs, or sexual life information) except where explicitly necessary for a specific legal obligation and with your informed consent.

4.1 phshy collects personal data through the following means:

• Direct collection at registration: Information you provide when you create a phshy Account, including your mobile number, email address, and personal details;
• KYC submission: Identity documents and photographs you upload to verify your identity and age;
• Payment transactions: Financial data collected when you make deposits or withdrawal requests via GCash, Maya, bank transfer, or cryptocurrency channels;
• Platform interaction: Gaming activity data automatically recorded as you use phshy's games and features;
• Customer support interactions: Information provided during live chat sessions, emails, or other support contacts;
• Technical data collection: Automatically collected device, browser, and session data when you access phshy.vip;
• Cookies and similar technologies: Refer to Section 10 for full details on cookie data collection.

5.1 phshy processes personal data of Filipino players strictly for the following defined purposes:

• Account creation and management — to create, verify, maintain, and manage your phshy Account;
• Age and identity verification (KYC) — to confirm that all players are 21 years of age or older and to verify identity as required by PAGCOR and Philippine law;
• Payment processing — to process deposits and withdrawals via GCash, Maya, bank transfers, and other supported Philippine payment channels;
• Anti-Money Laundering compliance — to fulfill phshy's mandatory obligations under the Anti-Money Laundering Act (RA 9160, as amended) and report as required to the Anti-Money Laundering Council (AMLC);
• Game provision and personalization — to deliver casino games, track gaming activity for accurate account management, and tailor game recommendations based on your activity history;
• Fraud prevention and security — to detect, investigate, and prevent fraudulent activity, multi-accounting, and other prohibited conduct;
• Responsible gaming — to manage self-exclusion requests, deposit limits, session controls, and other player protection tools in accordance with PAGCOR requirements;
• Customer support — to respond to your inquiries, resolve disputes, and manage your account-related requests;
• Legal compliance and regulatory reporting — to fulfill all reporting obligations to PAGCOR, the NPC, the AMLC, and any other competent Philippine authority;
• Service improvement — to analyze aggregated (anonymized) platform usage data for the purpose of improving phshy's services, features, and user experience.

6.1 Under the Data Privacy Act of 2012, phshy processes your personal data on the following legal bases:

• Contractual necessity: Processing required to fulfil the Terms & Conditions you agreed to when creating your phshy Account (account management, payment processing, game provision);
• Legal obligation: Processing required to comply with PAGCOR licensing conditions, AMLA obligations, NPC regulations, and other applicable Philippine law (KYC verification, AML monitoring, regulatory reporting);
• Consent: For processing activities not covered by the above bases — such as optional marketing communications — phshy will obtain your explicit, informed, and freely given consent beforehand. You may withdraw consent at any time;
• Legitimate interests: Processing undertaken to protect the security, integrity, and fraud-prevention requirements of the phshy platform, where these interests do not override your fundamental privacy rights.

7.1 phshy does not sell, rent, or trade the personal data of Filipino players to any third party for commercial or marketing purposes. Data sharing is limited to the following categories of recipients, each subject to binding data processing agreements and applicable privacy law:

• PAGCOR: As the licensing regulator, PAGCOR may request access to account, transaction, and gaming data for compliance audit and investigation purposes. phshy is legally obligated to provide such data upon valid request;
• Anti-Money Laundering Council (AMLC): Mandatory transaction reports as required under RA 9160;
• National Privacy Commission (NPC): In response to formal data privacy investigations or orders from the NPC;
• Payment service providers: GCash (G-Xchange Inc.), Maya Philippines Inc., and Philippine bank partners receive only the minimum data necessary to process deposits and withdrawals on your behalf;
• Game software providers: Licensed game providers (including JILI, Pragmatic Play, PG Soft, and others) may receive anonymized session identifiers to operate their games on the phshy platform. These providers do not receive your name, contact details, or financial information;
• KYC verification services: Identity verification providers used to process submitted KYC documents receive only the specific documents and data required for verification;
• IT infrastructure providers: Cloud hosting and cybersecurity service providers may process technical data as part of phshy's secure platform operations, subject to strict data processing agreements.

7.2 In the event phshy undergoes a corporate restructuring, merger, or acquisition, personal data may be transferred to the acquiring entity, subject to the acquiring entity's acceptance of equivalent data protection obligations. Players will be notified of any such transfer in advance.

