Your privacy matters to us. This Privacy Policy explains exactly what personal data php38 collects from Filipino players, why we collect it, how it is used and protected, and what rights you have under Philippine data privacy law.
php38 ("php38," "we," "us," or "the Platform"), the operator of php38.club, is committed to protecting the personal data of all players and users of the platform in accordance with Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), and its implementing rules and regulations as overseen by the National Privacy Commission (NPC) of the Philippines.
This Privacy Policy ("Policy") describes how php38 collects, uses, discloses, stores, and protects personal data provided by or generated through users' interaction with the php38 platform, including the website at php38.club and any associated mobile-optimized interfaces. This Policy forms part of the php38 Terms & Conditions and should be read in conjunction with that document.
By registering for a php38 account or using any part of the platform, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein. If you do not consent, you should not register for or use the php38 platform.
php38 does not sell personal data. We do not sell, rent, or trade your personal information to third parties for their independent marketing purposes. Your data is used solely in connection with the lawful operation of the php38 platform and compliance with applicable Philippine law.
For the purposes of the Data Privacy Act of 2012 and this Policy, the data controller responsible for the personal data of php38 users is the operator of php38.club. The data controller determines the purposes and means of processing players' personal information and is accountable for compliance with applicable data protection obligations.
php38 has designated a Data Protection Officer (DPO) as required under the DPA. The DPO is responsible for overseeing data protection practices, handling data subject requests, and serving as the primary point of contact for the National Privacy Commission. Contact details for the php38 DPO are provided in Section 15 of this Policy.
php38 collects the following categories of personal data from players and users:
| Category | Examples | When Collected |
|---|---|---|
| Identity Data | Full legal name, date of birth, nationality, government-issued ID number (e.g., PhilSys ID, passport, driver's license) | Account registration and KYC verification |
| Contact Data | Email address, Philippine mobile number, home address | Account registration and profile updates |
| Financial Data | GCash wallet reference, PayMaya account details, BPI/BDO/Metrobank account information, transaction history | Deposit and withdrawal transactions |
| Gaming Data | Game history, bet amounts, win/loss records, session duration, preferred games | Platform activity — ongoing |
| Technical Data | IP address, device type, browser type, operating system, login timestamps | Each platform session — automatic |
| Communications Data | Live chat transcripts, support ticket content, email correspondence | Customer support interactions |
php38 does not intentionally collect sensitive personal information as defined under the DPA (e.g., racial or ethnic origin, political opinions, religious beliefs, health data) unless specifically required for regulatory compliance such as responsible gaming assessments.
php38 collects personal data through the following means:
php38 processes personal data only for the following specified, legitimate purposes:
Under the Data Privacy Act of 2012, php38 processes personal data on the following legal bases:
php38 does not sell personal data. We share personal data only with the following categories of recipients and only to the extent necessary for the stated purpose:
All third-party recipients are required by contract to process personal data only for the specified purpose, to maintain adequate security measures, and to comply with applicable Philippine data protection obligations.
Some of php38's third-party service providers (such as cloud infrastructure providers or game content suppliers) may be located outside the Philippines. Where personal data is transferred to recipients in foreign jurisdictions, php38 ensures that adequate safeguards are in place in accordance with Section 21 of the Data Privacy Act, including data processing agreements containing standard contractual clauses approved by the NPC where applicable.
php38 will not transfer personal data to a foreign country that does not provide a level of protection substantially equivalent to the standards set by the DPA unless appropriate safeguards and player consent have been obtained.
php38 retains personal data for no longer than is necessary for the purposes for which it was collected, subject to any longer retention periods required by law. The following retention guidelines apply:
Upon expiry of the applicable retention period, personal data is securely deleted or anonymized in a manner that prevents re-identification.
php38 implements a combination of technical, organizational, and physical security measures to protect player personal data against unauthorized access, disclosure, alteration, or destruction. These measures include:
In the event of a personal data breach that poses a real risk to the rights and freedoms of affected players, php38 will notify the National Privacy Commission within 72 hours of discovery and will notify affected players without undue delay.
php38 uses cookies and similar tracking technologies to operate the platform, authenticate sessions, remember user preferences, analyze usage patterns, and deliver relevant promotions. The following categories of cookies are used:
You may manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of parts of the php38 platform. php38 does not use third-party advertising networks that track users across external websites.
Under the Data Privacy Act of 2012, you have the following rights with respect to your personal data held by php38:
To exercise any of the above rights, submit a written request to the php38 Data Protection Officer using the contact details in Section 15. php38 will respond to verified requests within 30 calendar days. We may require identity verification before processing any data subject request.
php38 does not knowingly collect personal data from individuals under 21 years of age. The platform is strictly restricted to adults aged 21 and above in compliance with PAGCOR regulations. If php38 discovers that personal data has been collected from a person under 21, that data will be deleted immediately and the associated account closed.
If you are a parent or guardian and believe that a person under 21 has provided personal data to php38, please contact us immediately using the contact information in Section 15 so that appropriate action may be taken.
php38 may update this Privacy Policy from time to time to reflect changes in data processing practices, applicable law, or platform features. Material changes will be communicated to registered players via email to their registered address and/or through a prominent notice upon next login to the platform.
The date of the most recent revision is displayed at the top of this Policy. Your continued use of the php38 platform following notification of a material update constitutes acceptance of the revised Policy. We encourage you to review this Policy periodically.
For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data by php38, please contact the Data Protection Officer. The php38 DPO is the designated contact point for all data privacy matters including data subject access requests, erasure requests, and complaints.
You may reach the php38 Data Protection Officer via the customer support live chat available 24/7 on the platform, or by email at the address below. This email address is provided as plain text only and is not a clickable link.
(Plain text only — not a clickable link. Copy and paste into your email client. Please include "DPO Request" in the subject line.)
If you are not satisfied with php38's response to your data privacy concern, you have the right to file a complaint directly with the National Privacy Commission of the Philippines (privacy.gov.ph).
Six principles that define how php38 handles your personal data — built into the platform from day one, not added as an afterthought.
php38 does not sell, rent, or trade personal data to third-party advertisers or data brokers. Your information exists solely to operate your php38 account and comply with Philippine law — nothing more.
All data transmitted between your device and php38 servers is encrypted with 256-bit SSL — the same standard used by Philippine banks. Your login credentials, financial data, and personal information are protected in transit.
php38's data practices fully comply with Republic Act No. 10173 (Data Privacy Act of 2012) and the implementing rules of the National Privacy Commission. A designated Data Protection Officer oversees all compliance.
Access, rectify, erase, or port your data — php38 processes all verified data subject requests within 30 calendar days. You also have the right to object to marketing use of your data at any time.
php38 retains personal data only as long as legally required. Gaming data is purged after three years. Account data is held for five years post-closure for AMLA compliance — then securely deleted.
In the unlikely event of a data breach affecting player rights, php38 notifies the National Privacy Commission within 72 hours and informs affected players without undue delay — as required by the DPA.
Your data is protected, your rights are respected, and your php38 account is secured with industry-leading encryption. Join hundreds of thousands of Filipino players who trust php38 with their gaming experience.
21+ only. Please play responsibly.