Summary for Filipino Players
phpaldo takes your privacy seriously. We collect the personal data we need to run a
safe, PAGCOR-compliant gaming platform — and nothing more. We do not sell your data.
We do not share it beyond what is required for operations and regulatory compliance.
Under the Data Privacy Act of 2012 (Republic Act No. 10173), you have enforceable
rights over your personal information that phpaldo is legally obligated to respect.
Introduction
This Privacy Policy ("Policy") describes how phpaldo ("phpaldo," "we," "us," or "our") — a PAGCOR-registered online gaming platform operating at phpaldo.one — collects, processes, stores, and protects the personal data of individuals who register accounts, access the platform, or otherwise interact with phpaldo's services ("you," "your," or "the Data Subject").
phpaldo is committed to complying fully with the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines and its implementing rules and regulations, as enforced by the National Privacy Commission (NPC). phpaldo is also subject to data-handling obligations imposed by PAGCOR as part of its registration conditions as a licensed online gaming operator.
This Policy should be read alongside phpaldo's Terms & Conditions, which constitute the overarching legal agreement governing your use of the phpaldo platform. By registering a phpaldo account or otherwise using the platform, you acknowledge that you have read and understood this Privacy Policy.
Data Controller Identity
For the purposes of the Data Privacy Act of 2012 and applicable data protection law, the data controller responsible for personal data processed in connection with the phpaldo platform is:
phpaldo
Platform: phpaldo.one
Privacy contact: [email protected]
Regulatory Authority: Philippine Amusement and Gaming Corporation (PAGCOR)
Data Protection Supervisor: National Privacy Commission (NPC), Philippines
phpaldo has appointed a Data Protection Officer (DPO) in accordance with the requirements of the Data Privacy Act. The DPO is responsible for overseeing phpaldo's data protection practices and may be contacted at the email address listed above for all privacy-related enquiries, access requests, and complaints.
Personal Data We Collect
phpaldo collects the following categories of personal data from users of the platform. The specific data points collected depend on the nature of your interaction with phpaldo and the stage of your account lifecycle.
| Category | Data Points | When Collected |
|---|---|---|
| Registration Data | Full legal name, date of birth, email address, Philippine mobile number, chosen username, password (hashed) | Account registration |
| KYC / Identity Data | Government-issued ID (UMID, Driver's License, Philippine Passport), ID number, selfie photograph, residential address | KYC verification process |
| Financial Data | GCash account number, PayMaya account, bank account details (BPI, BDO, Metrobank), deposit amounts, withdrawal amounts, transaction timestamps | Deposit and withdrawal transactions |
| Gaming Activity Data | Game history, wager amounts, win/loss outcomes, session duration, game preferences, bonus usage | During gameplay sessions |
| Technical & Device Data | IP address, device type, browser type and version, operating system, screen resolution, mobile network provider (Smart/Globe/DITO) | Platform access and login events |
| Communication Data | Live chat transcripts, support email correspondence, content of complaints and dispute submissions | Customer support interactions |
| Responsible Gaming Data | Self-exclusion records, deposit limit settings, loss limit settings, cooling-off period records | When responsible gaming tools are activated |
phpaldo does not collect sensitive personal information as defined under Section 3(l) of the Data Privacy Act (such as health data, political or religious affiliations, or criminal records) unless specifically required by PAGCOR regulations or by court order, in which case collection will be subject to additional safeguards.
How We Collect Your Data
phpaldo collects personal data through the following channels and mechanisms:
- Direct submission — information you provide when completing the registration form, submitting KYC documents, contacting support, or activating responsible gaming tools;
- Automated collection — technical and device data collected automatically when you access the phpaldo platform, log in, or engage with any game or platform feature;
- Transaction processing — financial data transmitted as part of deposit and withdrawal processing through GCash, PayMaya, BPI, BDO, Metrobank, InstaPay, and PESONet;
- Third-party verification providers — identity and document verification data processed by phpaldo's KYC service provider as part of the identity verification workflow;
- Cookies and similar technologies — session data and preference data collected via cookies placed on your device when you access phpaldo.one (see Section 8 for full cookie information).
Legal Basis for Processing
phpaldo processes personal data only where there is a lawful basis for doing so under the Data Privacy Act of 2012. The applicable legal basis for each processing activity is described below:
- Contractual necessity — processing required to perform our obligations under the phpaldo Terms & Conditions, including account creation, gameplay facilitation, payment processing, and withdrawal execution;
- Legal obligation — processing required to comply with PAGCOR's licensing conditions, the Anti-Money Laundering Act (AMLA), the Data Privacy Act, and any other applicable Philippine law;
- Legitimate interests — processing necessary for phpaldo's legitimate business interests, including fraud prevention, platform security, responsible gaming enforcement, and service improvement, where such interests are not overridden by your rights and interests;
- Consent — processing for optional purposes such as marketing communications and personalised promotions, where you have explicitly opted in. You may withdraw consent at any time by contacting phpaldo's support team.