8.1 phshy retains personal data only for as long as necessary to fulfill the purposes for which it was collected, subject to the following retention periods:

8.2 Upon expiry of the applicable retention period, phshy will securely delete or irreversibly anonymize the relevant personal data in accordance with NPC-approved destruction standards.

9.1 phshy implements a layered security framework to protect the personal data of Filipino players against unauthorized access, disclosure, alteration, or destruction. Our security measures include:

• Transport Layer Security (TLS 1.3): All data transmitted between your browser and phshy.vip is encrypted using industry-standard TLS 1.3 protocol with 256-bit encryption keys;
• Encryption at rest: Stored personal data — including KYC documents, financial records, and account credentials — is encrypted using AES-256 encryption in our secure cloud infrastructure;
• Access controls: Personal data is accessible only to phshy staff on a strict need-to-know basis. All internal access is logged, monitored, and subject to regular audit;
• Multi-factor authentication: Access to phshy's internal data systems requires multi-factor authentication for all personnel;
• Password security: Account passwords are never stored in plaintext. phshy uses cryptographic hashing with salting for all password storage;
• Regular penetration testing: phshy's platform undergoes periodic security assessments by independent cybersecurity professionals;
• Data breach response plan: phshy maintains a formal data breach response procedure compliant with NPC Circular 16-03, including mandatory breach notification obligations.

10.1 phshy uses cookies and similar browser-based technologies on phshy.vip to operate the platform securely, improve user experience, and fulfill certain legal requirements. A cookie is a small text file stored in your browser when you visit a website.

10.2 phshy uses the following categories of cookies:

10.3 You may manage optional cookie preferences through your browser settings at any time. Note that disabling strictly necessary cookies will impair your ability to log in and use phshy's services.

11.1 Under the Data Privacy Act of 2012 (RA 10173), all Filipino players whose personal data is processed by phshy have the following rights:

11.2 To exercise any of the above rights, please contact phshy's Data Protection Officer using the contact details in Section 15. phshy will acknowledge your request within five (5) business days and provide a substantive response within fifteen (15) business days.

11.3 If you believe your privacy rights have been violated, you have the right to file a complaint with the National Privacy Commission (NPC) of the Philippines. phshy will cooperate fully with any NPC investigation.

12.1 phshy implements mandatory KYC identity verification to confirm that all Account Holders meet the 21-year minimum age requirement in compliance with PAGCOR regulations and Philippine law.

12.2 If phshy becomes aware that personal data has been collected from an individual under 21 years of age, the Account will be permanently closed, all associated funds will be processed in accordance with PAGCOR's mandated procedures, and the data will be deleted (subject to any mandatory retention obligations under AMLA) with reasonable promptness.

12.3 Parents and guardians who have reason to believe that a minor in their care has registered a phshy Account should contact phshy immediately at [email protected] so the Account can be investigated and closed.

13.1 In operating a digital platform, some of phshy's technical infrastructure and third-party service providers may be located outside the Philippines. Where personal data of Filipino players is transferred to systems hosted or operated outside the Republic of the Philippines, phshy ensures that:

• The receiving jurisdiction or service provider offers a level of data protection comparable to the standards required under RA 10173;
• Binding contractual safeguards (data processing agreements) are in place with all third-party recipients of personal data;
• Such transfers are limited to the minimum data necessary for the specific processing purpose;
• All cross-border transfers are documented and available for review by the NPC upon valid request.

13.2 phshy does not transfer personal data to jurisdictions that do not provide adequate personal data protection standards, except where expressly permitted by the NPC or where a lawful exception under RA 10173 applies.

14.1 phshy may update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable law, or PAGCOR regulatory requirements. The "Last Updated" date at the top of this document indicates the most recent revision.

14.2 Material changes — those that significantly affect how phshy processes your personal data or materially reduce your privacy rights — will be communicated to existing Account Holders via your registered email address at least fourteen (14) days before the change takes effect.

14.3 Continued use of phshy's platform following the effective date of any updated Privacy Policy constitutes your acknowledgment of the revised terms. If you do not agree with a material change, you may request Account closure and data deletion in accordance with your rights under Section 11.

15.1 For all data privacy matters — including subject access requests, rectification requests, erasure requests, objections to processing, and data breach concerns — please contact phshy's Data Protection Officer:

15.2 phshy's DPO is available to respond to data privacy inquiries in English and Filipino. Formal written requests will receive a substantive response within fifteen (15) business days.

15.3 For concerns that cannot be resolved directly with phshy, you have the right to lodge a formal complaint with the National Privacy Commission (NPC) of the Philippines.