phnice Privacy Policy

1. Data Controller Identity

For the purposes of the Philippines Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, the data controller in respect of personal data collected through phnice.one is phnice ("phnice," "we," "us," "our"), the operator of the online gaming platform accessible at https://phnice.one and subject to the licensing and oversight of the Philippine Amusement and Gaming Corporation (PAGCOR).

phnice has designated a Data Protection Officer (DPO) as required under RA 10173. Contact details for the phnice DPO are provided in Section 13 of this Policy. The DPO is responsible for monitoring phnice's compliance with this Policy and applicable Philippine data protection law, and serves as the primary point of contact for data subjects exercising their rights.

2. Categories of Personal Data We Collect

phnice collects the following categories of personal data in connection with your use of the phnice platform:

Identity Data:

• Full legal name as appearing on government-issued Philippine identification documents
• Date of birth and nationality
• Government-issued ID numbers (e.g., SSS, PhilHealth, LTO driver's license, passport number)
• Photographs and selfies submitted for KYC verification purposes

Contact Data:

• Philippine mobile number
• Email address
• Residential address (province and city/municipality level)

Account & Transaction Data:

• phnice account username and encrypted password credentials
• Deposit and withdrawal history, transaction amounts, and associated payment method identifiers (e.g., registered GCash or PayMaya mobile number)
• Game activity records, including bet amounts, game types, session duration, and outcomes
• Bonus and promotion claim history

Technical Data:

• IP address and approximate geolocation at the time of phnice Login and during active sessions
• Device type, operating system, and browser type and version
• Cookies and similar tracking identifiers (see Section 6)
• Access logs, error logs, and security event records

Communications Data:

• Records of communications between you and phnice customer support, including live chat transcripts and email correspondence
• Responsible gaming tool settings and self-exclusion requests

3. How phnice Collects Personal Data

phnice collects personal data through the following means:

• Directly from you: When you register a phnice account, complete KYC verification, make a deposit or withdrawal, contact customer support, claim a bonus, or use any other interactive feature of the phnice platform.
• Automatically: Through cookies, web beacons, server logs, and similar tracking technologies when you access phnice.one from any device or browser.
• From third-party service providers: Payment processors (GCash, PayMaya, BPI, BDO, Metrobank) and identity verification service providers may share limited data with phnice in connection with transaction processing and KYC verification. Such data sharing is governed by contractual data processing agreements.
• From PAGCOR and regulatory authorities: In certain circumstances, PAGCOR or other Philippine regulatory and law enforcement authorities may share information with phnice relevant to its compliance and licensing obligations.

4. Purposes and Legal Basis for Processing

phnice processes your personal data for the following purposes, each of which is supported by a lawful basis under RA 10173:

• Account registration and management — Necessary for the performance of the contract between you and phnice. Without this processing, phnice cannot provide you with an account or platform access.
• Identity verification and KYC compliance — Required by PAGCOR regulations and Philippine anti-money laundering law (Republic Act No. 9160, as amended). Processing is necessary for compliance with a legal obligation.
• Payment processing and fraud prevention — Necessary for the performance of your contract with phnice and for the legitimate interest of preventing financial crime and protecting player funds.
• Game delivery and platform operation — Necessary for the performance of the contract. phnice must record game activity to calculate outcomes, apply bonuses, and maintain accurate account balances.
• Responsible gaming monitoring — phnice has a regulatory obligation under its PAGCOR license and a legitimate interest in identifying players who may be experiencing gambling harm, and in providing appropriate interventions.
• Customer support — Necessary to respond to your queries and to maintain service quality records. Processing is based on legitimate interest and performance of contract.
• Marketing communications — Where you have given separate and explicit consent to receive promotional communications from phnice. You may withdraw this consent at any time through your phnice account settings.
• Security and fraud prevention — Legitimate interest in protecting phnice, its players, and the integrity of the platform from fraud, unauthorised access, and other security threats.

5. Data Sharing and Disclosure

phnice does not sell, rent, or trade your personal data. We share personal data with third parties only in the following circumstances:

• Payment service providers: GCash (Mynt/Globe Fintech), PayMaya (Maya Bank), BPI, BDO, and Metrobank receive transaction data necessary to process deposits and withdrawals. These providers operate under their own privacy policies and are independently regulated by the Bangko Sentral ng Pilipinas.
• KYC and identity verification providers: Third-party identity verification services engaged by phnice receive identity documents and biometric data solely for the purpose of verifying your identity as required by PAGCOR regulations.
• Game providers and software licensors: Game providers whose titles are available in the phnice lobby receive session and game result data necessary for game operation and certification auditing. They do not receive your full identity data.
• PAGCOR and regulatory authorities: phnice is required by its PAGCOR license and applicable Philippine law to provide player data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission, or other competent authorities upon lawful request or as part of periodic regulatory reporting.
• Legal and law enforcement: phnice may disclose personal data to Philippine law enforcement or judicial bodies where required by a valid court order or where disclosure is necessary to protect the rights, property, or safety of phnice, its players, or the public.
• Professional advisers: phnice's legal, financial, and audit advisers may access personal data on a confidential, need-to-know basis in connection with the provision of professional services to phnice.

All third parties who process personal data on behalf of phnice are bound by contractual data processing agreements requiring them to maintain appropriate security standards and process data only for the specified purposes.

