35ph Privacy
Policy

1. Introduction & Scope

This Privacy Policy ("Policy") applies to all personal data processed by the operator of the 35ph online gaming platform ("35ph", "we", "us", or "the Company") in connection with the operation of the website accessible at https://35ph.bio and all associated gaming services offered thereunder.

By registering a 35ph account, accessing the platform, or using any 35ph service, you acknowledge that you have read and understood this Policy and consent to the collection, use, and processing of your personal data as described herein. This Policy should be read alongside the 35ph Terms & Conditions, which govern the general use of the platform.

35ph is committed to complying with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations (IRR), and all applicable issuances of the National Privacy Commission (NPC) of the Philippines. In addition, as a PAGCOR-regulated gaming operator, 35ph adheres to all data handling requirements specified by PAGCOR for the protection of player information.

2. Data We Collect

35ph collects personal data that is necessary and proportionate to the purposes described in this Policy. The categories of personal data we process are set out in the table below.

35ph does not collect special categories of sensitive personal information (as defined under the DPA) unless specifically required by law, such as health information in the context of responsible gaming self-exclusion requests.

3. How We Collect Data

35ph collects personal data through the following channels:

• Direct provision by the Player: Information you provide during the account registration process, KYC identity verification, payment method setup, and when you contact 35ph support.
• Automated technical collection: When you access and use the 35ph platform, we automatically collect technical data including your IP address, device identifiers, browser information, and session activity logs through server logs and cookies.
• Payment processors: When you make a deposit or withdrawal, the relevant payment provider (e.g., GCash, Maya, BPI) shares transaction confirmation data with 35ph to credit or debit your wallet.
• Identity verification providers: Where 35ph uses a third-party KYC service to verify your identity documents, that provider will share verification results with 35ph.
• Regulatory sources: PAGCOR or other regulatory bodies may provide 35ph with information relevant to self-exclusion registers, politically exposed persons (PEP) databases, or AML watchlists as required by law.

4. How We Use Your Data

35ph processes your personal data for the following purposes:

• To create and manage your 35ph account, including maintaining your wallet, game history, and account preferences;
• To verify your identity and age (21+) as required by Philippine gaming law and PAGCOR regulations;
• To process deposits and withdrawals to your nominated GCash, Maya, or bank account;
• To comply with anti-money laundering (AML) and counter-terrorism financing (CTF) obligations under Philippine law;
• To monitor gaming activity for responsible gaming purposes and to apply player protection measures where appropriate;
• To detect, investigate, and prevent fraudulent activity, security breaches, and violations of the 35ph Terms & Conditions;
• To provide customer support and resolve disputes relating to your 35ph account or gaming activity;
• To send you transactional communications such as deposit confirmations, withdrawal notifications, and security alerts via SMS or email;
• To send promotional communications about 35ph offers, bonuses, and new games — only where you have provided consent and have not opted out;
• To fulfil regulatory reporting obligations to PAGCOR and, where required by law, to relevant government authorities.

5. Legal Basis for Processing

35ph processes your personal data on the following legal bases under the Data Privacy Act of 2012:

• Contractual necessity: Processing required to perform the contract with you — i.e., operating your 35ph account, processing bets, and handling deposits and withdrawals.
• Legal obligation: Processing required to comply with Philippine law, including AML/CTF obligations under Republic Act No. 9160 (Anti-Money Laundering Act), PAGCOR regulatory requirements, and NPC guidelines.
• Legitimate interests: Processing carried out for 35ph's legitimate interests, including fraud prevention, platform security, responsible gaming monitoring, and business analytics — where such interests do not override your fundamental rights.
• Consent: Processing for marketing communications, where you have provided explicit consent. You may withdraw this consent at any time without affecting the lawfulness of prior processing.

6. Data Sharing & Disclosure

35ph does not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes. We share personal data only in the following circumstances:

• Payment processors: GCash, Maya, BPI, BDO, Metrobank, GrabPay, InstaPay, and other payment providers — to process deposits and withdrawals to your account;
• KYC/identity verification providers: Third-party identity verification services used to process your government-issued ID and confirm your age and identity;
• Game software providers: JILI, Pragmatic Play, Evolution Gaming, PG Soft, Asia Gaming, and other certified game providers — game data is shared to enable fair game operation and dispute resolution;
• Regulatory authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other competent Philippine government bodies — where disclosure is required by law, court order, or regulatory directive;
• Professional advisers: Legal counsel, auditors, and compliance consultants who are bound by professional confidentiality obligations;
• Business transfers: In the event of a merger, acquisition, or sale of the 35ph business, your personal data may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy.

7. Data Retention

35ph retains your personal data for as long as your 35ph account remains active and for such additional period as is required by law or legitimate business need. The following retention periods apply as a general guide:

• Account and identity data: Retained for the duration of the account relationship and for a minimum of five (5) years following account closure, as required by PAGCOR regulations and anti-money laundering law;
• Transaction and financial data: Retained for a minimum of five (5) years from the date of the transaction, in accordance with AMLC record-keeping requirements;
• Gaming data: Retained for a minimum of three (3) years from the date of the relevant gaming session, to support dispute resolution and regulatory audit;
• Technical and security logs: Retained for up to twelve (12) months in active systems, and up to three (3) years in secure archive, for fraud investigation and security purposes;
• Support communications: Retained for up to three (3) years from the date of the interaction.

