ph29 takes the privacy of every Filipino player seriously. This Policy explains exactly what personal data we collect, how it is used, how it is protected, and what rights you hold under the Philippine Data Privacy Act of 2012. We use plain language so you know precisely what you're agreeing to — no deliberate small print.
Before you read the full legal text, here are the six core commitments that shape how ph29 handles your personal data — in plain language.
ph29 does not collect personal data beyond what is necessary to operate your account, process transactions, comply with Philippine AML and KYC regulations, and deliver a safe gaming experience.
All personal data held by ph29 is protected using 256-bit SSL encryption in transit and AES-256 encryption at rest. Our security infrastructure meets the same standards used by Philippine commercial banking applications like BDO and BPI.
ph29 will never sell, rent, or trade your personal information to third parties for commercial purposes. Full stop. Data shared with third parties is limited strictly to what is required to deliver our services to you.
Under the Philippine Data Privacy Act, you have the right to access, correct, object to, erase, and port your personal data held by ph29. We make exercising these rights straightforward — no bureaucratic runaround.
This Privacy Policy is written to be understood — not to obscure what we do with your data. If our data practices change in any meaningful way, we will notify you directly before those changes take effect.
ph29's data practices are designed to comply with Republic Act No. 10173 (Data Privacy Act of 2012), its Implementing Rules and Regulations, and applicable NPC issuances, as well as PAGCOR player data handling standards.
This Privacy Policy ("Policy") describes how ph29 ("ph29," "we," "us," or "our"), the operator of the online gaming platform at ph29.asia (the "Platform"), collects, uses, stores, discloses, and protects the personal information of individuals ("you" or "the Data Subject") who access or use the Platform.
ph29 is committed to maintaining the privacy and security of your personal data. This Policy is issued in compliance with Republic Act No. 10173, also known as the Data Privacy Act of 2012 ("DPA"), and its Implementing Rules and Regulations ("IRR"), as administered by the National Privacy Commission of the Republic of the Philippines ("NPC").
By registering an account, accessing the Platform, or providing personal information to ph29 in any form, you acknowledge that you have read and understood this Policy and consent to the collection and processing of your personal data as described herein. If you do not agree to this Policy, you must discontinue use of the Platform immediately.
Scope: This Policy applies to all personal data processed by ph29 in connection with the operation of the ph29.asia Platform, regardless of whether data is collected directly from you, from third-party payment processors, or through automated technical means such as cookies and log files.
For the purposes of the Data Privacy Act of 2012, ph29 acts as the Personal Information Controller ("PIC") in respect of the personal data it collects and processes in connection with the Platform. ph29 has designated a Data Protection Officer ("DPO") who is responsible for ensuring compliance with applicable data protection laws and for handling data subject rights requests and inquiries.
Contact details for the ph29 Data Protection Officer are provided in Section 14 of this Policy. You may contact the DPO at any time with questions, concerns, or formal requests relating to your personal data.
ph29 collects personal data through several channels: directly from you during registration and account management; automatically through your use of the Platform; and from authorized third parties such as identity verification services and payment processors. The categories of personal data we collect are as follows:
When you access the Platform, ph29's servers automatically collect the following technical information:
Where you voluntarily set responsible gaming limits, request self-exclusion, or interact with ph29's responsible gaming tools, ph29 records this information to enforce your elected restrictions and to meet its duty of care obligations under applicable Philippine gaming regulations.
Records of your communications with ph29's support team (live chat transcripts, email correspondence, and support ticket history) are stored for a minimum of two (2) years to support dispute resolution, regulatory compliance, and service quality review.
Sensitive Personal Information: Where ph29 processes sensitive personal information as defined by the DPA (including identification document contents, biometric data collected during KYC, and financial account information), such processing is carried out on the basis of legal and regulatory compliance obligations and your explicit consent provided at the time of account registration and KYC submission.
ph29 processes your personal data for the following purposes:
| Purpose | Data Categories Used |
|---|---|
| Account creation and management | Registration data, identity data |
| Age and identity verification (KYC) | KYC data, registration data |
| Processing deposits and withdrawals | Financial data, identity data |
| Delivering games and platform services | Technical data, transaction data |
| Bonus and promotion administration | Registration data, transaction data |
| AML / fraud prevention and detection | All categories where relevant |
| PAGCOR regulatory reporting | Financial data, identity data, gaming records |
| Responsible gaming enforcement | Responsible gaming data, transaction data |
| Customer support and dispute resolution | Communication data, transaction data |
| Security monitoring and platform integrity | Technical data, login records |
| Direct marketing (with your consent) | Registration data, communication preferences |
ph29 does not use automated decision-making or profiling in ways that produce legal or similarly significant effects on players, except where such processing is necessary for AML screening or fraud prevention and is permitted under applicable Philippine law.
