This Privacy Policy explains how p22ph collects, uses, stores, shares, and protects the personal data of players and visitors in accordance with the Republic Act No. 10173 — Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations.
This policy is issued in compliance with RA 10173 — Philippine Data Privacy Act of 2012.
p22ph ("p22ph", "we", "us", "our") is committed to protecting the privacy and personal data of every player, visitor, and individual whose information we process in connection with the p22ph online casino and sports betting platform, accessible at p22ph.org and its associated subdomains (collectively, the "Platform").
This Privacy Policy ("Policy") applies to all personal data collected by p22ph in relation to the Platform — whether collected directly from you during registration, through your use of the Platform, via our customer support channels, or indirectly through technology tools such as cookies and analytics systems. It governs how that data is collected, processed, stored, used, disclosed, and ultimately deleted or anonymised.
This Policy has been prepared in compliance with the Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), and its Implementing Rules and Regulations (IRR), which constitute the primary personal data protection legislation applicable to p22ph's operations in the Philippines. By registering an account with p22ph or otherwise using the Platform, you acknowledge that you have read and understood this Policy.
Who This Policy Covers: This Policy applies to registered p22ph players, prospective players who browse the Platform without registering, and any other individuals whose personal data p22ph processes in connection with its operations in the Philippine online gaming market.
For the purposes of the Data Privacy Act of 2012 and this Policy, p22ph acts as the personal information controller (PIC) in respect of the personal data of Philippine players and visitors processed through the Platform. As the data controller, p22ph determines the purposes and means by which personal data is collected and processed.
p22ph has designated a Data Protection Officer (DPO) responsible for overseeing compliance with the DPA and this Policy, and for serving as the point of contact for data subjects and the National Privacy Commission (NPC). The DPO's contact details are provided in Section 16 of this Policy.
p22ph collects the following categories of personal data in connection with your use of the Platform:
| Category | Examples of Data Collected | Mandatory? |
|---|---|---|
| Identity Data | Full legal name, date of birth, government ID type and number, nationality, selfie/photograph for KYC | Yes — for withdrawals |
| Contact Data | Philippine mobile number (primary identifier), email address (if provided) | Yes — mobile required at registration |
| Financial Data | GCash number, Maya account, bank account details (BPI, BDO, UnionBank), USDT wallet address, transaction history, deposit and withdrawal records | Yes — for payment processing |
| Account Data | Username, password hash, account creation date, VIP tier, loyalty points balance, active bonuses, session history, account preferences | Yes — for account operation |
| Gaming Data | Game play history (game title, bet amount, outcome, timestamp), responsible gaming settings, self-exclusion status, deposit/loss limits set | Yes — regulatory requirement |
| Technical Data | IP address, device type and OS, browser type and version, session timestamps, cookies, approximate geographic location | Collected automatically |
| Communications Data | Live chat transcripts, support ticket content, SMS logs (OTP delivery), any other correspondence with p22ph | When you contact support |
| Sensitive Personal Data | Government-issued ID numbers (PhilSys, UMID, Passport, Driver's License) — collected only for KYC age and identity verification | Yes — for KYC compliance |
p22ph does not collect racial or ethnic origin data, political opinions, religious beliefs, health data, or genetic data, except where the same may incidentally appear on a submitted government-issued identification document and is not processed for any purpose other than identity confirmation.
p22ph collects personal data through the following means:
p22ph processes your personal data for the following specified, legitimate purposes:
Marketing Opt-Out: You can opt out of receiving promotional SMS and email communications from p22ph at any time by adjusting your notification preferences in Account Settings. Opting out of marketing does not affect transactional communications such as deposit confirmations and OTP messages.
