Summary for Filipino Players: 98php collects your personal data to run your casino account, verify your identity (KYC), process GCash and bank transactions, comply with PAGCOR and anti-money laundering regulations, and improve the platform. We do not sell your data. We do not share it with third parties except where required by law or where necessary to operate your account. You have rights under the Philippine Data Privacy Act of 2012 — this document explains those rights and how to exercise them.
1 Introduction
98php ("98php," "we," "us," "our") is committed to protecting and respecting the privacy of all individuals who interact with the 98php platform, accessible at 98php.org. This Privacy Policy is issued pursuant to Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 ("DPA"), its Implementing Rules and Regulations ("IRR"), and the issuances of the National Privacy Commission ("NPC") of the Philippines.
This Policy applies to all personal data collected by 98php in connection with: the registration and operation of player accounts; deposits, withdrawals, and financial transactions; access to casino games, sports betting markets, bingo, and all other platform features; customer support interactions; marketing and promotional communications; and the use of the 98php website and any associated mobile web application.
By registering an account with 98php, accessing the platform, or providing personal data in any form, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein. This Policy forms part of and should be read in conjunction with the 98php Terms & Conditions.
2 Identity of the Personal Information Controller
For the purposes of the Philippine Data Privacy Act of 2012 and its Implementing Rules and Regulations, the Personal Information Controller (PIC) responsible for processing personal data collected through the 98php platform is:
- Platform Name: 98php
- Website: 98php.org
- Regulatory Status: Operating under PAGCOR regulatory framework
- Data Protection Officer Contact: [email protected]
- Jurisdiction: Republic of the Philippines
98php has designated a Data Protection Officer ("DPO") responsible for overseeing compliance with the DPA, handling data subject requests, and acting as the primary point of contact for data protection matters. The DPO may be contacted at the email address listed above, with the subject line "Data Protection — Privacy Enquiry."
3 Personal Data We Collect
98php collects the following categories of personal data from registered players and platform visitors:
| Category | Specific Data Points | Collected At |
|---|---|---|
| Identity Data | Full legal name, date of birth, nationality, government-issued ID number and document image | Registration & KYC |
| Contact Data | Email address, Philippine mobile number, residential address | Registration |
| Financial Data | GCash account details, bank account details (BPI, BDO, Metrobank), transaction history, deposit and withdrawal records | Cashier use |
| Account Data | Username, account balance, bonus status, wagering history, game history, VIP tier, responsible gaming settings | Ongoing platform use |
| Technical Data | IP address, device type, browser type and version, operating system, session identifiers, geolocation data | All sessions |
| Usage Data | Pages visited, games played, time on site, click-through data, search queries within the platform | All sessions |
| Communications Data | Customer support chat transcripts, email correspondence, complaint records | Support interactions |
| Marketing Data | Communication preferences, email open and click data, promotion redemption history | Where consented |
Government-issued identification documents submitted for KYC purposes contain sensitive personal information as defined under the DPA. 98php processes such data exclusively for identity verification, regulatory compliance, and fraud prevention purposes, with access restricted to authorised personnel on a strict need-to-know basis.
4 How We Collect Personal Data
98php collects personal data through the following means:
4.1 Information You Provide Directly
We collect data that you submit voluntarily when: registering an account; completing identity verification (KYC); making deposits or requesting withdrawals; contacting customer support; responding to surveys or promotions; or updating your account profile settings.
4.2 Information Collected Automatically
When you access the 98php platform, we automatically collect technical and usage data through server logs, session tracking technologies, and analytics systems. This includes your IP address, device identifiers, browser information, and the pages and features you interact with during each session. This data is collected for security monitoring, fraud detection, platform performance optimisation, and regulatory compliance purposes.
4.3 Information from Third Parties
98php may receive personal data from third-party sources in certain circumstances, including: identity verification service providers engaged to assist with KYC checks; payment processors and e-wallet providers (such as GCash and Maya) transmitting transaction confirmation data; fraud prevention and anti-money laundering screening services; and PAGCOR or other regulatory bodies where required by law.
5 Legal Basis for Processing Personal Data
Under Section 12 and Section 13 of the Data Privacy Act of 2012, the processing of personal data must be based on at least one of the following lawful grounds. 98php relies on the following legal bases for its data processing activities:
- Contractual Necessity (Section 12(b) DPA): Processing necessary for the performance of our contract with you — i.e., operating your 98php account, processing transactions, and delivering gaming services.
