ph563 Privacy Policy
— Your Data, Your Rights

This Privacy Policy (hereinafter "Policy" or "Privacy Policy") describes how ph563 (hereinafter "ph563," "we," "us," or "our") collects, uses, discloses, stores, and protects the personal data of individuals who access and use the ph563 platform at ph563.vip (the "Platform"), including all associated mobile interfaces and sub-domains.

This Policy applies to all registered Members, prospective members who visit the Platform without completing registration, and any other individual whose personal data ph563 processes in connection with the operation of the Platform. By accessing the Platform, registering an account, or continuing to use ph563 services after the effective date of this Policy, you acknowledge that you have read and understood this Privacy Policy.

This Policy is issued in compliance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations (IRR), and applicable issuances of the National Privacy Commission (NPC). ph563 also complies with applicable data protection requirements arising from its PAGCOR licensing obligations.

For the purposes of the Data Privacy Act of 2012 and its IRR, ph563 is the Personal Information Controller in respect of the personal data it processes in connection with the Platform. As Personal Information Controller, ph563 determines the purposes and means by which personal data is processed and bears primary accountability for its lawful handling.

ph563 has designated a Data Protection Officer (DPO) responsible for overseeing compliance with data protection obligations, handling data subject requests, and serving as the point of contact with the National Privacy Commission. The DPO may be contacted at the address provided in Section 14 of this Policy.

ph563 collects and processes the following categories of personal data, as detailed in the summary table above and further described here:

1. Identity and Registration Data: When you register an account on ph563, we collect your full legal name, date of birth, nationality, and government-issued identification number. This data is mandatory for account creation and identity verification.

2. Contact Information: We collect your mobile phone number (Philippine number preferred), email address, and residential address. Your mobile number is used for account verification via one-time password (OTP), transaction alerts, and support communications.

3. Financial and Payment Data: To process deposits and withdrawals, we collect the name and account details of the payment methods you use — including your registered GCash mobile number, PayMaya account reference, and, for bank transfers, your account name and bank account number at BPI, BDO, or Metrobank. ph563 does not store full card numbers for any card-based payment method.

4. Identity Verification Documents: As required by PAGCOR's KYC obligations and the Anti-Money Laundering Act (AMLA), ph563 collects scanned copies or photographs of your government-issued photo ID, proof of address, and payment method ownership evidence.

5. Gaming and Transaction Data: We automatically record all gaming activity on your ph563 account, including individual bet placements, game session timestamps, outcomes, and financial transaction records. This data is required for game delivery, dispute resolution, responsible gaming monitoring, and regulatory reporting.

6. Technical and Device Data: We automatically collect certain technical data when you access the Platform, including your IP address, device type, operating system, browser type and version, screen resolution, and session logs. This data is used for security, fraud detection, and Platform optimisation.

7. Support and Communication Data: Records of your interactions with ph563 customer support — including live chat transcripts, emails, and complaint records — are retained for service quality assurance, dispute resolution, and training purposes.

ph563 collects personal data through the following means:

• Direct provision by you: Registration forms, KYC document uploads, deposit and withdrawal requests, support communications, and promotional opt-in forms;
• Automated collection: Cookies, web beacons, server logs, and similar tracking technologies that automatically record technical and behavioural data when you access the Platform (see Section 8 for full cookie details);
• Payment processors: Confirmation data returned from GCash, PayMaya, and banking partners following deposit and withdrawal transactions;
• Identity verification services: Third-party KYC providers engaged by ph563 to assist with document verification and identity checks as required under PAGCOR licensing and AMLA compliance;
• Fraud detection and analytics partners: Technical data analysed by security and analytics partners operating under contractual data protection obligations with ph563.

ph563 processes your personal data only where a valid legal basis exists under the Data Privacy Act of 2012. The principal legal bases on which ph563 relies are as follows:

