phfairy Privacy Policy

1.1 The data controller responsible for the personal data of phfairy Members and site visitors is the operator of the phfairy platform accessible at phfairy.club ("phfairy," "we," "us," "our").

1.2 phfairy has designated a Data Protection Officer (DPO) responsible for ensuring compliance with RA 10173 and overseeing the implementation of this Privacy Policy. Contact details for the DPO are provided in Section 15 of this Policy.

1.3 phfairy is registered with the National Privacy Commission (NPC) of the Philippines as required under RA 10173 for personal information controllers processing the personal data of Filipino data subjects.

2.1 phfairy collects the following categories of personal data, depending on your interaction with the Platform:

Identity Data:

• Full legal name as appearing on government-issued ID
• Date of birth (for age verification — 21+ requirement)
• Nationality and country of residence
• Government-issued ID number and ID document image (for KYC/AML compliance)
• Photograph or selfie (where required for ID verification)

Contact Data:

• Registered mobile number (Philippine mobile number, Globe/Smart/DITO)
• Email address (if provided during registration)
• Residential address (for regulatory compliance purposes)

Account & Transaction Data:

• Account username and security credentials (passwords stored as irreversible cryptographic hashes — never in plaintext)
• Deposit and withdrawal history, amounts, payment method references
• Wagering history, game logs, bet records, win/loss data
• Bonus claims, promotional participation records
• Account balance history

Technical & Usage Data:

• IP address and approximate geolocation at time of access
• Device type, operating system, browser type and version
• Session duration, pages visited, features used, click patterns
• Cookie identifiers and similar tracking technology data (see Section 9)

Communications Data:

• Records of communications with phfairy support (live chat logs, email correspondence)
• Feedback, complaints, and dispute records
• phfairy Circle community posts and messages (subject to Community Guidelines)

3.1 Directly from you: When you register an Account, complete identity verification (KYC), make a deposit or withdrawal, place a bet, contact support, participate in promotions, or interact with phfairy Circle.

3.2 Automatically: Through cookies, web beacons, session tracking, and server logs when you access the phfairy website or mobile platform. Technical data is collected automatically whenever you interact with our Platform.

3.3 From third parties: From identity verification service providers (for KYC/AML compliance), payment processors (transaction confirmation data), fraud detection services, and PAGCOR or other regulatory bodies where required by law.

4.1 phfairy processes your personal data for the following specific, legitimate purposes:

• Account creation and management: Registering your Account, verifying your identity and age (21+ requirement), managing your profile and security settings.
• Service delivery: Processing deposits and withdrawals, enabling game access, settling bets, crediting bonuses, and providing all Platform features.
• Legal and regulatory compliance: Meeting PAGCOR licensing obligations, Anti-Money Laundering Act (AMLA) compliance, age verification requirements, tax reporting obligations, and NPC data privacy requirements.
• Fraud prevention and security: Detecting and preventing fraudulent account activity, money laundering, multiple account violations, bot activity, and other security threats.
• Customer support: Responding to your queries, resolving disputes, managing complaints, and providing technical assistance.
• Platform improvement: Analyzing usage data to improve game offerings, platform performance, user experience, and feature development.
• Responsible gaming: Monitoring for indicators of problem gambling behavior, enforcing self-exclusion and limit settings, and fulfilling PAGCOR responsible gaming obligations.
• Marketing communications: Sending promotional offers, bonus notifications, and platform updates — only where you have provided explicit consent or where permitted by applicable law. You may withdraw marketing consent at any time.

5.1 Under RA 10173, phfairy processes personal data on the following legal bases:

• Consent: For marketing communications and non-essential cookies, we rely on your explicit, informed consent, which you may withdraw at any time without affecting the lawfulness of processing prior to withdrawal.
• Contractual necessity: For Account management, payment processing, and service delivery — processing is necessary to perform the phfairy Member Agreement (Terms and Conditions) to which you are a party.
• Legal obligation: For KYC/AML compliance, PAGCOR regulatory reporting, tax obligations, and any other processing required by Philippine law.
• Legitimate interests: For fraud prevention, platform security, responsible gaming monitoring, and platform analytics — where these interests are not overridden by your fundamental rights and freedoms.

6.1 phfairy does not sell, rent, or trade your personal data to third parties for their own marketing purposes. We share personal data only in the following circumstances:

Service providers and processors: phfairy engages trusted third-party service providers who process personal data on our behalf and under our instruction, under binding data processing agreements. These include:

• Payment processors (GCash/Maya/BPI/BDO integrations, InstaPay, crypto payment gateways)
• Identity verification and KYC service providers
• Cloud infrastructure and hosting providers
• Fraud detection and cybersecurity service providers
• Customer support platform providers
• Game content providers (who may receive anonymized gameplay data)

Regulatory and legal disclosure: phfairy will disclose personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission, courts, law enforcement agencies, and other government bodies when required to do so by applicable Philippine law, court order, or regulatory demand.

Business transfers: In the event of a merger, acquisition, or sale of substantially all of phfairy's assets, personal data may be transferred to the acquiring entity, subject to the same privacy protections as this Policy.

6.2 All third-party processors who handle phfairy Member data are bound by contractual data processing agreements that require them to process data only as instructed, maintain appropriate security measures, and comply with RA 10173.

7.1 Some of phfairy's third-party service providers (including cloud hosting, game content providers, and fraud detection services) may be located outside the Philippines and may process your personal data in other jurisdictions.

