phislot Privacy Policy

For the purposes of this Privacy Policy, the following terms have the meanings set out below:

• "phislot," "we," "us," or "our" refers to the operator of the phislot platform at phislot.club and all associated services.
• "Platform" means the phislot website, mobile interface, game lobby, live casino, sports betting module, cashier, and customer support systems.
• "Player," "you," or "your" refers to any individual who accesses, registers on, or uses the Platform in any capacity.
• "Personal Data" means any information that identifies or could reasonably identify you as an individual, as defined under Section 3(g) of the Data Privacy Act of 2012 (RA 10173).
• "Processing" means any operation or set of operations performed on Personal Data, including collection, recording, storage, use, disclosure, and deletion.
• "Data Controller" means the entity that determines the purposes and means of Processing Personal Data — in this context, phislot.
• "NPC" means the National Privacy Commission of the Republic of the Philippines.
• "RA 10173" or the "DPA" means the Data Privacy Act of 2012 and its Implementing Rules and Regulations.
• "KYC" means Know Your Customer identity and age verification processes.

This Privacy Policy applies to all Personal Data collected by phislot in connection with your use of the Platform, including data collected during account registration, KYC verification, deposits, gameplay, promotions, customer support interactions, and your general browsing of phislot.club.

phislot is the Data Controller of your Personal Data as defined under RA 10173. This means phislot determines the purposes for which and the means by which your Personal Data is processed. phislot is registered with the National Privacy Commission and operates in compliance with the DPA and all applicable PAGCOR data-related requirements.

This Privacy Policy does not apply to any third-party websites, services, or applications that may be linked from the Platform. phislot has no control over and accepts no responsibility for the privacy practices of those third parties.

phislot collects Personal Data through several channels and for several specific purposes. The categories of data we collect are described in the table below:

Sensitive Personal Information

phislot does not intentionally collect sensitive personal information as defined under Section 3(l) of RA 10173 — such as health data, political opinions, or religious beliefs — unless strictly required for a specific compliance purpose and with your explicit written consent. Government ID numbers collected for KYC are treated as sensitive personal information and are subject to heightened security controls.

phislot uses the Personal Data collected for the following specific purposes. We do not use your data for any purpose beyond what is listed here without first obtaining your explicit consent or as otherwise required by law:

1. Account Creation and Management: To register your phislot Account, verify your identity and age (KYC), maintain your account profile, and enable you to log in and use the Platform.
2. Provision of Gaming Services: To operate the game lobby, process wagers, calculate winnings, administer live dealer sessions, and provide real-money gaming services.
3. Payment Processing: To process deposits and withdrawals via GCash, PayMaya, BDO, BPI, and Metrobank; to maintain accurate financial records; and to reconcile transaction histories.
4. Bonus and Promotions Administration: To determine eligibility for and to administer phislot's bonus offers, free spins, cashback programmes, and VIP loyalty tier benefits.
5. Anti-Money Laundering (AML) and Fraud Prevention: To monitor transactions for suspicious activity in accordance with RA 9160 (Anti-Money Laundering Act) and PAGCOR compliance requirements; to detect and prevent fraud, account abuse, and cheating.
6. Customer Support: To respond to your queries, complaints, and escalations via live chat and email; to maintain records of communications for dispute resolution and service improvement.
7. Responsible Gaming Compliance: To manage and enforce deposit limits, cooling-off periods, self-exclusion requests, and session time controls; to identify players who may be exhibiting signs of problem gambling behaviour.
8. Platform Security: To detect and investigate unauthorised access attempts, account takeovers, and platform vulnerabilities; to enforce the phislot Terms & Conditions.
9. Platform Improvement and Analytics: To analyse anonymised usage data and improve the performance, design, and content of the phislot Platform for Filipino players.
10. Legal and Regulatory Compliance: To comply with Philippine law, PAGCOR regulations, NPC requirements, court orders, and other binding legal obligations.

Under RA 10173, phislot must have a lawful basis for each processing activity. The legal bases on which phislot relies are:

• Consent (Section 12(a) DPA): Where you have given your clear and informed consent to processing for a specific purpose — for example, consent to receive promotional emails or SMS notifications about phislot offers.
• Contractual Necessity (Section 12(b) DPA): Where processing is necessary to fulfil our contractual obligations to you under the phislot Terms & Conditions — for example, processing your deposits and withdrawals, operating your account, and providing gaming services.
• Legal Obligation (Section 12(c) DPA): Where processing is necessary to comply with a legal obligation to which phislot is subject — for example, retaining KYC and transaction records under AML laws, or complying with PAGCOR reporting requirements.
• Legitimate Interests (Section 12(f) DPA): Where processing is necessary for phislot's legitimate interests — such as platform security, fraud prevention, AML monitoring, and service improvement — provided those interests are not overridden by your fundamental rights and freedoms.

Where phislot relies on your consent as a legal basis, you have the right to withdraw that consent at any time by contacting us at [email protected]. Withdrawal of consent will not affect the lawfulness of any processing carried out before withdrawal.

phislot uses cookies and similar technologies (including local storage and session tokens) on the Platform for the following purposes:

6.1 Strictly Necessary Cookies

These cookies are essential for the Platform to function and cannot be disabled. They include session authentication tokens that keep you logged in to your phislot Account during an active session, and security cookies that protect against cross-site request forgery (CSRF) attacks. No consent is required for strictly necessary cookies.

6.2 Functional Cookies

These cookies remember your preferences — such as your preferred game category, display language, and lobby layout — to deliver a more personalised phislot experience on return visits. They are set only with your consent.

6.3 Analytics Cookies

phislot uses anonymised analytics data to understand how Filipino players navigate and use the Platform. This data is used to identify performance issues, improve page load times, and optimise the game lobby layout. Analytics data is processed in anonymised, aggregated form and cannot be used to identify you personally.

