phdteam Privacy Policy

1.1 phdteam operates the online gaming and sports betting platform at phdteam.org, providing Filipino players with access to slot games, live casino tables, sports betting, bingo, sabong, and arcade products, all denominated in Philippine Peso and accessible through GCash, PayMaya, and other local payment channels.

1.2 In the course of providing these Services, phdteam necessarily collects and processes personal data about its Members and visitors. This Privacy Policy explains in clear terms what data phdteam collects, the purposes for which it is processed, how it is stored and secured, with whom it is shared, how long it is retained, and what rights you hold over your personal information.

1.3 phdteam takes privacy seriously. The Philippine Data Privacy Act of 2012 (Republic Act No. 10173) establishes a comprehensive framework for data protection in the Philippines, and phdteam's data practices are designed to comply fully with this framework, including its Implementing Rules and Regulations and relevant issuances of the National Privacy Commission (NPC).

1.4 This Privacy Policy applies to all personal data collected by phdteam through the phdteam.org website, any mobile browser interface, and all communications between phdteam and its Members or prospective Members. It applies to all Members regardless of which region of the Philippines they are located in — whether Metro Manila, Cebu, Davao, Iloilo, or elsewhere in the archipelago.

2.1 For the purposes of the Data Privacy Act of 2012 and its Implementing Rules and Regulations, phdteam acts as the personal information controller in respect of all Member personal data collected and processed through the phdteam platform.

2.2 As the personal information controller, phdteam determines the purposes for which Member personal data is collected, the means by which it is processed, and the policies and safeguards governing its handling. phdteam is responsible for ensuring that its data processing practices comply with applicable Philippine law and PAGCOR data governance requirements.

2.3 Where phdteam engages third-party service providers to process personal data on its behalf — such as payment processors, KYC verification services, or cloud infrastructure providers — those third parties act as personal information processors under binding data processing agreements that require them to process personal data only in accordance with phdteam's documented instructions and applicable Philippine law.

2.4 phdteam has designated a Data Protection Officer (DPO) responsible for overseeing compliance with the Data Privacy Act and this Privacy Policy. To contact the phdteam DPO, please email support@phdteam.org with the subject line "Data Protection Officer — Privacy Query."

3.1 phdteam collects personal data through several channels: directly from you during registration and account use, automatically through your interaction with the platform, and from third parties involved in providing or verifying your use of the Services.

3.2 Data You Provide Directly

3.3 Data Collected Automatically

When you access and use the phdteam platform, certain technical and behavioral data is collected automatically:

• Technical Device Data: IP address, device type, operating system, browser type and version, screen resolution, and mobile network information;
• Usage Data: Pages viewed, games launched, features accessed, session duration, search queries within the platform, bet slip interactions, and click-stream data;
• Transaction and Gaming Data: All deposit and withdrawal transactions, game session records including wager amounts, game outcomes and results, betting history, and bonus usage;
• Geolocation Data: General geographic location derived from IP address (country and region level), used for regulatory compliance and fraud prevention. phdteam does not collect precise GPS-level location data.

3.4 Data from Third Parties

phdteam may receive personal data about you from third-party sources in the following circumstances:

• KYC and Identity Verification Providers: Third-party identity verification services may provide phdteam with the result of document authenticity checks and identity confirmation;
• Payment Processors: GCash, PayMaya, bank partners, and other payment service providers may transmit transaction confirmation data and, where required for fraud prevention, additional payment-related identity data;
• PAGCOR and Regulatory Databases: phdteam may receive data from PAGCOR's self-exclusion register or other regulatory databases to verify that a Member is not subject to a gambling exclusion order;
• Social Login Providers: If you use Google or Facebook login to access phdteam, those platforms share your basic profile information (name, email address) with phdteam in accordance with their own privacy policies and your consent settings on those platforms.

4.1 phdteam processes your personal data only for specified, explicit, and legitimate purposes. The following table sets out the primary purposes for which phdteam uses Member personal data:

4.2 phdteam does not use Member personal data for automated decision-making that produces legal or similarly significant effects without human review. Where automated systems are used in fraud screening or responsible gaming monitoring, flagged cases are reviewed by a human compliance officer before any adverse action is taken on an account.

5.1 Under the Data Privacy Act of 2012, phdteam relies on the following legal bases for processing your personal data:

• Contractual Necessity: Processing your personal data is necessary for phdteam to perform its obligations under the Terms and Conditions you agreed to when registering your account — including account management, payment processing, and provision of gaming services;
• Legal Obligation: phdteam is required to process certain personal data to comply with its obligations under Philippine law, including PAGCOR regulations, the Anti-Money Laundering Act (AMLA), and the Data Privacy Act — particularly for KYC verification, suspicious transaction reporting, and regulatory audit requirements;
• Legitimate Interests: phdteam processes certain data on the basis of its legitimate interests — including fraud detection, platform security, responsible gaming monitoring, and platform analytics — where those interests are not overridden by your rights and freedoms;
• Consent: Where phdteam relies on your consent as the legal basis for processing — such as for marketing communications or non-essential cookies — you may withdraw that consent at any time without affecting the lawfulness of processing already carried out on the basis of that consent.

