phpark21 Privacy Policy

01 Introduction

phpark21 is committed to protecting the privacy and personal data of every player who registers and plays on our platform. We understand that trust is the foundation of any relationship between a gaming operator and its players — and that trust begins with being transparent about how we handle your information.

This Policy applies to all personal data collected through the phpark21 website at phpark21.net, the phpark21 mobile platform, customer support channels, and any other touchpoint through which you interact with phpark21. It covers data collected from players based in the Philippines and is designed to comply fully with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, as enforced by the National Privacy Commission (NPC).

This Policy should be read alongside phpark21's Terms & Conditions and Responsible Gaming Policy, both of which are incorporated by reference. Where this Policy conflicts with any other phpark21 document on matters of data privacy, this Policy shall prevail.

02 Personal Data We Collect

phpark21 collects only the personal data that is necessary for the purposes described in this Policy. The categories of personal data we collect include:

03 How We Collect Your Data

phpark21 collects your personal data through the following channels:

• Direct Collection: Data you provide when registering a phpark21 account, completing KYC verification, making a deposit or withdrawal, contacting customer support, or participating in promotions.
• Automated Collection: Technical and usage data collected automatically when you access the phpark21 platform, including through cookies, web beacons, server logs, and similar tracking technologies.
• Third-Party Sources: Identity verification data from KYC service providers; fraud and AML screening data from compliance service providers; payment verification data from GCash, PayMaya, BPI, BDO, and Metrobank.
• Regulatory Sources: Data received from PAGCOR, the Anti-Money Laundering Council (AMLC), or other Philippine regulatory authorities in connection with compliance obligations.

phpark21 does not collect personal data from social media platforms or third-party data brokers for marketing purposes. Any data received from third parties is used solely for the purposes of identity verification, fraud prevention, and regulatory compliance.

04 How We Use Your Personal Data

phpark21 uses your personal data for the following purposes:

• Account Management: To create, maintain, and manage your phpark21 player account, including processing your registration, verifying your identity, and managing your account settings.
• Service Delivery: To provide you with access to phpark21's full range of gaming services, including casino games, sports betting, live dealer tables, bingo, and slot games.
• Financial Transactions: To process your deposits and withdrawals via GCash, PayMaya, BPI, BDO, and Metrobank, and to maintain accurate records of all financial transactions on your account.
• KYC and AML Compliance: To verify your identity and age (21+), screen your account against sanctions lists, and comply with the Anti-Money Laundering Act of the Philippines (Republic Act No. 9160, as amended).
• Responsible Gaming: To monitor your gaming activity for signs of problem gambling, enforce deposit and loss limits, process self-exclusion requests, and comply with PAGCOR's responsible gaming requirements.
• Customer Support: To respond to your queries, complaints, and requests, and to maintain records of our communications for quality assurance and dispute resolution purposes.
• Security and Fraud Prevention: To detect, investigate, and prevent fraudulent activity, unauthorized account access, bonus abuse, and other prohibited conduct on the phpark21 platform.
• Platform Improvement: To analyze usage patterns, conduct A/B testing, and improve the functionality, performance, and user experience of the phpark21 platform.
• Marketing Communications: To send you promotional offers, bonus notifications, and platform updates via email or SMS, where you have consented to receive such communications. You may opt out at any time.
• Legal and Regulatory Compliance: To comply with applicable Philippine laws and regulations, respond to lawful requests from regulatory authorities, and enforce phpark21's Terms & Conditions.