1. Contractual Necessity: Processing necessary for the performance of the contract between ph563 and you as a Member — including account management, game delivery, payment processing, and customer support;
2. Legal Obligation: Processing required for compliance with legal obligations applicable to ph563, including PAGCOR licensing requirements, KYC obligations, AMLA reporting, tax obligations, and NPC compliance;
3. Legitimate Interests: Processing carried out in pursuit of ph563's legitimate business interests where those interests are not overridden by your privacy rights — including fraud detection, platform security, responsible gaming monitoring, and aggregated analytical reporting;
4. Consent: Where ph563 relies on your consent as the legal basis for processing (e.g., for the sending of marketing communications), you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal. Withdrawal of consent may be communicated to support.

ph563 uses the personal data it collects for the following purposes:

• Creating, managing, and maintaining your ph563 Member account;
• Verifying your identity and age in compliance with PAGCOR requirements (21+ mandatory);
• Processing deposits and withdrawals via GCash, PayMaya, BPI, BDO, and Metrobank;
• Delivering casino games, sports betting, bingo, crash games, and all other services available on the Platform;
• Detecting, investigating, and preventing fraud, money laundering, bonus abuse, collusion, and other prohibited conduct;
• Complying with PAGCOR regulatory reporting obligations, including the submission of required data to PAGCOR;
• Complying with Anti-Money Laundering Act (AMLA) reporting obligations, including filing of covered and suspicious transaction reports with the Anti-Money Laundering Council (AMLC) where required;
• Administering the ph563 VIP loyalty program, bonus crediting, and promotional offers;
• Providing customer support and resolving disputes;
• Monitoring responsible gaming indicators and administering self-exclusion and limit tools;
• Sending transactional notifications (deposit confirmations, withdrawal notifications, security alerts) — these are mandatory service communications and are not subject to marketing opt-out;
• Sending promotional communications, where you have provided consent or where permitted by applicable law;
• Improving and optimising Platform performance through aggregated, anonymised analytics.

ph563 shares personal data with third parties only as described in this Policy and only to the extent necessary for the stated purpose. All third-party data processors engaged by ph563 are bound by contractual data protection obligations consistent with the requirements of the Data Privacy Act of 2012.

Categories of third parties to whom ph563 may disclose personal data include:

• Payment processors and e-wallet providers: GCash, PayMaya, BPI, BDO, and Metrobank, for the purpose of processing financial transactions;
• Game providers and software suppliers: Licensed game developers and live dealer studio operators who provide game content to the Platform — these parties may process technical and gaming activity data in connection with game delivery;
• Identity verification and KYC service providers: Third-party identity verification platforms engaged to assist with document review and biometric verification where applicable;
• Regulatory bodies: PAGCOR, the Anti-Money Laundering Council (AMLC), and the National Privacy Commission (NPC) as required by law;
• Law enforcement authorities: Philippine law enforcement agencies and courts where ph563 is legally required or compelled to disclose information;
• Fraud detection and cybersecurity service providers: Technical security partners who analyse platform data to detect threats and suspicious activity;
• Professional advisors: Legal counsel, auditors, and other professional advisors where necessary and subject to confidentiality obligations.

ph563 uses cookies and similar tracking technologies (web beacons, local storage, session tokens) on the Platform. This section explains what these technologies are, what types ph563 uses, and how you can manage your preferences.

What are cookies? Cookies are small text files placed on your device by websites you visit. They are widely used to make websites function, improve efficiency, and provide reporting information to site operators.

ph563 uses the following categories of cookies:

• Strictly Necessary Cookies: Essential for the Platform to function. These include session cookies that maintain your login state and security tokens. These cookies cannot be disabled without preventing your use of the Platform.
• Functional Cookies: Enable the Platform to remember your preferences (such as language settings and display preferences) to personalise your experience.
• Analytical Cookies: Collect aggregated and anonymised information about how visitors use the Platform. ph563 uses this data to improve Platform performance and user experience. These cookies do not track personally identifiable information.
• Security Cookies: Used for fraud detection and to identify suspicious activity patterns based on session behaviour and device fingerprinting.