6.1 phdteam does not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes. Personal data is shared only as described in this section and only to the extent necessary for the stated purpose.

6.2 Service Providers (Personal Information Processors)

phdteam shares personal data with carefully selected third-party service providers who process data on phdteam's behalf and under binding data processing agreements. These include:

• Payment processors: GCash, PayMaya, BDO, BPI, Metrobank, UnionBank, InstaPay partners, and cryptocurrency payment processors — for the purpose of processing your financial transactions;
• KYC and identity verification providers: Third-party services used to verify the identity and age of Members as required by PAGCOR and AML regulations;
• Cloud infrastructure and hosting providers: Secure cloud service providers hosting the phdteam platform and data on servers that meet applicable security and data residency standards;
• Game content providers: Pragmatic Play, PG Soft, JILI, Evolution, Microgaming, Habanero, and other licensed game suppliers may receive game session data necessary to operate their game engines and verify results;
• Analytics and security service providers: Services used to monitor platform performance, detect fraud, and identify security threats.

6.3 Regulatory and Legal Disclosures

phdteam will disclose personal data to government authorities, regulators, and law enforcement agencies where required by applicable Philippine law or where phdteam is ordered to do so by a court of competent jurisdiction. This includes disclosures to PAGCOR as part of regulatory oversight, to the Anti-Money Laundering Council (AMLC) under AMLA reporting obligations, and to the National Privacy Commission (NPC) in the event of a notifiable data breach.

6.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of phdteam's business or assets, personal data held by phdteam may be transferred to the successor entity. Members will be notified of any such transfer where required by applicable law, and the successor entity will be bound to honor the commitments made in this Privacy Policy with respect to data already collected.

7.1 phdteam uses cookies and similar tracking technologies (including web beacons and local storage) to operate the platform effectively, to personalize your experience, and to analyze platform usage. The following table describes the categories of cookies used by phdteam:

7.2 You can control non-essential cookie categories through your browser settings. Most modern browsers allow you to block cookies, delete existing cookies, or receive notifications when a new cookie is set. Please note that blocking strictly necessary cookies will impair your ability to use the phdteam platform, including the ability to log in to your account.

7.3 phdteam does not use cookies or tracking technologies for third-party behavioral advertising or to track your activity across other websites.

8.1 phdteam retains personal data for as long as necessary to fulfill the purposes for which it was collected, to comply with applicable Philippine legal and regulatory obligations, and to resolve disputes or enforce agreements.

8.2 The following retention periods apply as a general guide, subject to applicable law:

• Active Account Data: Retained for the duration of your account's active status plus a minimum of five (5) years following account closure, in compliance with PAGCOR record-keeping requirements and AMLA obligations;
• KYC and Identity Verification Records: Retained for a minimum of five (5) years after the date of the last transaction on the account, as required by the Anti-Money Laundering Act (AMLA) and PAGCOR regulations;
• Financial Transaction Records: Retained for a minimum of five (5) years from the date of each transaction, pursuant to AMLA requirements;
• Customer Support Records: Retained for three (3) years from the date of the last relevant interaction, unless a longer period is required to resolve an ongoing dispute;
• Marketing Consent Records: Retained for the period of your consent plus three (3) years, to evidence the basis of marketing communications sent to you;
• Platform Usage and Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely; individual usage data linked to an account is deleted or anonymized within twelve (12) months of account closure.

8.3 Where data is required for an ongoing legal proceeding, regulatory investigation, or unresolved dispute, phdteam may retain the relevant data beyond the standard retention periods until the matter is fully resolved.

9.1 phdteam implements a comprehensive set of technical and organizational security measures designed to protect your personal data against unauthorized access, accidental loss, destruction, or disclosure. These measures include:

• Encryption in Transit: All communications between your device and phdteam's servers are encrypted using TLS 1.3 (256-bit SSL encryption). This applies to all platform interactions including login, game sessions, and financial transactions;
• Encryption at Rest: Personal data stored in phdteam's databases is encrypted at rest using AES-256 encryption;
• Access Controls: Strict role-based access controls ensure that phdteam personnel can only access personal data that is necessary for their specific job function. All data access is logged and audited;
• Network Security: phdteam's infrastructure is protected by firewalls, intrusion detection systems, DDoS mitigation, and regular penetration testing conducted by independent security specialists;
• Password Security: Member passwords are stored as cryptographic hashes using industry-standard algorithms — plain-text passwords are never stored;
• Two-Factor Authentication: phdteam offers optional two-factor authentication (2FA) for all Member accounts. Members are strongly encouraged to enable 2FA as an additional layer of account security;
• Employee Training: phdteam personnel with access to personal data receive regular training on data protection obligations, security best practices, and incident response procedures.