How We Use Your Personal Data
phpaldo uses your personal data for the following specific purposes:
- Account creation and management — establishing and maintaining your phpaldo account, authenticating logins, and managing account settings;
- Identity verification (KYC) — verifying your identity and age (21+) in compliance with PAGCOR regulations and AML obligations;
- Payment processing — executing deposit and withdrawal transactions via GCash, PayMaya, and linked bank accounts in Philippine Peso;
- Regulatory reporting — submitting required reports to PAGCOR and the Anti-Money Laundering Council (AMLC) as mandated by Philippine law;
- Fraud and security monitoring — detecting and preventing account fraud, bonus abuse, multiple account registration, and unauthorised access;
- Responsible gaming — monitoring gaming activity to support responsible gambling commitments, enforcing self-exclusion records, and applying player-activated limits;
- Customer support — responding to enquiries, complaints, and disputes submitted through live chat and email;
- Platform improvement — analysing aggregated, anonymised usage data to improve game performance, user interface design, and payment reliability;
- Marketing communications — sending promotional offers, bonus notifications, and platform updates to players who have opted in to receive marketing communications. Players who have not opted in will not receive unsolicited marketing from phpaldo.
phpaldo Does Not Use Your Data For
phpaldo does not use your personal data to build advertising profiles for third-party
advertisers. We do not sell your gaming history, transaction data, or personal
information to data brokers, marketing companies, or any external commercial entity.
Your phpaldo data stays within the phpaldo ecosystem.
Data Sharing & Third Parties
phpaldo does not sell personal data to any third party under any circumstances. Personal data is shared only in the following limited and documented circumstances:
- KYC and identity verification providers — your government ID and selfie data are transmitted to phpaldo's contracted identity verification provider for the sole purpose of completing your account verification. This provider is subject to a data processing agreement with obligations equivalent to this Policy;
- Payment processors — transaction data is shared with GCash (GXI), PayMaya (Voyager Innovations), and relevant banks as required to execute deposit and withdrawal instructions. These parties process data under their own PDPA-compliant privacy frameworks;
- Gaming software providers — your account identifier and game session data are transmitted to phpaldo's licensed game providers (e.g., JILI, Pragmatic Play) for the purpose of game delivery and outcome verification;
- PAGCOR and Philippine regulatory authorities — phpaldo is required by law to submit periodic reports and respond to regulatory requests. Personal data shared in this context is the minimum necessary to satisfy the legal obligation;
- Anti-Money Laundering Council (AMLC) — phpaldo is required under the Anti-Money Laundering Act to report covered and suspicious transactions. Such reports include personal data of the relevant account holder;
- Law enforcement — phpaldo will disclose personal data in response to a valid court order, search warrant, or other lawful legal process issued by a Philippine court or competent authority.
All third-party service providers with whom phpaldo shares personal data are bound by contractual data processing obligations that prohibit further sharing, require adequate security measures, and limit processing to the purpose for which data was shared.
Cookies & Tracking Technologies
phpaldo uses cookies and similar tracking technologies on the phpaldo.one website to enable essential platform functions, maintain your login session, and gather anonymised analytics data to improve platform performance.
The categories of cookies phpaldo uses are as follows:
- Strictly necessary cookies — these cookies are essential for the phpaldo platform to function. They maintain your authenticated login session, remember your responsible gaming settings, and enable core platform features. These cannot be disabled without preventing your use of the platform;
- Performance and analytics cookies — these cookies collect anonymised data about how players interact with the phpaldo platform, including which pages are visited most frequently and where errors occur. This data is used solely for platform improvement and is not linked to individual player identities;
- Functional cookies — these cookies remember your preferences (such as language settings and game lobby view configuration) to personalise your phpaldo experience across sessions.
phpaldo does not use third-party advertising cookies or tracking pixels that collect data for external advertising networks. You may manage cookie preferences through your browser settings. Note that disabling strictly necessary cookies will impair your ability to access and use the phpaldo platform.
Data Retention
phpaldo retains personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable Philippine law. The following retention periods apply:
- Account and KYC records — retained for a minimum of 5 years from the date of account closure, as required by PAGCOR's record-keeping obligations and the Anti-Money Laundering Act;
- Transaction records — deposit and withdrawal records are retained for a minimum of 5 years in compliance with AMLC requirements;
- Gaming activity records — game history and wagering data are retained for 2 years for dispute resolution purposes, after which they are anonymised or deleted;
- Support communications — live chat transcripts and email correspondence are retained for 2 years and then securely deleted;
- Self-exclusion records — records of self-exclusion decisions are retained indefinitely to prevent re-registration by excluded players, as required by responsible gaming obligations;
- Marketing consent records — records of marketing opt-in and opt-out are retained for the duration of the account plus 1 year to demonstrate consent compliance.
Upon expiry of the applicable retention period, phpaldo will securely delete or anonymise personal data in a manner that renders it unrecoverable and unattributable to any individual.