You may manage cookie preferences through your browser settings. Disabling certain categories of cookies may affect Platform functionality. Strictly necessary cookies cannot be disabled through browser settings without preventing login and core Platform use.

ph563 retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable legal and regulatory obligations. The following general retention principles apply:

• Account and identity data: Retained for the duration of your account's active status and for a minimum of five (5) years following account closure, as required by AMLA and PAGCOR regulations;
• Financial transaction records: Retained for a minimum of five (5) years from the date of each transaction, consistent with AMLA record-keeping requirements;
• KYC documents: Retained for a minimum of five (5) years following account closure or the last business transaction, whichever is later;
• Gaming activity data: Retained for a minimum of two (2) years for dispute resolution purposes, and longer where required by regulatory obligation;
• Support and communication records: Retained for two (2) years from the date of the last interaction;
• Technical and device data (logs): Retained for up to twelve (12) months for security and fraud analysis purposes.

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in a manner that prevents reconstruction of the original personal information.

ph563 implements technical, organisational, and procedural security measures designed to protect your personal data against unauthorised access, disclosure, alteration, loss, or destruction. These measures include:

• 256-bit TLS encryption for all data in transit between your device and ph563 servers;
• AES-256 encryption for sensitive data at rest within ph563 database infrastructure;
• Role-based access controls limiting staff access to personal data on a strict need-to-know basis;
• Multi-factor authentication requirements for internal systems handling personal data;
• Regular third-party security assessments, penetration testing, and vulnerability scanning;
• Automated intrusion detection and real-time security monitoring of platform infrastructure;
• Documented incident response and data breach notification procedures aligned with NPC requirements;
• Regular data protection training for all staff with access to personal data.

While ph563 employs industry-standard security measures, no digital platform can guarantee absolute security. In the event of a personal data breach that poses a risk to your rights and freedoms, ph563 will notify affected Members and the National Privacy Commission within the timeframes mandated by the DPA 2012 and NPC regulations.

Under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data processed by ph563. To exercise any of these rights, please contact our Data Protection Officer as described in Section 14.

ph563 will respond to all valid data subject requests within the timeframes prescribed by the NPC under the DPA 2012 and its IRR. We may request additional information to verify your identity before processing a request. Requests that are manifestly unfounded or excessive may be declined with written reasons provided.

If you are not satisfied with ph563's response to a privacy request or complaint, you have the right to escalate the matter to the National Privacy Commission (NPC) of the Philippines through the NPC's prescribed complaint procedures.

ph563 is a real-money gambling platform strictly restricted to individuals aged 21 years or older, as mandated by PAGCOR. ph563 does not knowingly collect personal data from individuals under the age of 21.

Age verification is conducted as part of the registration and KYC process. If ph563 becomes aware that personal data has been collected from an individual under the age of 21, ph563 will immediately close the associated account, void any transactions conducted through that account, and securely delete the relevant personal data in accordance with its data retention and deletion procedures.

ph563 reserves the right to amend, update, or replace this Privacy Policy at any time to reflect changes in applicable law, PAGCOR regulatory requirements, NPC guidance, or ph563's data processing practices. All amendments will be published on the Platform at ph563.vip/privacy-policy with a revised "Last Updated" date.

Where a proposed amendment is material — that is, where it significantly affects your rights, the categories of data we collect, or the purposes for which we use your data — ph563 will provide advance notice to registered Members via email to the registered address, where practicable, no less than fourteen (14) days prior to the amendment taking effect.

Your continued use of the Platform following the publication of any amendment to this Policy constitutes your acceptance of the revised terms. If you do not agree to the amended Policy, you must cease using the Platform and may request account closure in accordance with the Terms and Conditions.

For all privacy-related enquiries, data subject access requests, or complaints regarding ph563's handling of your personal data, please contact ph563's Data Protection Officer:

• Email: [email protected] — Subject line: "Data Privacy Request" or "Privacy Complaint"
• Live Chat: Available 24/7 via the ph563 Platform after login — indicate that your query is privacy-related
• Platform: ph563.vip

For queries regarding specific policy sections, please reference the relevant section number in your communication. ph563's DPO will acknowledge receipt of your request and provide a substantive response within the period prescribed by the NPC under the Data Privacy Act of 2012.

If your privacy concern is not resolved to your satisfaction after engaging ph563's DPO, you have the right to file a complaint with the National Privacy Commission (NPC) of the Philippines. The NPC's contact details and complaint procedures are available through the NPC's official channels.