ph29 processes your personal data on the following legal bases as recognized under the Data Privacy Act of 2012:
ph29 does not sell, rent, or trade your personal data to any third party for commercial purposes. Personal data is shared only in the following circumstances and with the following categories of recipients:
Third-Party Agreements: All third parties to whom ph29 discloses personal data are required by contract to process that data in accordance with applicable Philippine data protection laws and to implement appropriate technical and organizational security measures.
ph29 uses cookies and similar tracking technologies on the Platform to ensure its proper operation, to improve your experience, and to support our security and analytics functions. The types of cookies used by ph29 are as follows:
You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect your ability to log in or use certain Platform features. ph29 does not use third-party advertising networks or social media tracking pixels on the Platform.
ph29 retains personal data only for as long as necessary to fulfill the purposes for which it was collected, subject to the following minimum retention periods required by Philippine law and regulatory standards:
Upon expiry of the applicable retention period, personal data is securely deleted or anonymized using industry-standard methods, unless a longer retention period is required by a specific legal obligation or ongoing dispute.
ph29 implements the following technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, ph29 will notify the National Privacy Commission (NPC) within seventy-two (72) hours of becoming aware of the breach, and will notify affected players as required by applicable NPC Circular.
As a Data Subject under the Data Privacy Act of 2012, you are entitled to the following rights in respect of your personal data held by ph29. You may exercise any of these rights by contacting the ph29 Data Protection Officer (see Section 14):
You have the right to be informed of the data being collected about you, the purposes for collection, the period of retention, and your rights as a data subject. This Privacy Policy fulfills ph29's obligation to inform you.
You have the right to request a copy of the personal data ph29 holds about you, information about how it has been used, and a list of third parties with whom it has been shared. ph29 will respond to access requests within thirty (30) days.
You have the right to request correction of any inaccurate, outdated, or incomplete personal data that ph29 holds about you. Corrections to critical identity data may require resubmission of verification documents.
You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to ph29's legal retention obligations under AMLA and PAGCOR requirements.
You have the right to object to the processing of your personal data for direct marketing purposes at any time. You may also object to other forms of processing carried out on the basis of legitimate interests, subject to compelling grounds.
You have the right to receive a copy of the personal data you provided to ph29 in a structured, commonly used, and machine-readable format (CSV or JSON), where technically feasible and where processing is based on consent or contract.
ph29 will not charge a fee for the exercise of these rights unless requests are manifestly unfounded or excessive, in which case a reasonable processing fee consistent with NPC guidelines may apply. ph29 reserves the right to verify your identity before processing any rights request to protect against unauthorized disclosure of another person's data.
ph29 Casino is strictly prohibited for persons under the age of twenty-one (21) years. ph29 does not knowingly collect, process, or retain personal data from persons under the age of 21. Age verification is conducted as part of the account registration and KYC process specifically to prevent underage individuals from accessing the Platform.
If ph29 becomes aware that personal data has been collected from a person under the age of 21 — whether through an inaccurate date of birth at registration or through any other means — ph29 will immediately suspend the relevant account, void all associated balances and bonuses, and permanently delete the collected personal data to the extent permitted by applicable legal obligations.
If you believe that a person under the age of 21 has registered or is using an account on the ph29 Platform, please contact ph29's Data Protection Officer or the 24/7 support team immediately.
ph29's primary data processing infrastructure is located in the Philippines. However, certain service providers — including third-party game technology platforms and cloud infrastructure providers — may process data in servers located outside the Philippines.
Where personal data is transferred outside the Philippines, ph29 ensures that appropriate safeguards are in place in accordance with Section 21 of the Data Privacy Act of 2012 and NPC Circular No. 16-01. Safeguards may include:
Upon request, ph29's Data Protection Officer can provide additional information about the specific safeguards applied to cross-border transfers of your personal data.
ph29 reserves the right to amend this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, regulatory guidance, or Platform functionality. The following process governs policy changes:
The current version of this Privacy Policy is always accessible at ph29.asia/privacy-policy. ph29 recommends reviewing this Policy periodically to stay informed about how your personal data is managed.
If you have questions about this Privacy Policy, wish to exercise your rights as a Data Subject under the DPA, wish to withdraw consent for marketing communications, or wish to file a complaint about ph29's data handling practices, please contact ph29 through the following channels:
ph29 will acknowledge receipt of all data subject rights requests within three (3) business days and will endeavor to resolve requests within thirty (30) calendar days. Complex requests may require up to sixty (60) days, in which case ph29 will notify you of the extended timeline and the reason for the delay.
If you are not satisfied with ph29's response to a privacy concern or data rights request, you have the right to lodge a complaint with the National Privacy Commission of the Philippines:
ph29 is committed to resolving data privacy concerns informally and promptly. We encourage you to contact the ph29 DPO in the first instance before filing a formal NPC complaint, as most concerns can be resolved quickly through direct communication with our data protection team.
Your personal data is protected by bank-grade security and the full force of the Philippine Data Privacy Act. Join over one million Filipino players who trust ph29 with their gaming — and their data. New accounts get a welcome bonus. Must be 21 and above.