Data Security
phpaldo implements a comprehensive set of technical and organisational security measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures include:
- 256-bit SSL/TLS encryption for all data transmitted between your device and phpaldo's servers;
- Encryption at rest for all stored personal data, including KYC documents, payment data, and account credentials;
- Hashed password storage — phpaldo stores passwords using industry-standard one-way cryptographic hashing. phpaldo employees cannot retrieve or view your password in plaintext;
- Two-factor authentication (2FA) available for all player accounts and required for all phpaldo staff accessing internal systems containing personal data;
- Access controls — personal data is accessible only to phpaldo personnel with a documented business need. All staff access is logged and subject to audit;
- Regular security testing — phpaldo conducts periodic vulnerability assessments and penetration testing of its platform infrastructure;
- Data breach response — in the event of a personal data breach, phpaldo will notify the National Privacy Commission within 72 hours as required by NPC Circular No. 16-03, and will notify affected players without undue delay where the breach poses a risk to their rights and freedoms.
Your Role in Account Security
phpaldo's security measures protect your data at the platform level. You are equally
responsible for protecting your phpaldo account by keeping your password confidential,
enabling 2FA, and logging out of shared devices. phpaldo will never ask for your
password through any channel. See our Terms & Conditions
for full account security obligations.
Your Data Subject Rights
Under the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines, you have the following rights with respect to your personal data held by phpaldo. These are legal rights — phpaldo is obligated to fulfil them:
- Right to Access — you may request a copy of all personal data phpaldo holds about you, including the categories of data, the purposes for which it is processed, and any third parties with whom it has been shared;
- Right to Correction / Rectification — if any personal data held by phpaldo is inaccurate or incomplete, you may request that it be corrected. Corrections to KYC-verified data may require re-verification;
- Right to Erasure ("Right to be Forgotten") — you may request that phpaldo delete your personal data where it is no longer necessary for the purpose for which it was collected, subject to phpaldo's legal retention obligations under PAGCOR and AMLC regulations;
- Right to Object — you may object to phpaldo's processing of your personal data for marketing purposes at any time. You may also object to processing based on legitimate interests where your rights and interests override those of phpaldo;
- Right to Data Portability — you may request your personal data in a structured, commonly used, machine-readable format for transfer to another service provider where technically feasible;
- Right to Lodge a Complaint — if you believe phpaldo has processed your personal data unlawfully, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines.
To exercise any of these rights, please submit your request in writing to [email protected] with the subject line "Data Subject Rights Request." phpaldo will acknowledge your request within 5 business days and provide a substantive response within 30 calendar days, or such shorter period as required by applicable law.
Children's Privacy and the 21+ Rule
phpaldo's gaming services are strictly restricted to individuals aged 21 years and above under PAGCOR's regulatory requirements. phpaldo does not knowingly collect personal data from any person under the age of 21.
During registration, phpaldo requires all applicants to provide their date of birth and submit to KYC age verification. Any account found to have been registered with a false date of birth will be immediately closed and all associated data will be processed in accordance with phpaldo's obligations under the Data Privacy Act and PAGCOR's guidelines.
If a parent or guardian believes that a person under the age of 21 has registered a phpaldo account without authorisation, they should contact phpaldo immediately at [email protected]. phpaldo will investigate the report and take appropriate action, including account closure and data deletion, within 5 business days.
International Data Transfers
phpaldo's primary data processing infrastructure is located in the Philippines. Where personal data is transferred to third-party service providers whose infrastructure is located outside the Philippines — such as certain gaming software providers or KYC verification platforms — phpaldo ensures that such transfers are subject to appropriate safeguards.
These safeguards include:
- Data processing agreements requiring the recipient to maintain data protection standards equivalent to or exceeding those required under Philippine law;
- Transfer to jurisdictions that the National Privacy Commission has recognised as providing an adequate level of data protection;
- Standard contractual clauses approved by the NPC, where applicable.
phpaldo does not transfer personal data to jurisdictions without adequate data protection frameworks unless explicitly required by PAGCOR regulations or a court order from a Philippine court.
Amendments to This Privacy Policy
phpaldo reserves the right to amend this Privacy Policy from time to time to reflect changes in Philippine law, NPC guidance, PAGCOR regulatory requirements, or phpaldo's internal data processing practices.
Where amendments are material — affecting the nature of data collected, the purposes for which it is used, or the rights available to players — phpaldo will provide at least 14 days' advance notice by posting a prominent notification on the phpaldo.one platform and, where possible, notifying affected players via their registered email address.
The current version of this Privacy Policy is always accessible at phpaldo.one/privacy-policy. The effective date at the top of this document confirms the version in force. Continued use of the phpaldo platform after any amended Policy takes effect constitutes acceptance of the revised terms.
Contact & Data Protection Officer
All privacy-related enquiries, data subject rights requests, complaints, and questions about this Policy should be directed to phpaldo's Data Protection Officer:
phpaldo Data Protection Officer
Email: [email protected]
Subject line for rights requests: "Data Subject Rights Request"
Response time: Within 5 business days (acknowledgement); within 30 days (full response)
Platform: phpaldo.one/privacy-policy
If you are not satisfied with phpaldo's response to a privacy complaint, you have the right to escalate your concern to the National Privacy Commission (NPC) of the Philippines, which is the statutory supervisory authority for data protection matters in the Philippines.
For responsible gaming concerns unrelated to data privacy — such as self-exclusion, deposit limits, or problem gambling support — please visit our Responsible Gaming page for dedicated resources and contacts.