6. Cookies and Tracking Technologies

phnice uses cookies and similar tracking technologies on phnice.one to deliver and improve the platform's functionality, maintain your login session, analyse traffic patterns, and detect fraud and security threats. The following categories of cookies are used:

• Strictly Necessary Cookies: Required for the phnice platform to function. These include session cookies that maintain your phnice Login state and security cookies that protect against cross-site request forgery. These cookies cannot be disabled without breaking core platform functionality.
• Functional Cookies: Store your preferences (e.g., language, game lobby view settings) to improve your experience. These are set only with your consent.
• Analytics Cookies: Anonymised traffic and usage data used by phnice to understand how players navigate the platform and to identify areas for improvement. No personally identifiable information is transmitted through analytics cookies.
• Security and Fraud Prevention Cookies: Used to identify and prevent fraudulent activity, including bot detection and multi-account identification.

You may manage your cookie preferences through your browser settings. Please note that disabling strictly necessary cookies will prevent you from using core phnice platform features including phnice Login.

7. Data Retention

phnice retains personal data for the minimum period necessary to fulfil the purposes for which it was collected, taking into account the requirements of PAGCOR regulations, Philippine anti-money laundering law, and general limitation periods under Philippine civil law.

The following indicative retention periods apply:

• Account identity and KYC documentation: retained for a minimum of 5 years following permanent account closure, as required by the Anti-Money Laundering Council implementing regulations.
• Transaction records (deposits, withdrawals, game history): retained for a minimum of 5 years following the date of the transaction.
• Customer support communications: retained for 3 years from the date of the final communication in a support interaction.
• Marketing consent records: retained for the duration of your account and for 3 years following account closure or withdrawal of consent.
• Technical and security logs: retained for 12 months on a rolling basis, subject to extension in the event of an active security investigation.

Following the expiry of the applicable retention period, personal data is securely deleted or anonymised in accordance with phnice's data disposal procedures.

8. Security Measures

phnice implements technical and organisational security measures appropriate to the risk posed by the processing of personal data, including:

• SSL/TLS encryption for all data transmitted between your device and phnice.one servers, including all phnice Login sessions and financial transactions.
• AES-256 encryption for personal data stored in phnice databases, including KYC documents and payment identifiers.
• Role-based access controls limiting access to player personal data to authorised phnice personnel with a documented operational need.
• Multi-factor authentication for all phnice administrative system access.
• Regular third-party penetration testing and vulnerability assessments of the phnice platform.
• An incident response plan aligned with the National Privacy Commission's mandatory breach notification requirements.

While phnice takes all reasonable precautions to protect your personal data, no online platform can guarantee absolute security against all threats. You are responsible for maintaining the confidentiality of your phnice Login credentials and for promptly notifying phnice of any suspected unauthorised account access.

9. Your Data Subject Rights

Under the Philippines Data Privacy Act of 2012, you have the following rights with respect to your personal data held by phnice. To exercise any of these rights, contact the phnice Data Protection Officer as described in Section 13:

• Right to be Informed: You have the right to be informed that your personal data is being collected and processed, the purposes for which it is processed, and with whom it may be shared.
• Right to Access: You may request a copy of all personal data held by phnice about you, along with information about how it is processed.
• Right to Rectification: You may request the correction of any inaccurate or incomplete personal data. For account details, many corrections can be made directly through your phnice account settings.
• Right to Erasure ("Right to be Forgotten"): You may request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to phnice's legal retention obligations.
• Right to Object: You may object to the processing of your personal data for direct marketing purposes. This does not affect processing for regulatory compliance, contract performance, or fraud prevention.
• Right to Data Portability: You may request that phnice provide your personal data in a structured, commonly used, and machine-readable format where technically feasible.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the National Privacy Commission of the Philippines if you believe phnice has processed your personal data in violation of RA 10173.

phnice will respond to all data subject requests within 30 days of receipt. Where a request is complex or involves a large volume of data, phnice may extend this period by a further 30 days with notice to you.

10. Children and Minors

phnice does not knowingly collect personal data from any person under the age of 21. The phnice platform is strictly for adults aged 21 and above in accordance with PAGCOR regulations. All accounts are subject to mandatory age verification as part of the KYC process.

If phnice becomes aware that personal data has been collected from a person under the age of 21, it will promptly delete that data and close the associated account. Parents or guardians who believe their minor child has registered a phnice account should contact the phnice DPO immediately using the contact details in Section 13.

11. Cross-Border Data Transfers

phnice primarily processes and stores personal data on servers located within the Philippines or in jurisdictions that provide an adequate level of data protection as determined by the National Privacy Commission. Where personal data is transferred to a third-party service provider located outside the Philippines — for example, game software providers or cloud infrastructure providers — phnice ensures that such transfers are subject to appropriate safeguards, including standard contractual clauses or the recipient's adherence to a recognised equivalent data protection framework.

phnice will not transfer personal data to a jurisdiction lacking adequate protection without first implementing supplementary measures sufficient to maintain the level of protection required by RA 10173.

12. Amendments to This Privacy Policy

phnice reserves the right to update this Privacy Policy at any time to reflect changes in applicable law, regulatory requirements, or phnice's data processing practices. Where amendments are material — in particular where they affect your rights as a data subject or significantly change the purposes for which your data is processed — phnice will provide at least 14 days' advance notice via email to your registered account address and through a prominent notice on phnice.one.

The date of the most recent revision is displayed at the top of this Policy. Your continued use of the phnice platform following the effective date of any amendment constitutes acceptance of the revised Policy.

13. Contact & Data Protection Officer

For all privacy-related enquiries, requests to exercise your data subject rights, or concerns about phnice's handling of your personal data, please contact the phnice Data Protection Officer.

Email (plain text — not a link): [email protected]

Please mark your subject line clearly as "Data Privacy Request" or "DPO Enquiry" and include your registered phnice username and a description of your request. Do not include your phnice Login password in any correspondence.

You also have the right to direct complaints to the National Privacy Commission of the Philippines. Information on how to file a complaint with the NPC is available on the official NPC website.