phpopen Privacy Policy

This Privacy Policy ("Policy") describes how phpopen ("phpopen," "we," "us," "our") collects, uses, stores, discloses, and protects the personal information of individuals ("you," "your," "Data Subject") who access or use the phpopen online gaming platform, website located at https://phpopen.org, and all associated services (collectively, the "Platform"). This Policy is issued in compliance with Republic Act No. 10173, the Philippine Data Privacy Act of 2012 ("DPA"), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission ("NPC").

By registering an account on phpopen or continuing to use the Platform, you acknowledge that you have read and understood this Policy and consent to the collection and processing of your personal data as described herein. If you do not agree to this Policy, please discontinue use of the Platform immediately.

01 Introduction & Scope

1.1 This Policy applies to all personal data collected by phpopen in connection with the operation of the Platform, including data collected during account registration, identity verification, payment processing, customer support interactions, and general use of the Platform.

1.2 This Policy applies to all users of the phpopen Platform, including registered members, visitors, and any individual whose personal data phpopen processes in the course of its operations.

1.3 This Policy should be read together with the phpopen Terms & Conditions and Responsible Gaming Policy, both of which are incorporated herein by reference.

02 Data Controller Information

2.1 phpopen acts as the Personal Information Controller ("PIC") with respect to the personal data it collects and processes in connection with the Platform. As PIC, phpopen determines the purposes and means of processing your personal data.

2.2 phpopen has designated a Data Protection Officer ("DPO") responsible for overseeing compliance with the DPA and this Policy. You may contact the DPO at the email address provided in Section 14 of this Policy.

03 Personal Data We Collect

phpopen collects the following categories of personal data, depending on how you interact with the Platform:

Category	Examples	When Collected
Identity Data	Full legal name, date of birth, government-issued ID number, nationality	Registration & KYC verification
Contact Data	Email address, Philippine mobile number, residential address	Registration & account updates
Financial Data	GCash number, PayMaya account, bank account details (BPI, BDO, Metrobank), transaction history	Deposits & withdrawals
Gaming Data	Game history, wager amounts, win/loss records, session duration, responsible gaming settings	Platform use
Technical Data	IP address, device type, browser type, operating system, cookies, session tokens	Automatic collection during Platform use
Communications Data	Support chat transcripts, Viber messages, email correspondence with phpopen	Customer support interactions
Verification Documents	Scanned copies of Philippine ID, passport, driver's license, proof of address	KYC & AML compliance

3.1 Sensitive Personal Information: phpopen may collect sensitive personal information as defined under the DPA, including government ID numbers, where required for identity verification and regulatory compliance. Such data is processed with heightened security measures and is not used for any purpose beyond those stated in this Policy.

04 How We Collect Your Data

phpopen collects personal data through the following means:

• Directly from you: When you register an account, complete KYC verification, make a deposit or withdrawal, contact customer support, or update your account settings;
• Automatically: Through cookies, web beacons, log files, and similar tracking technologies when you access or use the Platform;
• From third parties: From payment processors (GCash, PayMaya, BPI, BDO, Metrobank), identity verification service providers, and fraud prevention partners, where necessary to verify your identity or process transactions;
• From regulatory sources: From PAGCOR or other regulatory bodies where required by law, including self-exclusion registers and AML databases.

05 Purposes & Legal Basis for Processing

phpopen processes your personal data for the following purposes, each supported by a lawful basis under the DPA:

• Account registration and management: To create and maintain your phpopen account, verify your identity, and provide access to Platform features. (Legal basis: Performance of contract; consent)
• Payment processing: To process deposits and withdrawals via GCash, PayMaya, and Philippine banks, and to maintain accurate financial records. (Legal basis: Performance of contract; legal obligation)
• Regulatory compliance: To comply with PAGCOR licensing requirements, anti-money laundering (AML) obligations under Republic Act No. 9160, and other applicable Philippine laws. (Legal basis: Legal obligation)
• Fraud prevention and security: To detect, investigate, and prevent fraudulent activity, cheating, and unauthorized access to the Platform. (Legal basis: Legitimate interests; legal obligation)
• Responsible gaming: To monitor gaming behavior, enforce responsible gaming tools, and identify players who may be at risk of gambling-related harm. (Legal basis: Legal obligation; legitimate interests)
• Customer support: To respond to your inquiries, resolve disputes, and improve the quality of our support services. (Legal basis: Performance of contract; legitimate interests)
• Marketing communications: To send you promotional offers, bonus notifications, and platform updates, where you have provided consent. You may withdraw consent at any time by contacting support. (Legal basis: Consent)
• Platform improvement: To analyze usage patterns, conduct research, and improve the features and performance of the phpopen Platform. (Legal basis: Legitimate interests)

06 Cookies & Tracking Technologies

6.1 phpopen uses cookies and similar tracking technologies to enhance your experience on the Platform, maintain your session, remember your preferences, and analyze Platform usage.

6.2 The following types of cookies are used on the phpopen Platform:

• Strictly Necessary Cookies: Required for the Platform to function. These cannot be disabled. They include session authentication tokens and security cookies.
• Functional Cookies: Remember your preferences such as language settings and responsible gaming limits.
• Analytics Cookies: Collect anonymized data about how players use the Platform to help us improve performance and user experience.
• Security Cookies: Used to detect and prevent fraudulent activity and unauthorized access.

6.3 You may manage cookie preferences through your browser settings. Disabling strictly necessary cookies may impair the functionality of the phpopen Platform.

07 Sharing Your Personal Data

7.1 phpopen does not sell, rent, or trade your personal data to third-party marketers under any circumstances.

