phlein Privacy Policy

01 Introduction and Scope

phlein ("phlein," "we," "us," "our") is committed to protecting the privacy and personal data of every individual who uses the phlein platform. This Policy sets out in clear, plain terms how phlein handles personal data, why we collect it, what we do with it, how long we keep it, and what rights you have under Philippine law.

This Policy applies to all personal data we collect from you as a registered phlein account holder, a visitor to phlein.co who has not yet registered, a former account holder whose data we retain for regulatory compliance purposes, or any individual whose data we process in connection with a phlein transaction or support inquiry.

This Policy should be read together with the phlein Terms & Conditions, which govern the overall legal relationship between you and phlein, and the Responsible Gaming page, which explains how phlein uses certain personal data specifically to support player welfare obligations.

02 Data Controller Identity

For the purposes of the Philippine Data Privacy Act of 2012 (Republic Act No. 10173, hereinafter "DPA") and applicable National Privacy Commission (NPC) implementing rules and regulations, phlein is the personal information controller ("PIC") responsible for the personal data collected and processed through the phlein platform.

03 Categories of Personal Data We Collect

phlein collects only the personal data that is necessary for the purposes described in this Policy. The following categories of data may be collected depending on your level of interaction with the phlein platform:

3.1 Identity and Registration Data

• Full legal name as it appears on your Philippine government-issued identification
• Date of birth (for age verification — 21+ requirement enforcement)
• Nationality and country of residence
• Government-issued ID number (e.g., PhilSys ID, Passport, Driver's License, UMID)
• Username and encrypted account password

3.2 Contact Data

• Philippine residential address
• Active email address
• Philippine mobile phone number

3.3 Financial and Transaction Data

• GCash account number or registered mobile number
• PayMaya / Maya account details
• Bank account details (BPI, BDO, Metrobank, or other Philippine banks) for withdrawal processing
• Payment card details (Visa / Mastercard) — card numbers are not stored by phlein; they are processed by PCI-DSS compliant third-party payment processors
• Full history of deposits, withdrawals, wagers, wins, and losses on the phlein platform

3.4 Gaming and Behavioral Data

• Game session records including games played, bet sizes, outcomes, and session duration
• Sports betting selections and results
• Bonus activation and wagering requirement progress
• Responsible gaming tool settings (deposit limits, session reminders, self-exclusion status)

3.5 Technical and Device Data

• IP address and approximate geolocation (country and region level)
• Device type, operating system, and browser version
• Unique device identifiers
• Session timestamps and login history
• Platform interaction logs for fraud detection and security purposes

3.6 Communications Data

• Content of customer support communications (chat transcripts, email correspondence)
• Records of promotional communications sent to and received from you
• Feedback and survey responses where voluntarily provided

04 How We Collect Personal Data

phlein collects your personal data through the following means:

05 Legal Basis for Processing

Under Section 12 of RA 10173, personal data processing must be based on at least one lawful criterion. The following legal bases apply to phlein's processing activities:

• Contractual Necessity: Processing required to create and maintain your phlein account, process deposits and withdrawals, deliver gaming services, and manage the contractual relationship established by the phlein Terms & Conditions.
• Legal Obligation: Processing required to comply with PAGCOR licensing conditions, the Philippine Anti-Money Laundering Act (RA 9160 as amended), the Data Privacy Act (RA 10173), National Privacy Commission regulations, and other applicable Philippine laws and regulations.
• Legitimate Interests: Processing for fraud prevention, platform security, responsible gaming monitoring, and improvement of phlein's services — where such interests do not override your privacy rights and freedoms.
• Consent: Processing for optional communications such as promotional emails and bonus notifications, where you have expressly opted in. You may withdraw this consent at any time through your phlein account settings or by contacting support.

