ph39 Privacy Policy

ph39 is a Philippines-based online gaming platform serving Filipino players across the country — from Metro Manila and the National Capital Region to Cebu, Davao, Iloilo, Cagayan de Oro, and all other regions of the Philippines. As an online platform handling real financial transactions in Philippine Peso via GCash, Maya, and Philippine bank transfers, ph39 necessarily collects and processes personal information as part of its core operations.

ph39 recognizes the fundamental right of every Filipino to privacy as enshrined in the Constitution of the Republic of the Philippines and given specific statutory protection by the Data Privacy Act of 2012. This Policy reflects ph39's commitment to processing personal data lawfully, fairly, and transparently — in a manner that Filipino players can understand and trust.

This Policy applies to all personal data processed by ph39 in connection with the registration, operation, support, and closure of Player Accounts on the ph39 Platform. It applies whether you access ph39 from a mobile device, desktop browser, or any other means.

This Policy applies to:

• All registered ph39 Players and their Account data.
• Visitors to ph39.club who have not registered an Account but whose device or browsing data may be collected through cookies and similar technologies (see Section 12).
• Individuals who contact ph39 customer support via live chat or email, even if not registered.
• Applicants for employment at ph39 (separate data processing notice provided at application stage).

This Policy does not apply to third-party websites, services, or platforms linked from the ph39 Platform. ph39 is not responsible for the data practices of any third party.

ph39 is the Personal Information Controller (PIC) in respect of all personal data processed under this Policy, as that term is defined in the Philippine Data Privacy Act of 2012. As PIC, ph39 determines the purposes and means of processing your personal data and is responsible for ensuring that processing is conducted lawfully and in compliance with the Data Privacy Act and the regulations and issuances of the National Privacy Commission (NPC).

ph39 collects the following categories of personal data, limited to what is necessary for the purposes described in Section 6:

ph39 collects personal data through the following methods:

• Directly from you — when you register an Account, submit KYC documents, make a deposit or withdrawal, contact customer support, or update your Account profile.
• Automatically — when you access the ph39 Platform, our servers and analytics tools collect technical data including IP addresses, device identifiers, and session data. This occurs on every visit regardless of whether you are logged in.
• From payment processors — GCash, Maya, GrabPay, InstaPay, and Philippine bank partners transmit transaction reference data to ph39 to confirm deposit and withdrawal completion. ph39 does not receive your full GCash PIN, bank password, or any authentication credentials from these providers.
• From identity verification partners — third-party KYC service providers may return identity verification decisions (pass/fail) and associated data to ph39 as part of the account verification process.
• From cookies and similar technologies — see Section 12 for a full description of ph39's use of cookies, session storage, and related technologies.

ph39 processes your personal data for the following specific, legitimate purposes:

• Account Registration and Management: Creating and maintaining your ph39 Account, authenticating your identity at login, managing your Balance, and personalizing your experience on the Platform.
• KYC and Identity Verification: Verifying your identity and age (21+ requirement) in compliance with PAGCOR regulations and applicable Philippine law prior to processing withdrawal requests and at other trigger points.
• Payment Processing: Processing GCash, Maya, and bank transfer deposits and withdrawal requests, maintaining transaction records, and reconciling financial statements.
• Regulatory Compliance and AML: Complying with the Philippine Anti-Money Laundering Act (AMLA), PAGCOR reporting obligations, National Privacy Commission requirements, and other applicable Philippine law.
• Fraud Detection and Security: Detecting, investigating, and preventing fraud, unauthorized account access, collusion, bot activity, and other prohibited conduct described in the ph39 Terms & Conditions.
• Customer Support: Responding to queries, complaints, and responsible gaming requests submitted via live chat or email.
• Responsible Gaming: Monitoring for indicators of problem gambling behavior and administering deposit limits, self-exclusion, and other responsible gaming tools in accordance with player requests and PAGCOR guidelines.
• Platform Improvement: Analyzing aggregated and anonymized usage data to improve Platform performance, user experience, and game offerings.
• Promotional Communications: Sending information about ph39 promotions, bonuses, and offers — but only where you have consented to receive such communications, and with a clear opt-out mechanism in every communication.