Under the Data Privacy Act of 2012, p22ph processes personal data on one or more of the following lawful bases:
p22ph does not sell, rent, or trade your personal data to third parties for their independent marketing purposes. Your personal data may be shared with third parties only in the following circumstances:
p22ph engages carefully vetted third-party service providers who process personal data on p22ph's behalf as personal information processors (PIPs) under the DPA. These include payment processing providers (GCash/Maya integration partners, bank InstaPay systems), identity verification and KYC platform providers, cloud infrastructure and hosting providers, fraud detection and AML screening services, and customer support platform providers. All such processors are bound by written data processing agreements that impose obligations no less protective than those in this Policy.
p22ph will disclose personal data to competent Philippine authorities — including PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and law enforcement agencies — where required to do so by applicable law, valid legal order, or regulatory instruction. p22ph will endeavour to notify affected players of such disclosures where legally permitted to do so.
In the event of a merger, acquisition, restructuring, or sale of substantially all of p22ph's assets, personal data held by p22ph may be transferred to the acquiring entity, subject to the same privacy protections as set out in this Policy. Affected players will be notified prior to any such transfer where required under the DPA.
Some of p22ph's service providers and technology partners are located or operate infrastructure outside the Philippines. Where personal data is transferred to a country that may not provide an equivalent level of data protection to the Philippines, p22ph ensures that appropriate safeguards are in place, including contractual data transfer mechanisms that impose obligations equivalent to those under the Philippine Data Privacy Act.
p22ph will not transfer personal data to jurisdictions that do not provide adequate protections without implementing appropriate safeguards and, where required by the NPC's rules, obtaining prior authorisation for such transfers.
p22ph retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable Philippine law. The following general retention periods apply:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account and identity data (active accounts) | Duration of account + 5 years post-closure | PAGCOR regulatory requirement; AMLA |
| KYC documentation (government IDs) | Duration of account + 5 years post-closure | AMLA; PAGCOR KYC obligations |
| Transaction and financial records | 5 years from transaction date | AMLA; tax obligations |
| Game play and betting records | 3 years from session date | PAGCOR record-keeping; dispute resolution |
| Customer support communications | 3 years from last interaction | Dispute resolution; quality assurance |
| Marketing preferences | Until opt-out or account closure | Consent |
| Technical logs and security data | 12 months rolling | Fraud prevention; security |
| Self-exclusion records | Duration of exclusion + 5 years | Responsible gaming compliance |
After the applicable retention period, personal data is securely deleted or anonymised so that it can no longer be used to identify any individual.
p22ph implements a comprehensive set of technical and organisational security measures designed to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:
Your Role in Security: p22ph's technical measures protect your data in transit and at rest, but you also play a role. Use a strong, unique password for your p22ph account. Never share your login credentials or OTP with anyone — p22ph staff will never ask for your password.
p22ph uses cookies and similar tracking technologies (web beacons, local storage) on the Platform to enable essential functionality, improve performance, and analyse usage. Cookies are small text files stored on your device when you access a website.
You can manage or disable non-essential cookies through your browser settings. Please note that disabling cookies may affect your ability to use certain features of the p22ph Platform, including the "Remember Me" login function. Essential cookies cannot be disabled as they are required for the Platform to function.
p22ph's platform is intended exclusively for adults aged twenty-one (21) years and above. p22ph does not knowingly collect personal data from individuals under 21 years of age. Age verification is a mandatory step in both the registration process and the KYC identity verification process.
If p22ph becomes aware that personal data has been collected from an individual under 21 years of age, that data will be deleted immediately and the associated account will be closed. Any funds deposited by an underage individual will be returned to the original payment source.
If you believe that a minor has registered a p22ph account or provided their personal data to p22ph, please contact p22ph's Data Protection Officer immediately at the contact details in Section 16. p22ph treats such reports as high priority.
21+ Strictly Enforced: Government-issued ID verification confirms date of birth for all withdrawal-eligible accounts. Providing false age information is a serious breach of p22ph's Terms & Conditions and applicable Philippine law.
As a data subject under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data processed by p22ph. These rights may be exercised by contacting p22ph's Data Protection Officer as described in Section 16:
The right to be informed whether p22ph processes your personal data and to receive a copy of this Privacy Policy describing how your data is handled.