When personal data is no longer required for its primary purpose or any mandatory retention period, 35ph will securely destroy, delete, or anonymise the data in accordance with applicable NPC guidelines.

8. Data Security

35ph implements appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, destruction, or accidental loss. These measures include:

• Transport Layer Security (TLS) encryption for all data transmitted between your device and the 35ph platform;
• Secure hashing of account passwords — passwords are never stored in plain text on 35ph systems;
• Role-based access controls — personal data is accessible only to 35ph staff who require it for their specific operational role;
• Two-factor authentication (2FA) requirements for administrative access to systems holding player data;
• Regular security assessments, vulnerability scanning, and penetration testing of the 35ph platform;
• Incident response procedures that include player notification in the event of a data breach affecting personal data, in compliance with NPC notification requirements under the DPA.

While 35ph takes all reasonable steps to protect your personal data, no online platform can guarantee absolute security. You are responsible for maintaining the security of your 35ph account credentials and should immediately notify us if you suspect unauthorised access to your account.

9. Cookies & Tracking Technologies

The 35ph platform uses cookies and similar technologies for the following purposes:

• Strictly necessary cookies: Required for the platform to function — these maintain your login session, remember your account preferences, and enable secure navigation. These cannot be disabled without affecting platform functionality;
• Performance and analytics cookies: Used to collect aggregate, anonymised data about how players navigate and use the 35ph platform, enabling us to identify and improve technical performance and user experience;
• Security cookies: Used to detect fraudulent login attempts, bot activity, and other suspicious behaviour on the platform.

35ph does not use third-party advertising or behavioural tracking cookies. Your browser settings allow you to control or delete cookies. Note that disabling strictly necessary cookies may prevent certain 35ph platform features from functioning correctly.

10. Your Rights Under the DPA

Under the Data Privacy Act of 2012 of the Philippines, you have the following rights with respect to your personal data held by 35ph:

• Right to be informed: You have the right to be informed about how 35ph processes your personal data — which is the purpose of this Privacy Policy;
• Right of access: You may request a copy of the personal data 35ph holds about you, including a description of its source, how it has been used, and who it has been shared with;
• Right to rectification: You may request correction of any personal data that is inaccurate or incomplete;
• Right to erasure or blocking: You may request deletion or blocking of your personal data where it is no longer necessary for its original purpose, where it was processed unlawfully, or where you have withdrawn consent — subject to applicable legal retention obligations;
• Right to object: You may object to the processing of your personal data where processing is based on 35ph's legitimate interests, including objecting to direct marketing communications;
• Right to data portability: You may request a machine-readable copy of personal data you have provided to 35ph;
• Right to lodge a complaint: If you believe 35ph has violated your data privacy rights, you may file a complaint with the National Privacy Commission (NPC) of the Philippines.

To exercise any of the above rights, submit a written request to the 35ph Data Privacy Officer using the contact details in Section 13. Requests will be acknowledged within five (5) business days and resolved within fifteen (15) business days, subject to identity verification and applicable legal exemptions.

11. Minors & Age Verification

35ph applies mandatory age verification procedures at account registration. All new accounts are required to submit government-issued identity documents confirming the applicant is at least 21 years of age before withdrawal capabilities are activated. Identity documents accepted include PhilSys National ID, driver's license, SSS ID, UMID, Postal ID, and Philippine passport.

If 35ph becomes aware that personal data has been collected from an individual under 21 years of age, the relevant account will be suspended immediately, any deposits returned, and the personal data deleted in accordance with this Policy. If you believe a minor has registered a 35ph account, please notify us immediately via the contact details in Section 13.

12. Changes to This Privacy Policy

35ph reserves the right to update or revise this Privacy Policy at any time to reflect changes in our data processing practices, legal obligations, or the 35ph platform. Material changes to this Policy will be communicated to registered players via email or on-platform notification at least seven (7) days before they take effect, where operationally practicable.

Your continued use of the 35ph platform after the effective date of any revised Privacy Policy constitutes your acknowledgement of the changes. We encourage you to review this Policy periodically. The current version is always accessible at https://35ph.bio/privacy-policy, with the effective date indicated at the top of the document.

13. Contact the Data Privacy Officer

If you wish to exercise any of your rights under the DPA, submit a privacy-related complaint, or make a general enquiry about 35ph's data processing practices, please contact our Data Privacy Officer (DPO) through the following channels:

Please include your registered 35ph username and a clear description of your request. For right-of-access or erasure requests, identity verification will be required before we can process your request. We will acknowledge all DPO requests within five (5) business days.

If you are dissatisfied with 35ph's response to a privacy concern, you have the right to escalate the matter to the National Privacy Commission (NPC) of the Philippines, which is the supervisory authority responsible for the enforcement of the Data Privacy Act of 2012.