05 Legal Basis for Processing

Under the Philippine Data Privacy Act of 2012, phpark21 processes your personal data on the following legal bases:

• Contractual Necessity: Processing is necessary to perform the contract between you and phpark21 — specifically, to provide you with access to the phpark21 gaming platform and to process your financial transactions.
• Legal Obligation: Processing is required to comply with phpark21's legal and regulatory obligations under Philippine law, including KYC/AML requirements under the Anti-Money Laundering Act, age verification requirements under PAGCOR regulations, and data retention requirements.
• Legitimate Interests: Processing is necessary for phpark21's legitimate interests in operating a secure, fair, and commercially viable gaming platform — including fraud prevention, platform security, and service improvement — provided that such interests are not overridden by your rights and interests.
• Consent: For marketing communications and non-essential cookies, processing is based on your freely given, specific, informed, and unambiguous consent. You may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

06 Data Sharing & Disclosure

phpark21 does not sell, rent, or trade your personal data to third parties for commercial or marketing purposes. We may share your personal data with the following categories of recipients, strictly on a need-to-know basis and subject to appropriate data protection safeguards:

• Payment Processors: GCash, PayMaya, BPI, BDO, and Metrobank, for the purpose of processing your deposits and withdrawals. These providers process your financial data under their own privacy policies and applicable Philippine financial regulations.
• KYC and Identity Verification Providers: Third-party service providers engaged by phpark21 to perform identity verification, age verification, and document authentication as part of our KYC process.
• AML Compliance Providers: Third-party screening services used to check player accounts against sanctions lists, politically exposed persons (PEP) databases, and adverse media sources in compliance with the Anti-Money Laundering Act.
• Technology and Platform Providers: Cloud hosting providers, game software providers, and IT service providers who process data on phpark21's behalf under strict data processing agreements.
• Regulatory Authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other Philippine government agencies, where disclosure is required by law, court order, or regulatory directive.
• Law Enforcement: Philippine law enforcement agencies, where disclosure is required in connection with the investigation or prosecution of criminal activity, including fraud and money laundering.
• Professional Advisors: Legal counsel, auditors, and other professional advisors engaged by phpark21, subject to professional confidentiality obligations.

All third parties with whom phpark21 shares personal data are required to process that data in accordance with applicable Philippine data protection law and phpark21's data protection standards. phpark21 does not transfer personal data outside the Philippines except where required by law or where adequate data protection safeguards are in place.

07 Cookies & Tracking Technologies

phpark21 uses cookies and similar tracking technologies (including web beacons, pixel tags, and local storage) to operate and improve the phpark21 platform. The following types of cookies are used:

You can manage your cookie preferences at any time through your browser settings. Please note that disabling strictly necessary cookies may affect the functionality of the phpark21 platform. Disabling functional, analytics, or marketing cookies will not prevent you from accessing phpark21's gaming services.

08 Data Retention

phpark21 retains your personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable Philippine law and regulatory requirements. The following retention periods apply:

• Account Data: Retained for the duration of your active phpark21 account, plus a minimum of five (5) years following account closure, in accordance with PAGCOR licensing requirements and the Anti-Money Laundering Act.
• KYC and Identity Documents: Retained for a minimum of five (5) years following the end of the business relationship, as required by the Anti-Money Laundering Act of the Philippines.
• Financial Transaction Records: Retained for a minimum of five (5) years from the date of each transaction, in compliance with AML and tax record-keeping requirements.
• Gaming Records: Retained for a minimum of three (3) years following account closure, for dispute resolution and regulatory audit purposes.
• Customer Support Records: Retained for a minimum of two (2) years following the resolution of each support interaction.
• Marketing Consent Records: Retained for the duration of your consent, plus a reasonable period thereafter to demonstrate compliance with consent requirements.

Upon expiry of the applicable retention period, phpark21 will securely delete or anonymize your personal data in accordance with its data disposal procedures. Where data cannot be immediately deleted due to technical constraints, it will be isolated and protected from further processing until deletion is possible.