7.2 Where personal data is transferred outside the Philippines, phfairy ensures that appropriate safeguards are in place, including contractual clauses that impose equivalent data protection standards consistent with RA 10173, and that such transfers are conducted only where necessary and proportionate to the purposes described in Section 4.

7.3 By using the phfairy Platform, you acknowledge and consent to the transfer of your personal data to countries outside the Philippines where our service providers operate, subject to the protections described in this Section.

8.1 phfairy retains personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable Philippine law, whichever is longer.

8.2 Specific retention periods include:

• Account and KYC data: Retained for the duration of your Account and for a minimum of five (5) years following Account closure, as required under AMLA and PAGCOR regulations.
• Transaction and wagering records: Retained for a minimum of five (5) years from the date of the transaction, for regulatory compliance and dispute resolution purposes.
• Support communications: Retained for three (3) years from the date of the communication.
• Technical and usage data: Retained for up to twenty-four (24) months from collection, unless required longer for security or legal purposes.
• Marketing consent records: Retained for the duration of consent and for three (3) years following withdrawal of consent, as evidence of compliance.

8.3 Upon expiry of the applicable retention period, personal data will be securely deleted or anonymised so that it can no longer be attributed to an identified or identifiable individual.

9.1 phfairy uses cookies and similar tracking technologies (web beacons, pixel tags, local storage) on the Platform for the following purposes:

• Essential cookies: Required for core Platform functionality — login session management, security tokens, fraud prevention, and game session continuity. These cannot be disabled without impairing Platform functionality.
• Analytics cookies: Used to understand how Members navigate and use the Platform — page views, session durations, feature engagement. This data is aggregated and used to improve the Platform experience. Analytics cookies are activated only with your consent.
• Preference cookies: Used to remember your Platform preferences (e.g., language, display settings, game filter preferences) to personalise your experience.

9.2 You may manage cookie preferences through your browser settings. Disabling non-essential cookies will not prevent you from using phfairy, but may affect certain personalisation features.

10.1 phfairy implements appropriate technical and organisational measures to protect your personal data against accidental loss, destruction, alteration, unauthorised disclosure, or access. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and phfairy servers
• Passwords stored exclusively as irreversible cryptographic hashes (bcrypt) — phfairy staff cannot view your password
• Two-Factor Authentication (2FA) available to all Members and strongly recommended
• Real-time intrusion detection and anomalous access monitoring
• Regular third-party security audits and penetration testing
• Strict access controls ensuring phfairy staff can only access Member data on a need-to-know basis
• Physical and logical security controls on all data processing infrastructure

10.2 In the event of a personal data breach that is likely to harm your rights and interests, phfairy will notify you and the National Privacy Commission (NPC) within seventy-two (72) hours of becoming aware of the breach, as required by RA 10173.

11.1 Under RA 10173, you have the following rights with respect to your personal data processed by phfairy. You may exercise these rights by contacting our DPO as described in Section 15.

11.2 phfairy will respond to all data subject rights requests within thirty (30) calendar days of receipt. Where a request is complex or involves a large volume of data, phfairy may extend this period by a further thirty (30) days, notifying you of the extension and reason.

12.1 The phfairy Platform is strictly for persons aged 21 years and older. phfairy does not knowingly collect or process personal data from persons under 21 years of age.

12.2 If phfairy becomes aware that it has inadvertently collected personal data from a person under 21 — whether through a false declaration of age or any other means — phfairy will immediately suspend the relevant Account, delete the associated personal data to the extent permitted by legal retention obligations, and report the matter as required by PAGCOR.

12.3 Parents or guardians who believe that a minor may have registered a phfairy Account are requested to contact phfairy immediately via live chat or email so that the Account can be reviewed and closed.

13.1 The phfairy Platform may contain links to third-party websites or services (such as payment provider portals). This Privacy Policy applies exclusively to the phfairy Platform. When you follow a link to a third-party site, phfairy assumes no responsibility for the privacy practices or content of that third-party site.

13.2 We encourage you to read the privacy policies of any third-party sites you visit, particularly payment providers, before submitting personal data to those services.

14.1 phfairy reserves the right to update or modify this Privacy Policy at any time to reflect changes in applicable law, regulatory requirements, data processing practices, or Platform features. The "Last Updated" date at the top of this page reflects the most recent revision.

14.2 Material changes to this Policy — particularly changes that affect how we use your personal data or affect your data subject rights — will be notified to Members via in-Platform notification, email (where registered), or prominent notice on the phfairy homepage at least seven (7) days before taking effect.

14.3 Your continued use of the phfairy Platform following notification of a revised Privacy Policy constitutes acceptance of the changes. If you do not agree to the revised Policy, you may exercise your right to data erasure (subject to legal retention obligations) and close your Account.

15.1 For any questions, concerns, or requests relating to this Privacy Policy or the personal data phfairy holds about you, please contact our Data Protection Officer through the following channels:

• Email: support @ phfairy.club (Subject: Data Privacy Request)
• Live Chat: Available 24/7 via the phfairy Platform — select "Privacy & Data" as your query category
• Messenger & Viber: Via phfairy's official verified pages

15.2 If you are not satisfied with phfairy's response to your data subject rights request, or believe phfairy has violated your rights under RA 10173, you have the right to file a complaint with the National Privacy Commission (NPC) of the Philippines.