You may manage your cookie preferences at any time through your browser settings. Blocking strictly necessary cookies will prevent you from logging in to your phislot Account.

phislot does not sell, rent, or trade your Personal Data. We may share your Personal Data with the following categories of recipients, strictly on a need-to-know basis and solely for the purposes described in this Privacy Policy:

7.1 Service Providers and Data Processors

phislot engages trusted third-party service providers who process Personal Data on our behalf under binding data processing agreements. These include payment gateway operators (GCash, PayMaya, and Philippine banking partners), game content providers, cloud hosting providers, identity verification service providers, and customer support platform providers. All such providers are contractually obligated to process your data only on phislot's instructions and to maintain appropriate security standards.

7.2 Regulatory and Law Enforcement Authorities

phislot will disclose your Personal Data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission, or any other competent Philippine governmental authority when legally required to do so — including in response to lawful court orders, subpoenas, or regulatory directives.

7.3 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of phislot's assets, your Personal Data may be transferred to the acquiring entity. You will be notified via email or a prominent notice on the Platform prior to any such transfer taking effect, and you will have the opportunity to exercise your rights under RA 10173 in connection with the transfer.

Some of phislot's service providers — including cloud infrastructure providers and game content platforms — operate data centres outside of the Philippines. Where your Personal Data is transferred outside the Philippines in connection with these services, phislot ensures that such transfers comply with the requirements of RA 10173 and the NPC's regulations on cross-border data transfers.

Specifically, phislot ensures one or more of the following safeguards is in place for any cross-border transfer:

• The recipient country provides an adequate level of data protection as recognised by the NPC;
• The transfer is covered by standard contractual clauses approved by the NPC or equivalent binding data protection agreements; or
• The transfer is to a recipient that has implemented binding corporate rules or equivalent measures providing adequate protection for Personal Data.

phislot retains your Personal Data for as long as is necessary for the purposes described in this Privacy Policy, or as required by applicable law. The following retention periods apply as general guidelines:

At the end of the applicable retention period, Personal Data is securely deleted, anonymised, or pseudonymised so that it can no longer be used to identify you. Anonymised or aggregated data may be retained indefinitely for statistical and platform improvement purposes.

phislot implements appropriate technical and organisational security measures to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include, but are not limited to:

• 256-bit SSL/TLS encryption for all data in transit between your device and phislot's servers
• AES-256 encryption for particularly sensitive data at rest, including KYC document stores and payment credential references
• Access controls — phislot staff access to Personal Data is restricted on a strict need-to-know basis, with role-based access controls and audit logging of all data access events
• Multi-factor authentication for all internal phislot administrative systems
• Regular penetration testing and vulnerability assessments conducted by independent security specialists
• Intrusion detection systems and 24/7 security monitoring of platform infrastructure
• Staff training on data protection obligations, phishing awareness, and secure data handling procedures

While phislot takes all reasonable steps to protect your data, no digital platform can guarantee absolute security. You are responsible for maintaining the security of your own phislot Account credentials. If you suspect your Account has been compromised, contact phislot support immediately at [email protected].

Under the Data Privacy Act of 2012 (RA 10173), you have the following rights with respect to your Personal Data held by phislot. To exercise any of these rights, submit a written request to [email protected]. phislot will respond within 15 business days of receiving a verified request.

The phislot Platform is strictly for individuals aged 21 years and above, consistent with PAGCOR's minimum age requirements for online gaming in the Philippines. phislot does not knowingly collect Personal Data from any person under the age of 21.

As part of the registration and KYC process, phislot verifies the age of all applicants by requiring submission of a valid Philippine government-issued identity document displaying the applicant's date of birth. Any account found to have been registered by or on behalf of an individual under 21 will be immediately suspended, all associated Personal Data will be processed solely for the purposes of closure and legal compliance, and any balance in the account will be handled in accordance with applicable law and phislot's Terms & Conditions.

If phislot becomes aware that it has inadvertently collected Personal Data from a person under 21, it will take immediate steps to delete that data and close the associated account. If you are a parent or guardian and believe your child may have registered a phislot Account, please contact [email protected] immediately.

phislot may update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable law, or the services we provide. Where changes are material — meaning they affect your rights or the way we process your data in a significant way — phislot will notify you by email to your registered address or by posting a prominent notice on the Platform at least 14 days before the changes take effect.

For non-material changes — such as typographical corrections, clarifications, or changes mandated by regulatory guidance — the revised Privacy Policy will be published on this page and the "Last Reviewed" date at the top of the page will be updated. Continued use of the phislot Platform after the revised Privacy Policy takes effect constitutes your acceptance of the updated terms.

The version of the Privacy Policy that was in effect at the time any particular data was collected will govern the processing of that data, except where a new legal requirement mandates otherwise.

phislot has designated a Data Protection Officer (DPO) in accordance with Section 21 of RA 10173 and the NPC's implementing rules. The DPO is responsible for overseeing phislot's data protection compliance, handling data subject requests, and serving as the point of contact with the National Privacy Commission.

For all data privacy inquiries, personal data access or correction requests, objection or erasure requests, or privacy-related complaints, please contact phislot through the following channels:

• Live Chat: Available 24/7 from the phislot Platform — indicate "Data Privacy Request" when initiating the chat
• Email (Data Privacy): [email protected] — subject line: "Data Privacy Request – [Your Full Name]"

phislot will acknowledge receipt of your request within 2 business days and will respond fully within 15 business days of verifying your identity. For complex requests requiring additional processing time, phislot will notify you of the expected completion date within the initial 15-business-day period.

If you are not satisfied with phislot's handling of your data privacy concern after contacting us, you may escalate your complaint to the National Privacy Commission of the Philippines.