9.2 Data Breach Response. In the event of a personal data breach that is reasonably likely to result in serious harm to affected individuals, phdteam will notify the National Privacy Commission (NPC) within seventy-two (72) hours of becoming aware of the breach, as required by the Data Privacy Act and NPC Circular No. 16-03. Affected Members will be notified promptly where the breach poses a high risk to their rights and interests.

9.3 While phdteam employs industry-standard security measures, no data transmission over the internet or electronic storage system is entirely immune from risk. phdteam cannot guarantee the absolute security of your personal data. Members are encouraged to take their own precautions, including using strong unique passwords and enabling 2FA.

10.1 The Data Privacy Act of 2012 (Republic Act No. 10173) gives you specific rights with respect to your personal data held by phdteam. phdteam is committed to facilitating the exercise of these rights promptly and without undue burden. Your rights are as follows:

10.2 To exercise any of the above rights, please submit a written request to phdteam via live chat support or by email to support@phdteam.org with the subject line "Data Privacy Rights Request." phdteam will verify your identity before processing any data rights request and will respond within a reasonable timeframe, and in any event within thirty (30) days of receipt of a valid request, in accordance with NPC guidelines.

11.1 phdteam's registration process includes an age declaration requirement and subsequent KYC verification to confirm that all Members meet the minimum age of 21 years. Where phdteam discovers that a Member's account was registered or used by a person under 21 years of age, the account will be permanently suspended, all balances forfeited, and the matter reported to PAGCOR.

11.2 If you believe that a minor under 21 years of age may have accessed or registered for a phdteam account, please contact phdteam support immediately so that appropriate action can be taken.

12.1 phdteam primarily stores and processes Member personal data in data centers located in Asia, including in the Philippines and in regional cloud infrastructure hubs. In certain cases, where phdteam uses global service providers — such as cloud platform providers or game content suppliers with international infrastructure — your personal data may be processed or stored on servers located outside the Philippines.

12.2 Where phdteam transfers personal data outside the Philippines, it ensures that appropriate safeguards are in place to protect the data to a standard equivalent to that required under the Data Privacy Act of 2012. These safeguards include:

• Data processing agreements incorporating standard contractual clauses approved by the NPC or equivalent regulatory body;
• Transfers only to third parties in countries whose data protection laws have been assessed as providing an adequate level of protection;
• Technical controls ensuring that data transferred internationally is subject to the same encryption, access control, and security standards as data processed domestically.

12.3 You may request further information about international data transfers affecting your personal data by contacting phdteam's Data Protection Officer.

13.1 The phdteam platform may contain references or links to third-party websites, services, or content. This Privacy Policy applies only to personal data collected and processed by phdteam in connection with the phdteam platform and Services. phdteam is not responsible for the privacy practices, content, or security of any third-party website or service.

13.2 If you access or use any third-party service in connection with your phdteam account — including social login providers (Google, Facebook), GCash, PayMaya, or any linked banking application — your use of that third-party service is governed by that party's own privacy policy and terms of service. phdteam encourages you to read the privacy policies of any third-party service you use.

13.3 Game content providers whose games are available in the phdteam lobby process certain game session data through their own systems. phdteam selects game providers that maintain data processing standards consistent with applicable Philippine privacy requirements and with phdteam's own Privacy Policy commitments.

14.1 phdteam may update this Privacy Policy from time to time to reflect changes in our data practices, changes in applicable law or PAGCOR regulatory requirements, or improvements to our privacy safeguards. The effective date at the top of this document will be updated whenever the policy is revised.

14.2 Where a proposed amendment materially affects your rights or the way phdteam processes your personal data, phdteam will provide advance notice of the changes via email to your registered address and through a prominent notice on the phdteam platform, with a minimum of fourteen (14) days' notice before the changes take effect.

14.3 Minor amendments — such as clarifications, corrections of typographical errors, or updates required immediately by regulatory directive — may take effect upon publication without advance notice. The most current version of this Privacy Policy is always accessible at phdteam.org/privacy-policy.

14.4 Your continued use of the phdteam platform after the effective date of any updated Privacy Policy constitutes your acknowledgment and acceptance of the updated terms, to the extent permitted by applicable Philippine law.

15.1 If you have any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal data by phdteam, please contact the phdteam Data Protection Officer through any of the following channels:

• Email: support@phdteam.org — Subject line: "Data Privacy Rights Request" or "Privacy Policy Query"
• Live Chat: Available 24/7 through the phdteam.org website
• Viber / Messenger: Via phdteam's official support channels

15.2 phdteam will acknowledge receipt of all privacy-related inquiries within three (3) business days and will endeavor to provide a substantive response within thirty (30) days, in accordance with NPC guidance on response timelines.

15.3 National Privacy Commission (NPC) Complaints. If you are not satisfied with phdteam's response to your privacy concern, or if you believe phdteam has processed your personal data in violation of the Data Privacy Act of 2012, you have the right to lodge a complaint with the National Privacy Commission of the Philippines. Information about how to file a complaint with the NPC is available on the NPC's official government website.