- Legal Obligation (Section 12(c) DPA): Processing required to comply with PAGCOR regulatory requirements, the Anti-Money Laundering Act (RA 9160), the Data Privacy Act itself, and other applicable Philippine law.
- Legitimate Interests (Section 12(f) DPA): Processing necessary for our legitimate business interests, including fraud prevention, platform security, network integrity, and improvement of services — where such interests are not overridden by your rights and freedoms.
- Consent (Section 12(a) / Section 13 DPA): Where processing is based on your freely given, specific, and informed consent — in particular for marketing communications and optional analytics. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
6 Purposes of Processing Personal Data
98php processes your personal data for the following specific purposes:
6.1 Account Management and Service Delivery
To create and maintain your 98php account; authenticate your identity at login; process deposits, withdrawals, and bonus credits; provide access to casino games, sports betting, bingo, and all other platform features; deliver customer support; and communicate with you regarding your account and transactions.
6.2 Identity Verification and KYC Compliance
To verify your identity, confirm your eligibility to use the platform (including age verification — all players must be 21 years of age or older), comply with PAGCOR's player registration requirements, and satisfy the know-your-customer obligations imposed under Philippine anti-money laundering regulations.
6.3 Financial Crime Prevention
To comply with Republic Act No. 9160 (Anti-Money Laundering Act) and related PAGCOR compliance obligations, 98php processes transaction and identity data to detect, prevent, and report suspicious activity, money laundering, terrorist financing, and other financial crimes. This may include disclosure to the Anti-Money Laundering Council (AMLC) where legally required.
6.4 Responsible Gaming
To monitor gaming behaviour for indicators of problem gambling; to administer self-exclusion requests and cooling-off periods; to enforce deposit and betting limits; and to comply with PAGCOR's responsible gaming framework, which requires licensed operators to implement player protection measures.
6.5 Platform Security and Fraud Prevention
To detect and prevent unauthorised access, account takeover, bonus abuse, multi-accounting, and other fraudulent activity that would breach the 98php Terms & Conditions or applicable law.
6.6 Marketing and Promotions
Where you have given consent, to send you information about 98php promotions, bonuses, new games, and special offers via email, SMS, or in-platform notifications. You may opt out of marketing communications at any time by contacting support or updating your account communication preferences. Opting out of marketing does not affect your ability to use the 98php platform.
6.7 Platform Improvement and Analytics
To analyse usage patterns, game preferences, and platform performance data in order to improve the 98php product, personalise your experience, and develop new features. Where possible, analytics processing uses aggregated or pseudonymised data.
6.8 Legal and Regulatory Compliance
To comply with court orders, PAGCOR directives, NPC investigations, law enforcement requests, and other legal obligations applicable to 98php as a PAGCOR-licensed gaming operator in the Philippines.
7 Cookies and Tracking Technologies
98php uses cookies and similar tracking technologies on the platform. Cookies are small text files stored on your device that allow us to recognise returning users, maintain session state, and collect usage data.
7.1 Types of Cookies Used
- Essential Cookies: Required for the platform to function. These include session authentication cookies that keep you logged in to your 98php account and security cookies that detect fraudulent login attempts. These cookies cannot be disabled without impairing platform functionality.
- Functional Cookies: Remember your preferences, such as language settings, responsible gaming limits you have set, and display preferences. Disabling these may affect your user experience.
- Analytics Cookies: Collect aggregated data about how players use the 98php platform — which pages are most visited, where sessions originate, and how players navigate the game lobby. This data is used to improve the platform.
- Security and Fraud-Detection Cookies: Used to identify unusual access patterns, detect potential account takeover attempts, and flag activity consistent with bonus abuse or multi-accounting.
7.2 Managing Cookies
You may manage non-essential cookies through your browser settings. Most modern browsers allow you to block or delete cookies via the privacy or settings menu. Please note that disabling essential cookies will prevent you from logging in to or using your 98php account. For detailed guidance on managing cookies in your specific browser, refer to your browser's help documentation.
The majority of 98php players access the platform via mobile browser on Android or iOS. Cookie management on mobile browsers works through the same privacy settings available in Chrome, Safari, or Samsung Browser on your device. Clearing your browser cache or cookies will log you out of your 98php session.
8 Sharing of Personal Data
98php does not sell, rent, or trade your personal data to third parties for commercial purposes. Your personal data may be disclosed to the following categories of recipients only where necessary and on a lawful basis:
8.1 Regulatory and Government Authorities
PAGCOR (as our licensing authority), the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), the Bureau of Internal Revenue (BIR), Philippine law enforcement agencies, and courts of competent jurisdiction — where disclosure is required by law, court order, or regulatory directive.
