phmaca Privacy Policy

phmaca ("phmaca," "we," "us," or "our") is an online casino and sports betting platform serving Filipino players across the Philippines. We are committed to protecting the privacy and personal data of every individual who interacts with our platform – whether you are a registered player, a visitor browsing our website, or someone who contacts our support team.

This Privacy Policy has been prepared in compliance with the Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations (IRR), and the issuances of the National Privacy Commission (NPC) of the Philippines. It also reflects our obligations under the regulatory framework of the Philippine Amusement and Gaming Corporation (PAGCOR).

This policy explains in plain, straightforward terms: what personal data we collect from you, the purposes for which we collect and process it, the legal bases that justify our processing activities, how long we keep your data, who we may share it with, and the rights you have as a data subject under Philippine law.

We encourage you to read this policy carefully. If you do not agree with any part of this Privacy Policy, please discontinue use of the phmaca platform and contact us to request account closure.

phmaca is the personal information controller (PIC) as defined under the Data Privacy Act of 2012. This means phmaca determines the purposes and means by which your personal data is collected and processed.

phmaca has appointed a Data Protection Officer (DPO) who is responsible for overseeing compliance with this Privacy Policy and applicable data protection laws. If you have any questions, concerns, or requests relating to your personal data, you may contact our DPO directly:

phmaca collects only the personal data that is necessary for the purposes described in this policy. The categories of data we collect include:

phmaca collects personal data through the following channels:

• Direct interactions: Data you provide when registering an account, completing KYC verification, making deposits or withdrawals, contacting customer support, or participating in promotions.
• Automated technologies: Technical data collected automatically when you access the phmaca platform, including cookies, server logs, and similar tracking technologies (see Section 8 for details).
• Third-party payment providers: Transaction confirmation data received from GCash, PayMaya, BPI, BDO, Metrobank, and other payment processors when you make financial transactions on phmaca.
• Identity verification services: Data received from third-party KYC and identity verification providers engaged by phmaca to fulfill its regulatory obligations.
• Regulatory and law enforcement sources: Information received from PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), or other government authorities in the course of regulatory compliance.
• Publicly available sources: Publicly accessible information used for fraud prevention and due diligence purposes, such as sanctions lists and adverse media databases.

phmaca processes your personal data for the following specific, legitimate purposes:

• Account management: Creating, maintaining, and administering your phmaca player account, including verifying your identity and eligibility to use the platform.
• Service delivery: Enabling you to access and use all phmaca games, betting markets, and platform features.
• Payment processing: Processing deposits, withdrawals, and other financial transactions through your chosen payment method (GCash, PayMaya, BPI, BDO, Metrobank, etc.).
• Regulatory compliance: Fulfilling phmaca's obligations under PAGCOR licensing conditions, the Anti-Money Laundering Act (AMLA), the Data Privacy Act, and other applicable Philippine laws.
• Fraud prevention and security: Detecting, investigating, and preventing fraudulent activity, cheating, money laundering, and other prohibited conduct on the platform.
• Responsible gaming: Monitoring gameplay patterns to identify potential problem gambling behavior and providing appropriate responsible gaming interventions, including deposit limits, cooling-off periods, and self-exclusion.
• Customer support: Responding to your inquiries, resolving disputes, and providing technical assistance.
• Marketing communications: Sending you promotional offers, bonus notifications, and platform updates – but only where you have provided your consent or where we have a legitimate interest to do so, and always subject to your right to opt out at any time.
• Platform improvement: Analyzing aggregated usage data to improve the phmaca platform, fix technical issues, and develop new features.
• Legal proceedings: Establishing, exercising, or defending legal claims involving phmaca.

Under the Data Privacy Act of 2012, phmaca processes your personal data on the following legal bases:

• Contractual necessity: Processing required to perform the contract between you and phmaca (i.e., providing the gaming and betting services you have registered to use).
• Legal obligation: Processing required to comply with phmaca's obligations under Philippine law, including PAGCOR licensing conditions, AMLA requirements, and NPC regulations.
• Legitimate interests: Processing necessary for phmaca's legitimate business interests, including fraud prevention, platform security, and responsible gaming monitoring, where these interests are not overridden by your rights and freedoms.
• Consent: Processing based on your freely given, specific, informed, and unambiguous consent – primarily for marketing communications. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

phmaca does not sell your personal data. We may share your data with the following categories of recipients, strictly on a need-to-know basis and subject to appropriate data protection safeguards:

• Regulatory authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), the Bureau of Internal Revenue (BIR), and other Philippine government agencies, where required by law or regulatory directive.
• Payment service providers: GCash, PayMaya, BPI, BDO, Metrobank, and other payment processors engaged to facilitate your financial transactions on phmaca. These providers process your data only as necessary to complete transactions and are bound by their own privacy obligations.
• KYC and identity verification providers: Third-party service providers engaged by phmaca to conduct identity verification and age verification in compliance with PAGCOR and AML requirements.
• Technology and infrastructure providers: Cloud hosting, cybersecurity, and platform technology providers who process data on phmaca's behalf under data processing agreements that require them to maintain appropriate security standards.
• Game software providers: Third-party game developers and live dealer studios whose games are available on the phmaca platform, to the extent necessary for game delivery and dispute resolution.
• Legal and professional advisors: Lawyers, auditors, and other professional advisors engaged by phmaca, subject to professional confidentiality obligations.
• Law enforcement: Philippine law enforcement agencies where phmaca is legally required or permitted to disclose data in connection with the investigation or prosecution of criminal offenses.