06 How phlein Uses Your Personal Data

phlein uses your personal data for the following specific purposes:

• Account creation and management: Establishing your phlein account, verifying your identity, managing login credentials, and maintaining account records;
• Age verification and eligibility: Confirming that you meet the 21+ minimum age requirement mandated by PAGCOR and Philippine law before enabling real-money gameplay;
• Service delivery: Enabling access to phlein Casino games, sports betting, Bingo, live dealer tables, and all other platform services;
• Payment processing: Processing deposits via GCash, PayMaya, and bank transfers; processing withdrawal requests to your verified payment method;
• KYC and identity verification: Fulfilling PAGCOR-mandated know-your-customer obligations before enabling withdrawal functionality;
• AML compliance and fraud prevention: Monitoring transactions for patterns consistent with money laundering, fraud, or account sharing, and reporting suspicious activity to PAGCOR and AMLC as legally required;
• Responsible gaming: Monitoring gameplay patterns for indicators of problem gambling behavior, administering deposit limits, session reminders, cooling-off periods, and self-exclusion tools, and checking account registration against PAGCOR's self-exclusion registry;
• Customer support: Responding to your support inquiries, resolving disputes, and maintaining records of communications for quality and compliance purposes;
• Security and fraud detection: Detecting and preventing unauthorized account access, bonus abuse, collusion, and other prohibited conduct;
• Platform improvement: Analyzing aggregated, anonymized gameplay and behavioral data to improve phlein's products, game library, and user experience;
• Marketing and promotions: Where you have opted in, sending you information about phlein promotions, new games, and platform updates — subject to your right to opt out at any time.

07 Data Sharing and Third-Party Disclosure

phlein does not sell, rent, or trade your personal data to third parties for their own marketing purposes. Personal data is shared with third parties only in the following specific circumstances:

7.1 Regulatory and Law Enforcement Authorities

phlein is legally required to share personal data and transaction records with PAGCOR as the licensing regulator, the Anti-Money Laundering Council (AMLC) for suspicious transaction reporting under RA 9160, the National Privacy Commission where required by NPC investigation or data breach notification obligations, and Philippine law enforcement authorities where required by valid legal process.

7.2 Service Providers and Data Processors

phlein engages third-party service providers who process personal data on our behalf under written data processing agreements that contractually require them to maintain data security standards consistent with RA 10173. These providers include:

• Payment processors for GCash, PayMaya, InstaPay, BPI, BDO, Metrobank, Visa, and Mastercard transactions;
• KYC and identity verification service providers;
• Cloud hosting and data storage infrastructure providers;
• Customer support software providers;
• Game software providers who operate live dealer studios and RNG game engines (limited to session data required for game function);
• Fraud detection and cybersecurity service providers.

7.3 Responsible Gaming Bodies

Where a player self-excludes from phlein, relevant information may be shared with PAGCOR's responsible gaming registry to prevent re-registration under a different identity, consistent with PAGCOR's player protection mandate.

08 Cookies and Tracking Technologies

The phlein platform uses cookies and similar tracking technologies to ensure platform functionality, maintain session security, and improve user experience. The following categories of cookies may be set when you visit phlein.co:

• Strictly Necessary Cookies: Required for the phlein platform to function. These include session authentication cookies that keep you logged in during your phlein session. These cannot be disabled without disabling the platform itself.
• Security Cookies: Used to detect fraudulent activity, prevent CSRF attacks, and maintain platform integrity. These are essential security infrastructure and cannot be opted out of.
• Preference Cookies: Remember your platform preferences such as language settings, display preferences, and responsible gaming tool configurations.
• Analytics Cookies: Collect anonymized, aggregated data about how users navigate and interact with phlein.co. This helps phlein identify usability improvements. These are opt-out via your browser settings.

You may manage cookie preferences through your browser settings. Note that disabling strictly necessary cookies will prevent you from logging in to your phlein account.

09 Data Retention Periods

phlein retains personal data only for as long as necessary to fulfill the purpose for which it was collected, to comply with applicable legal retention obligations, or to defend against potential legal claims. The following retention periods apply:

Following the applicable retention period, personal data is securely deleted or anonymized such that it can no longer be associated with an identifiable individual. Anonymized, aggregated data may be retained indefinitely for statistical and analytical purposes.