8.2 Identity Verification and KYC Service Providers
Third-party KYC and identity verification providers engaged by 98php to authenticate player identities and screen against watchlists (including PAGCOR's excluded persons list and AMLC sanctions lists). These providers are contractually bound to process data only for the specified KYC purpose and to maintain appropriate data security standards.
8.3 Payment Service Providers
GCash, Maya, GrabPay, BPI, BDO, Metrobank, InstaPay, and other payment processors involved in facilitating deposits and withdrawals from your 98php account. These providers receive only the minimum personal and financial data necessary to process the specific transaction.
8.4 IT Infrastructure and Security Providers
Cloud hosting providers, cybersecurity vendors, and fraud detection service providers who process data on behalf of 98php as personal information processors under binding contractual arrangements, subject to the security and confidentiality obligations required by the DPA.
8.5 Game Software Providers
Licensed game content providers may receive anonymised or pseudonymised player and session data for the purpose of operating their games and maintaining RNG certification. No directly identifying personal data is transmitted to game providers beyond what is technically necessary for game session management.
98php does not sell, share for commercial gain, or otherwise exploit your personal data for any purpose other than those described in this Privacy Policy. All third parties who receive personal data from 98php are bound by contractual data protection obligations.
9 Data Retention
98php retains personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. The following retention periods apply as a general guide, subject to legal and regulatory override:
- Account and Identity Data: Retained for the duration of the active account plus five (5) years following permanent account closure, in accordance with PAGCOR record-keeping requirements and AMLA obligations.
- Transaction and Financial Records: Retained for a minimum of five (5) years from the date of the transaction, as required under the Anti-Money Laundering Act and relevant BIR regulations.
- KYC Documents: Retained for the duration of the account and for five (5) years following closure, subject to any longer retention period required by PAGCOR or AMLC in connection with a specific investigation.
- Customer Support Records: Retained for two (2) years from the date of the support interaction, unless subject to an ongoing complaint or legal proceeding.
- Marketing Data: Retained until you withdraw consent for marketing communications, at which point marketing-specific data will be suppressed within a reasonable time frame.
- Technical and Usage Logs: Retained for twelve (12) months for routine platform analytics purposes; retained longer where required for a specific security investigation.
Upon expiry of applicable retention periods, 98php will securely delete or irreversibly anonymise your personal data, unless continued retention is required by law.
10 Data Security
98php implements appropriate technical and organisational security measures to protect personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These measures include:
- Encryption in Transit: All data transmitted between your device and 98php servers is encrypted using TLS/SSL with 256-bit encryption — the same standard used by Philippine commercial banks.
- Encryption at Rest: Sensitive data, including KYC documents and financial records, is stored in encrypted form on secure servers.
- Access Controls: Personal data is accessible only to 98php personnel who require it for their specific role, under a strict least-privilege access policy.
- Two-Factor Authentication: Player accounts are protected by optional and mandatory 2FA for login from new devices or IP addresses, reducing the risk of unauthorised account access.
- Intrusion Detection and Monitoring: 98php's systems are monitored continuously for security anomalies, unauthorised access attempts, and other indicators of compromise.
- Staff Training: All 98php personnel with access to personal data are trained in data protection obligations under the DPA and company data handling policies.
In the event of a personal data breach that poses a real risk of harm to affected data subjects, 98php will notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach, as required under NPC Circular 16-03. Affected players will be notified without undue delay, with information about the nature of the breach and steps taken in response.
11 Your Rights as a Data Subject
Under the Philippine Data Privacy Act of 2012 and its Implementing Rules and Regulations, you have the following rights with respect to your personal data processed by 98php. To exercise any of these rights, please contact the 98php Data Protection Officer at [email protected] with the subject line "Data Subject Rights Request." We will respond within thirty (30) days of receiving your request, as required by the DPA.
Right to be Informed
You have the right to be informed whether 98php holds personal data about you and to receive information about how that data is being processed. This Privacy Policy constitutes 98php's primary means of fulfilling this obligation, and is made available to all players at registration and maintained on this page at all times.
Right of Access
You have the right to access a copy of the personal data 98php holds about you, including information about the purposes of processing, the categories of data processed, and the recipients to whom data has been disclosed. Submit a data access request to [email protected] and we will provide a structured summary within 30 days.
Right to Rectification
You have the right to request correction of any inaccurate or incomplete personal data 98php holds about you. You may update certain account details directly within your 98php account settings. Changes to identity or KYC data require submission to our support team with supporting documentation.