All third parties with whom phmaca shares personal data are required to handle that data in accordance with applicable Philippine data protection law and phmaca's data protection standards.

phmaca uses cookies and similar tracking technologies to operate and improve the platform, personalize your experience, and support security and fraud prevention functions. The types of cookies we use include:

• Strictly necessary cookies: Essential for the platform to function. These include session cookies that keep you logged in and security cookies that protect against cross-site request forgery. These cannot be disabled.
• Functional cookies: Remember your preferences such as language settings, preferred payment method, and responsible gaming settings.
• Analytics cookies: Collect aggregated, anonymized data about how players use the phmaca platform, helping us identify areas for improvement. No personally identifiable information is shared with analytics providers.
• Security cookies: Used to detect and prevent fraudulent activity, unauthorized access, and bot traffic on the platform.

You can manage cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the phmaca platform. Strictly necessary cookies cannot be disabled as they are essential for platform operation.

phmaca implements comprehensive technical and organizational security measures to protect your personal data against unauthorized access, accidental loss, destruction, alteration, or disclosure. Our security measures include:

• Encryption: All data transmitted between your device and phmaca servers is encrypted using industry-standard 256-bit SSL/TLS encryption. Sensitive data at rest is also encrypted.
• Access controls: Personal data is accessible only to phmaca personnel and authorized service providers who have a legitimate need to access it. All access is logged and monitored.
• Firewalls and intrusion detection: phmaca employs enterprise-grade firewalls, intrusion detection systems, and continuous security monitoring to protect against external threats.
• Regular security audits: phmaca conducts regular security assessments, penetration testing, and vulnerability scans to identify and remediate potential security weaknesses.
• Staff training: All phmaca personnel who handle personal data receive regular data protection and security training.
• Incident response: phmaca maintains a data breach response plan. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the NPC and affected individuals within the timeframes required by the DPA.

phmaca retains personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Our general retention periods are as follows:

• Account and identity data: Retained for the duration of your account and for a period of five (5) years following account closure, in compliance with PAGCOR licensing requirements and AMLA record-keeping obligations.
• Financial transaction records: Retained for five (5) years from the date of the transaction, as required by the Anti-Money Laundering Act and BIR regulations.
• Gaming history: Retained for three (3) years from the date of the gaming session, for dispute resolution and regulatory audit purposes.
• Customer support communications: Retained for two (2) years from the date of the last interaction, for quality assurance and dispute resolution purposes.
• Marketing consent records: Retained for the duration of your consent and for one (1) year following withdrawal of consent, as evidence of lawful processing.
• Technical and security logs: Retained for twelve (12) months, for security monitoring and fraud investigation purposes.

Upon expiry of the applicable retention period, personal data is securely deleted or anonymized in accordance with NPC guidelines. Where data is anonymized, it may be retained indefinitely for statistical and analytical purposes as it can no longer be linked to any individual.

As a data subject under the Data Privacy Act of 2012, you have the following rights with respect to your personal data held by phmaca. To exercise any of these rights, please contact our Data Protection Officer at [email protected].

phmaca's services are strictly intended for individuals who are at least 21 years of age, in accordance with Philippine gambling regulations. phmaca does not knowingly collect, process, or store personal data from individuals under the age of 21.

If phmaca becomes aware that personal data has been collected from a person under 21 years of age, we will immediately suspend the associated account, delete the personal data in question, and take appropriate action in accordance with our legal obligations. If you believe that a minor has registered on phmaca, please contact us immediately at [email protected].

phmaca primarily processes personal data within the Philippines. However, some of our technology infrastructure providers and game software partners may be located in other countries. Where personal data is transferred outside the Philippines, phmaca ensures that appropriate safeguards are in place to protect your data to a standard equivalent to that required under the Data Privacy Act of 2012.

Such safeguards may include contractual clauses approved by the NPC, adequacy decisions, or other legally recognized transfer mechanisms. phmaca will not transfer your personal data to any country or organization that does not provide an adequate level of data protection.

phmaca may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal obligations, or regulatory requirements. When material changes are made, we will notify registered players via email and/or a prominent notice on the phmaca platform at least seven (7) days before the changes take effect.

The date of the most recent revision is always displayed at the top of this page. We encourage you to review this policy periodically. Your continued use of the phmaca platform after the effective date of any revised Privacy Policy constitutes your acknowledgment of the updated policy.

If you have any questions, concerns, or requests relating to this Privacy Policy or the way phmaca handles your personal data, please contact our Data Protection Officer:

If you are not satisfied with phmaca's response to your privacy concern, you have the right to escalate your complaint to the National Privacy Commission (NPC) of the Philippines through its official complaint channels.