09 Data Security

phpark21 implements a comprehensive set of technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, loss, or destruction. These measures include:

• 256-Bit SSL/TLS Encryption: All data transmitted between your device and phpark21's servers is encrypted using industry-standard 256-bit SSL/TLS protocols.
• Data Encryption at Rest: Sensitive personal data stored on phpark21's servers, including identity documents and financial data, is encrypted at rest using AES-256 encryption.
• Access Controls: Access to personal data is restricted to authorized phpark21 personnel on a strict need-to-know basis. All staff with access to personal data are subject to confidentiality obligations and regular data protection training.
• Two-Factor Authentication: phpark21 offers two-factor authentication (2FA) for player accounts to provide an additional layer of security against unauthorized access.
• Intrusion Detection and Monitoring: phpark21's systems are monitored 24/7 for suspicious activity, unauthorized access attempts, and potential security incidents.
• Regular Security Audits: phpark21 conducts regular security assessments and penetration testing to identify and remediate potential vulnerabilities in its systems.
• Data Breach Response: In the event of a personal data breach that poses a risk to your rights and freedoms, phpark21 will notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach, and will notify affected players without undue delay, in accordance with the Data Privacy Act.

10 Your Data Rights

Under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data held by phpark21:

• Right to Be Informed: You have the right to be informed about how phpark21 collects, uses, and processes your personal data — which is the primary purpose of this Privacy Policy.
• Right of Access: You have the right to request a copy of the personal data that phpark21 holds about you, along with information about how it is being processed.
• Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data that phpark21 holds about you.
• Right to Erasure: You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to phpark21's legal and regulatory retention obligations.
• Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes. You may also object to processing based on legitimate interests, subject to phpark21's overriding legitimate grounds.
• Right to Data Portability: You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format, and to request that it be transmitted to another data controller where technically feasible.
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the National Privacy Commission (NPC) if you believe that phpark21 has processed your personal data in violation of the Data Privacy Act.

To exercise any of the above rights, please contact phpark21's Data Protection Officer using the contact details provided in Section 13 of this Policy. phpark21 will respond to all data rights requests within 30 calendar days of receipt. In complex cases, this period may be extended by a further 30 days, in which case phpark21 will notify you of the extension and the reasons for it.

11 Children's Privacy

The phpark21 platform is strictly intended for adults aged 21 years and above, in accordance with Philippine gaming regulations. phpark21 does not knowingly collect, process, or store personal data from any person under the age of 21.

If phpark21 becomes aware that personal data has been collected from a person under the age of 21, we will immediately suspend the associated account, delete the personal data in question, and report the incident to PAGCOR as required by our licensing obligations.

If you are a parent or guardian and believe that your child (under 21) has registered on phpark21 or provided personal data to phpark21 without your knowledge, please contact our Data Protection Officer immediately using the contact details in Section 13 of this Policy.

12 Updates to This Privacy Policy

phpark21 reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, applicable Philippine law, or regulatory requirements. The date of the most recent revision is displayed at the top of this Policy.

Where changes to this Policy are material — meaning they significantly affect your rights or how phpark21 processes your personal data — phpark21 will notify registered players via email or through a prominent notice on the phpark21 platform at least 14 days before the changes take effect.

Your continued use of the phpark21 platform following the effective date of any updated Privacy Policy constitutes your acceptance of the revised Policy. If you do not agree with the updated Policy, you should cease using the phpark21 platform and contact customer support to close your account.

We recommend that you review this Privacy Policy periodically to stay informed of how phpark21 is protecting your personal data. Previous versions of this Policy are available upon request from our Data Protection Officer.

13 Contact Us & Data Protection Officer

If you have any questions, concerns, or requests relating to this Privacy Policy or phpark21's data processing practices, please contact our Data Protection Officer (DPO):

Please include your registered phpark21 username, a clear description of your request or concern, and any relevant supporting information. For data rights requests, phpark21 may require you to verify your identity before processing your request.

If you are not satisfied with phpark21's response to your data privacy concern, you have the right to escalate your complaint to the National Privacy Commission (NPC) of the Philippines, which is the supervisory authority responsible for enforcing the Data Privacy Act of 2012.