7.2 phpopen may share your personal data with the following categories of recipients, strictly on a need-to-know basis and subject to appropriate data processing agreements:

• Payment processors: GCash, PayMaya, BPI, BDO, Metrobank, and other payment service providers, for the purpose of processing deposits and withdrawals;
• Identity verification providers: Third-party KYC and AML service providers engaged to verify player identities and screen against regulatory watchlists;
• Game providers: Licensed game software providers whose games are available on the phpopen Platform, to the extent necessary to deliver game services;
• Regulatory authorities: PAGCOR, the National Privacy Commission, the Anti-Money Laundering Council (AMLC), and other Philippine government agencies, where required by law;
• IT and security service providers: Cloud hosting, cybersecurity, and fraud detection service providers engaged to support Platform operations;
• Legal and professional advisors: Lawyers, auditors, and compliance consultants, subject to professional confidentiality obligations.

7.3 All third-party service providers engaged by phpopen are contractually required to process personal data only in accordance with phpopen's instructions and in compliance with the DPA.

08 Data Retention

8.1 phpopen retains personal data for as long as necessary to fulfill the purposes described in this Policy, or as required by applicable Philippine law and PAGCOR regulations.

8.2 As a general guideline, phpopen applies the following retention periods:

• Account and identity data: Retained for the duration of your account and for a minimum of five (5) years following account closure, in compliance with AML record-keeping requirements;
• Financial transaction records: Retained for a minimum of five (5) years from the date of the transaction, as required by Philippine AML law;
• Gaming history: Retained for a minimum of three (3) years from the date of the gaming session;
• Customer support records: Retained for two (2) years from the date of the interaction;
• Marketing consent records: Retained for the duration of your consent and for one (1) year following withdrawal of consent.

8.3 Upon expiry of the applicable retention period, phpopen will securely delete or anonymize your personal data in a manner that prevents reconstruction or identification.

09 Data Security

9.1 phpopen implements appropriate technical and organizational security measures to protect your personal data against unauthorized access, accidental loss, destruction, alteration, or disclosure. These measures include:

• SSL/TLS encryption for all data transmitted between your device and the phpopen Platform;
• Encryption of sensitive data at rest using industry-standard algorithms;
• Role-based access controls limiting employee access to personal data on a strict need-to-know basis;
• Regular security audits, vulnerability assessments, and penetration testing;
• Multi-factor authentication for administrative access to systems containing personal data;
• Incident response procedures aligned with NPC breach notification requirements.

9.2 In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, phpopen will notify the National Privacy Commission within seventy-two (72) hours of becoming aware of the breach, and will notify affected data subjects without undue delay, in accordance with NPC Circular No. 16-03.

9.3 While phpopen takes all reasonable steps to protect your personal data, no method of electronic transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your phpopen Login credentials and for notifying phpopen immediately of any suspected unauthorized access to your account.

10 Your Rights as a Data Subject

Under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data held by phpopen:

• Right to be Informed: You have the right to be informed of how your personal data is being collected and processed, as set out in this Policy;
• Right to Access: You have the right to request a copy of the personal data phpopen holds about you, along with information about how it is being processed;
• Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data phpopen holds about you;
• Right to Erasure: You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to phpopen's legal retention obligations;
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible;
• Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interests;
• Right to Restrict Processing: You have the right to request that phpopen restrict the processing of your personal data in certain circumstances;
• Right to Damages: You have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data.

10.1 To exercise any of the above rights, please contact phpopen's Data Protection Officer using the contact details in Section 14. phpopen will respond to all verified data subject requests within fifteen (15) business days of receipt. We may require proof of identity before processing your request.

10.2 If you believe phpopen has not adequately addressed your privacy concerns, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines.

11 Children & Minors

11.1 The phpopen Platform is strictly intended for individuals who are 21 years of age or older, in accordance with Philippine law. phpopen does not knowingly collect personal data from individuals under the age of 21.

11.2 If phpopen becomes aware that it has inadvertently collected personal data from a minor, it will take immediate steps to delete such data and close the associated account. If you believe a minor has registered on the phpopen Platform, please contact our support team immediately.

12 Cross-Border Data Transfers

12.1 phpopen primarily stores and processes personal data within the Philippines. Where it is necessary to transfer personal data to service providers or partners located outside the Philippines, phpopen will ensure that such transfers are conducted in compliance with the DPA and NPC regulations, including the implementation of appropriate safeguards such as data processing agreements incorporating standard contractual clauses.

12.2 phpopen will not transfer your personal data to a foreign country or international organization unless that country or organization provides an adequate level of protection for personal data, or appropriate safeguards are in place as required by the NPC.

13 Changes to This Privacy Policy

13.1 phpopen reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, legal obligations, or regulatory requirements. The most current version of this Policy will always be available on this page, with the "Last Updated" date revised accordingly.

13.2 Where changes are material, phpopen will notify registered players via the email address or mobile number on file at least seven (7) days before the changes take effect. Your continued use of the Platform after the effective date of any amendment constitutes your acceptance of the revised Policy.

13.3 If you do not agree to any amended Privacy Policy, you must cease using the phpopen Platform and may request account closure by contacting our support team.

14 Contact & Complaints

14.1 If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data by phpopen, please contact our Data Protection Officer through any of the following channels:

• Email: support@phpopen.org (plain text – not a clickable link)
• Live Chat: Available 24/7 within the phpopen Platform
• Viber: Available within the phpopen Platform

14.2 phpopen's support and privacy team is staffed by Filipino agents available around the clock to assist players from Manila, Cebu, Davao, Quezon City, Makati, and across the Philippines.

14.3 If you are not satisfied with phpopen's response to your privacy concern, you may file a complaint with the National Privacy Commission (NPC) of the Philippines. Information on how to file a complaint is available on the NPC's official website.

By using the phpopen Platform, you acknowledge that you have read, understood, and agree to this Privacy Policy in its entirety. This Policy was last updated on January 1, 2026.