Right to Erasure
You have the right to request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you withdraw consent (and no other lawful basis applies), or where processing is unlawful. Note that this right is subject to 98php's legal retention obligations — data required under PAGCOR regulations, AMLA, or other applicable law cannot be deleted until the applicable retention period expires.
Right to Object
You have the right to object to processing of your personal data where that processing is based on legitimate interests. You also have the right to object to processing for direct marketing purposes at any time — including profiling for marketing — without providing any justification. Objection to marketing can be exercised by contacting support or updating your account preferences.
Right to Data Portability
Where processing is based on consent or contractual necessity, and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. Submit a portability request to [email protected].
Right to Lodge a Complaint
If you believe that 98php has not handled your personal data in accordance with the Data Privacy Act of 2012, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines. We encourage you to contact 98php directly first to allow us the opportunity to address your concern before escalating to the NPC.
12 Children's Privacy and Age Restriction
The 98php platform is strictly restricted to individuals aged 21 years and above in compliance with PAGCOR regulations and applicable Philippine law. 98php does not knowingly collect personal data from individuals under the age of 21. Age verification is a mandatory component of the 98php account registration process.
If 98php becomes aware that personal data has been collected from an individual under the age of 21 — whether through registration, KYC review, or any other means — the associated account will be suspended immediately, the data will be isolated and deleted or returned to appropriate parties in accordance with the DPA, and the matter will be reported to PAGCOR as required by the terms of our operating licence.
If you are a parent or guardian and have reason to believe that a person under 21 has created an account with 98php using false information, please contact us immediately at [email protected] so that we can investigate and take appropriate action.
13 International Data Transfers
98php's primary data processing operations are conducted within the Philippines. However, certain service providers engaged by 98php — including cloud infrastructure providers, game software suppliers, and cybersecurity vendors — may process or store data in data centres located outside the Republic of the Philippines.
Where such international transfers of personal data occur, 98php ensures that adequate safeguards are in place as required under Section 21 of the Data Privacy Act of 2012 and relevant NPC issuances. These safeguards include: contractual data processing agreements incorporating the NPC's standard data protection clauses; transfer only to jurisdictions with adequate data protection standards; and, where required, prior notification to or approval from the NPC.
98php does not transfer personal data to parties in jurisdictions that do not provide an adequate level of protection for personal data, absent appropriate contractual safeguards.
14 Third-Party Links and Services
The 98php platform may contain references or links to third-party services, including payment platforms such as GCash and Maya, that are not operated by 98php. When you interact with a third-party service — for example, when completing a GCash payment — you are directed to that provider's own platform and are subject to its privacy policy and terms of service.
98php has no control over and accepts no responsibility for the data protection practices of third-party services. We encourage you to review the privacy policies of any third-party service provider you interact with in connection with your 98php account, including GCash, Maya, and your bank's digital banking platform. This Privacy Policy applies solely to data processed by 98php itself.
15 Changes to This Privacy Policy
98php reserves the right to update or amend this Privacy Policy at any time to reflect changes in Philippine data protection law, NPC guidance, PAGCOR regulatory requirements, or our data processing practices. Material changes to this Policy will be communicated to registered players via email to the address on file and/or through a prominent notification on the 98php platform, with at least fourteen (14) days' notice prior to the effective date where reasonably practicable.
Your continued use of the 98php platform following notification of a material change constitutes your acknowledgement of the updated Privacy Policy. The effective date at the top of this page reflects the date of the most recent revision. We recommend reviewing this Policy periodically to stay informed of how 98php protects your personal data.
16 Contact Us and Lodging Complaints
For all privacy-related enquiries, data subject rights requests, or complaints regarding 98php's handling of your personal data, please contact the 98php Data Protection Officer through the following channels:
- Email: [email protected] (Subject: "Data Protection — [Your Request Type]")
- Live Chat: Available 24 hours a day, 7 days a week via the 98php platform
- Response Time: Data subject rights requests — within 30 days; General enquiries — within 24 hours on business days
If you are not satisfied with 98php's response to your privacy enquiry or data subject rights request, you have the right to escalate your complaint to the National Privacy Commission of the Philippines:
- The NPC is the independent government body responsible for administering and enforcing the Data Privacy Act of 2012 in the Philippines.
- Complaints may be filed with the NPC in accordance with NPC Circular 16-04 (Rules on the Filing of Complaints).
- Filing a complaint with the NPC does not affect your right to pursue other legal remedies available under Philippine law.