10 Data Security Measures

phlein implements technical and organizational security measures appropriate to the nature and sensitivity of the personal data we process. These include:

• SSL/TLS encryption for all data transmitted between your device and the phlein platform, protecting login credentials, payment details, and personal data in transit;
• Encryption at rest for sensitive personal data stored in phlein databases, including government ID numbers and financial data;
• Password hashing using industry-standard cryptographic algorithms — phlein does not store your password in plain text;
• Two-factor authentication (2FA) available to all account holders as an additional layer of login security;
• Access controls restricting internal access to personal data to authorized phlein personnel with a legitimate operational need;
• Regular security testing including penetration testing and vulnerability assessments of phlein's platform infrastructure;
• Incident response procedures for detecting, containing, and reporting data security incidents in accordance with NPC notification requirements under RA 10173.

11 Your Data Privacy Rights Under RA 10173

As a data subject under the Philippine Data Privacy Act, you have the following rights with respect to your personal data held by phlein. To exercise any of these rights, contact our Data Protection Officer at [email protected] with the subject line "Data Privacy Rights Request." phlein will respond within fifteen (15) business days in accordance with NPC guidelines.

• Right to be Informed: You have the right to be informed of the existence of processing of your personal data, its nature, and the purposes for which it is collected — which this Policy addresses.
• Right of Access: You may request a copy of the personal data phlein holds about you, along with information about how it is processed.
• Right to Rectification: You may request correction of inaccurate or incomplete personal data phlein holds about you. Note that corrections to identity data may require documentary evidence.
• Right to Erasure: You may request deletion of your personal data where processing is no longer necessary, where consent has been withdrawn, or where processing is unlawful — subject to phlein's legal obligation to retain certain data for regulatory compliance periods as detailed in Section 9.
• Right to Object: You may object to processing based on phlein's legitimate interests, including direct marketing. Objection to marketing is absolute and will be actioned immediately.
• Right to Data Portability: Where technically feasible, you may request your personal data in a structured, commonly used, machine-readable format.
• Right to File a Complaint: You have the right to file a complaint with the National Privacy Commission (NPC) of the Philippines if you believe phlein has violated your data privacy rights.

12 Children's and Minors' Privacy

phlein enforces the minimum age requirement of 21 years at registration through date-of-birth verification and KYC document review. This is a PAGCOR regulatory requirement. If phlein becomes aware that personal data has been collected from a person under the age of 21, all such data will be deleted without delay, any associated account will be closed, and funds deposited will be returned to the originating payment method where possible. Parents or guardians who believe a minor has registered a phlein account should contact support immediately.

13 Cross-Border Data Transfers

Certain third-party service providers engaged by phlein — including cloud infrastructure providers, game software vendors, and KYC service providers — may process personal data in jurisdictions outside the Philippines. Where such cross-border data transfers occur, phlein ensures that appropriate safeguards are in place consistent with Section 21 of RA 10173, including:

• Contractual data processing agreements with foreign processors requiring data protection standards equivalent to those mandated by RA 10173;
• Assessment of the foreign country's data protection laws to confirm adequate protection exists;
• Where required by NPC regulations, registration of cross-border processing agreements with the National Privacy Commission.

phlein will not transfer personal data to a foreign recipient unless such transfer complies with the DPA and applicable NPC implementing rules.

14 Updates to This Privacy Policy

phlein may update this Privacy Policy from time to time to reflect changes in our data processing practices, changes in applicable Philippine law, or NPC regulatory guidance. The effective date at the top of this Policy will be updated with each revision.

Where changes are material — meaning they significantly affect how phlein collects, uses, or shares your personal data — phlein will notify registered account holders by email to the address on record and/or through a prominent notice on phlein.co before the changes take effect. For non-material updates (such as clarifications of existing practices), phlein will update the Policy without individual notification.

Continued use of the phlein platform following notification of a material Policy change constitutes your acceptance of the revised terms. If you do not accept the revised Policy, you may request account closure as described in the phlein Terms & Conditions.

15 Contact Information and Data Protection Officer

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data by phlein, please contact:

If you are not satisfied with phlein's response to a data privacy concern, you have the right to lodge a complaint with the National Privacy Commission of the Philippines. The NPC's contact details and complaint procedures are available through official Philippine government channels.