The right to obtain a copy of the personal data p22ph holds about you, including information on the categories processed, purposes, and any third parties with whom it has been shared.
The right to have inaccurate or incomplete personal data corrected. Certain corrections (e.g., mobile number change) require additional identity verification for security reasons.
The right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected — subject to p22ph's legal retention obligations under PAGCOR and AMLA regulations.
The right to object to processing based on legitimate interests, including profiling and direct marketing. Objecting to marketing will result in immediate opt-out from all promotional communications.
The right to receive a copy of your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible.
Where processing is based on your consent (e.g., marketing), you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
Under the DPA, you have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorised use of your personal data.
p22ph will respond to verified data subject requests within thirty (30) calendar days of receipt. Where a request cannot be fulfilled within this period, p22ph will notify you of the reason and the expected timeline for resolution.
If you have a complaint about how p22ph has handled your personal data, you should in the first instance contact p22ph's Data Protection Officer using the contact details in Section 16. p22ph takes all data privacy complaints seriously and will provide a written response within fifteen (15) business days.
If you are not satisfied with p22ph's response to your complaint, or if you believe p22ph has violated your rights under the Data Privacy Act of 2012, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines. The NPC is the supervisory authority responsible for enforcing the DPA. Information about the NPC's complaint process is available through the NPC's official government channels.
p22ph reserves the right to update or amend this Privacy Policy from time to time to reflect changes in applicable law, regulatory requirements, platform features, or our data processing practices. The date at the top of this Policy indicates when it was last reviewed.
Where changes are material — meaning they significantly affect your rights or the way we process your personal data — p22ph will notify registered players via SMS to their registered Philippine mobile number or through an in-platform notification prior to the changes taking effect. Minor administrative or clarificatory changes may be made without prior notice.
Your continued use of the p22ph Platform following the posting of an updated Privacy Policy constitutes your acknowledgement of the updated Policy. We encourage you to review this page periodically to stay informed about how p22ph protects your personal data.
For all data privacy enquiries, requests to exercise your data subject rights, or complaints regarding p22ph's handling of your personal data, please contact p22ph's Data Protection Officer through the following channels:
When submitting a data subject request, please provide sufficient information to allow p22ph to verify your identity before processing the request. This is necessary to protect your data from unauthorised disclosure. p22ph may request a copy of your government-issued ID for verification purposes.
National Privacy Commission: Unresolved data privacy complaints may be escalated to the National Privacy Commission of the Philippines — the supervisory authority under the Data Privacy Act of 2012. The NPC's contact details and complaint procedures are available through official Philippine government channels.
Six core commitments that define how p22ph handles your personal data as a Filipino player.
p22ph's data practices are designed around the Republic Act No. 10173 — the Philippine Data Privacy Act of 2012. A registered Data Protection Officer oversees ongoing compliance and serves as your direct point of contact for all privacy matters.
Every piece of data you send to p22ph — from your login credentials to your GCash deposit confirmation — travels over 256-bit SSL-encrypted connections. Your data is never transmitted in plain text at any stage of processing.
p22ph does not sell, rent, or trade your personal data to third-party marketers. Your data is used to deliver the services you signed up for and to meet p22ph's regulatory obligations — nothing more.
As a Philippine data subject, you have the right to access, correct, delete, and port your personal data held by p22ph, plus the right to object to certain processing and to lodge a complaint with the National Privacy Commission.
p22ph doesn't keep your data indefinitely. Clear retention schedules apply per data category, aligned to PAGCOR, AMLA, and DPA requirements. When retention periods expire, data is securely deleted or anonymised.
Marketing communications from p22ph — bonus offers, event promotions, and VIP notifications — can be disabled at any time through your Account Settings. Opting out takes effect immediately and does not affect your ability to use the Platform.
Register with confidence — your personal data is handled under the Philippine Data Privacy Act, protected by SSL encryption, and never sold to third parties. Must be 21 or older.
🔞 Strictly 21+ · PAGCOR Regulated Market · Philippine Data Privacy Act Compliant