Under the Philippine Data Privacy Act, ph39 relies on the following lawful bases for processing your personal data:

ph39 does not sell, rent, or trade your personal data. Your personal data may be disclosed to the following categories of recipients only to the extent necessary for the stated purposes:

• Payment Service Providers: GCash (GXI), Maya (Voyager Innovations), GrabPay, InstaPay network participants, PesoNet network participants, and Philippine commercial banks — to process deposits and withdrawals.
• KYC and Identity Verification Partners: Third-party identity verification service providers engaged by ph39 to perform document authenticity and liveness checks for KYC compliance.
• Regulatory and Law Enforcement Authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), the Bureau of Internal Revenue (BIR), and law enforcement bodies — where disclosure is required by law, regulation, court order, or official request.
• Game and Technology Providers: Third-party game providers whose titles are accessible through the ph39 Platform may receive anonymized or pseudonymized session and wager data for game operation purposes. Game providers are contractually prohibited from using this data for any purpose other than game delivery.
• IT and Security Service Providers: Cloud hosting, security monitoring, and fraud detection service providers engaged by ph39 under strict data processing agreements. All such providers are required to process data only on ph39's instructions and consistent with this Policy.
• Professional Advisors: Legal counsel, auditors, and other professional advisors engaged by ph39 in connection with legal proceedings, compliance reviews, or corporate transactions, under applicable professional confidentiality obligations.

ph39 retains personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable Philippine law. The following retention periods apply:

Upon expiry of the applicable retention period, personal data is securely deleted or anonymized in accordance with ph39's data disposal procedures. Anonymized and aggregated data may be retained indefinitely for statistical analysis purposes.

ph39 implements technical and organizational security measures appropriate to the sensitivity of the personal data processed and the risks of unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption in transit: All data transmitted between your browser/device and ph39 servers is encrypted using TLS 1.2 or higher with 256-bit AES encryption.
• Encryption at rest: Sensitive data fields stored in ph39 databases, including government ID numbers and financial reference data, are encrypted at rest.
• Password security: Player passwords are stored using one-way cryptographic hashing. ph39 cannot retrieve your password in plain text — only reset it.
• Access controls: Internal access to personal data is restricted on a least-privilege basis. Only authorized personnel with a legitimate operational need may access identifiable player data.
• Two-factor authentication: ph39 offers two-factor authentication (2FA) to all Account holders and strongly recommends its use.
• Security monitoring: ph39 employs continuous security monitoring, intrusion detection systems, and regular vulnerability assessments.
• Incident response: In the event of a personal data breach affecting your rights and freedoms, ph39 will notify you and the National Privacy Commission within 72 hours of becoming aware of the breach, in accordance with NPC Circular 16-03.

The Philippine Data Privacy Act grants you the following rights in respect of your personal data held by ph39. You may exercise any of these rights by contacting ph39's Data Protection Officer using the contact details in Section 16:

ph39 uses cookies and similar technologies on the ph39.club website. Cookies are small data files stored on your device. ph39 uses the following types:

ph39 does not use third-party advertising or retargeting cookies. You may manage cookie preferences through your browser settings. Blocking strictly necessary cookies will impair Platform functionality. Blocking analytical cookies will not affect your gaming experience.

If you believe ph39 has inadvertently collected personal data from a minor, please contact our DPO immediately at [email protected] so the matter can be investigated and remediated without delay.

Some of ph39's third-party service providers — including certain game technology providers and cloud infrastructure partners — may be located outside the Philippines. Where personal data is transferred outside the Philippines, ph39 ensures that:

• The receiving country provides an adequate level of data protection, or
• Appropriate safeguards are in place, including contractual clauses consistent with NPC requirements, to protect your personal data during and after transfer.
• The transfer is limited to the minimum personal data necessary for the specific service being provided by the third party.

ph39 will not transfer your personal data to foreign jurisdictions that the NPC has assessed as providing inadequate data protection, without your explicit prior consent.

ph39 may revise this Privacy Policy from time to time to reflect changes in our data practices, legal obligations, or the services we provide. The "Effective Date" at the top of this Policy indicates when the current version came into force.

Material changes to this Policy — particularly those affecting your rights or the categories of data we collect — will be communicated to registered Players via in-Platform notification and/or email to your registered address at least 14 days before taking effect. For minor or clarificatory changes, the updated Policy will be published at ph39.club/privacy-policy with an updated Effective Date and a brief summary of what changed.

Your continued use of the ph39 Platform following the effective date of a revised Policy constitutes your acknowledgment of the changes. If you do not agree with a material change, you may close your Account before the effective date of the change.

For any questions, concerns, or requests relating to this Privacy Policy or ph39's data practices, or to exercise your rights as a data subject under the Data Privacy Act, please contact ph39's Data Protection Officer:

Players may also lodge complaints with the National Privacy Commission (NPC) of the Philippines if they believe their rights under the Data Privacy Act have been violated. Information on lodging an NPC complaint is available through official NPC channels.