1. Introduction and Identity of the Data Controller
phlov3 ("we", "us", "the Company", "the Platform") is the data controller responsible for the personal information collected through the phlov3.vip platform and all associated services. phlov3 is an online casino and sports betting platform built for Filipino players, operating under the regulatory framework of the Philippine Amusement and Gaming Corporation (PAGCOR).
This Privacy Policy is issued in accordance with Republic Act No. 10173 (Data Privacy Act of 2012), its Implementing Rules and Regulations (IRR), and applicable issuances of the National Privacy Commission (NPC) of the Philippines. phlov3 has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with this Policy and applicable data privacy laws. Contact details for the DPO are provided in Section 14.
phlov3 is committed to processing all personal data lawfully, transparently, and only for the purposes described in this Policy. We do not sell personal data. We do not share personal data with third parties for direct marketing by those third parties without your explicit consent.
This Policy should be read together with the phlov3 Terms and Conditions, which govern your overall use of the phlov3 platform.
2. Personal Data We Collect
phlov3 collects personal data in the following categories. We collect only the minimum data reasonably necessary for the specified processing purposes.
2.1 Identity and Registration Data
- Full legal name
- Date of birth (for 21+ age verification)
- Registered Philippine mobile number
- Email address
- Chosen username and account password (stored in hashed, salted form — never in plaintext)
- Government-issued Philippine ID type and ID number (for KYC)
- ID document images and selfie photographs (for KYC identity matching)
- Residential address (if required for enhanced due diligence)
2.2 Financial and Payment Data
- GCash account number or mobile number linked to GCash
- Maya account number or linked mobile number
- Bank account names and numbers (BPI, BDO, UnionBank) where provided for bank transfer withdrawals
- Cryptocurrency wallet addresses (USDT TRC20) where applicable
- Deposit and withdrawal transaction records, including amounts, timestamps, and payment method identifiers
- Source of funds declarations (where required by AML compliance procedures)
2.3 Gaming and Account Activity Data
- Game session history, including games played, bet amounts, outcomes, and session durations
- Account wallet balance history and transaction logs
- Bonus claim and wagering activity records
- Responsible gaming tool settings (deposit limits, self-exclusion status, cooling-off periods)
- Login timestamps, logout times, and session metadata
2.4 Technical and Device Data
- IP address at time of registration, login, and significant account actions
- Device type, operating system, and browser version
- Geolocation data (country and region level, derived from IP address)
- Cookie identifiers and session tokens (see Section 8)
- Platform interaction logs for fraud detection and security monitoring
2.5 Communications Data
- Customer support chat transcripts and email correspondence
- Feedback, survey responses, and dispute submissions
- Marketing preference settings and consent records
3. How We Collect Your Personal Data
3.1 Directly from You
The majority of your personal data is collected directly from you during the account registration process, KYC verification, deposit and withdrawal requests, customer support interactions, and through your use of Responsible Gaming Tools. You provide this information voluntarily, though certain categories (such as KYC documents) are required for regulatory compliance and cannot be waived.
3.2 Automatically Through Platform Use
phlov3 automatically collects certain technical data when you access the platform, including IP addresses, device information, browser characteristics, and session activity logs. This data is collected for security monitoring, fraud detection, and platform performance optimization purposes. Cookie-based data collection is further described in Section 8.
3.3 From Third-Party Payment Providers
When you make deposits or request withdrawals via GCash, Maya, BPI, BDO, UnionBank, Coins.ph, or other payment services, phlov3 receives transaction confirmation data from these providers, including transaction reference numbers, amounts, timestamps, and masked account identifiers. phlov3 does not receive or store your full GCash or bank login credentials.
3.4 From Identity Verification Services
phlov3 may use third-party identity verification service providers to assist with KYC document review and facial matching. Where such providers are used, they act as data processors under a written data processing agreement, and your data is shared with them only for the specific purpose of identity verification.
3.5 From Regulatory and Law Enforcement Sources
phlov3 may receive personal data from PAGCOR, the Anti-Money Laundering Council (AMLC), or other government authorities in connection with regulatory inquiries, compliance obligations, or law enforcement requests made in accordance with Philippine law.
4. Purposes and Legal Basis for Processing
phlov3 processes your personal data for the following purposes, each supported by a legal basis under RA 10173 and its IRR:
| Purpose | Data Categories | Legal Basis |
|---|---|---|
| Account registration and maintenance | Identity | Contractual necessity; consent |
| Age verification (21+ enforcement) | Identity | Legal obligation (PAGCOR regulations) |
| KYC / Anti-Money Laundering compliance | Identity Financial | Legal obligation (RA 9160, PAGCOR AML) |
| Processing deposits and withdrawals | Financial | Contractual necessity |
| Fraud detection and security monitoring | Technical Gaming | Legitimate interest; legal obligation |
| Game play and platform service delivery | Gaming Technical | Contractual necessity |
| Customer support and dispute resolution | All categories as relevant | Contractual necessity; legitimate interest |
| Responsible Gaming tool administration | Gaming Identity | Legal obligation; legitimate interest |
| Regulatory reporting to PAGCOR and AMLC | All categories as required | Legal obligation |
| Marketing communications (with consent) | Identity | Consent (opt-in only, withdrawable) |
| Platform analytics and improvement | Technical Gaming | Legitimate interest |
phlov3 does not process your personal data for purposes incompatible with those listed above without your explicit consent or a legal basis under RA 10173.
5. Sharing and Disclosure of Personal Data
5.1 We Do Not Sell Your Data
phlov3 does not sell, rent, or trade your personal data to any third party for commercial or marketing purposes. This is an absolute policy with no exceptions.
5.2 Service Providers and Data Processors
phlov3 shares personal data with carefully selected third-party service providers who process data on phlov3's behalf, strictly in accordance with written data processing agreements and phlov3's instructions. These include:
- Payment processors (GCash/GXI, Maya/Voyager Innovations, BPI, BDO, UnionBank) — for transaction processing
- Identity verification providers — for KYC document review and facial matching
- Game providers (e.g., PG Soft, Jili, Pragmatic Play, Evolution Gaming) — for game delivery and RNG certification; limited session and bet data is shared to enable game functionality
- Cloud infrastructure providers — for secure data hosting and platform operation
- Fraud and security analytics providers — for monitoring and detection of suspicious activity
- Customer support platform providers — for live chat and ticketing system operation
5.3 Regulatory and Legal Authorities
phlov3 discloses personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), law enforcement agencies, and other government bodies where required by applicable Philippine law or a valid legal process. phlov3 will notify affected users of government data requests where legally permitted to do so.
5.4 Business Transfers
In the event of a merger, acquisition, restructuring, or asset sale involving phlov3, personal data may be transferred to the acquiring entity as part of the transaction, subject to the same privacy protections as this Policy. Affected users will be notified of any change in the data controller's identity.
6. Data Security Measures
6.1 Technical Safeguards
phlov3 implements industry-standard technical security measures to protect personal data against unauthorized access, disclosure, alteration, and destruction. These measures include:
- TLS/SSL encryption for all data in transit between your device and phlov3 servers
- AES-256 encryption for sensitive data at rest, including KYC documents and financial data
- Secure hashing and salting of all account passwords — plaintext passwords are never stored
- Two-factor authentication (2FA) available for all user accounts
- IP-based anomaly detection and automated suspicious login alerting
- Regular penetration testing and vulnerability assessments by independent security specialists
- Database access controls with role-based access management and audit logging
6.2 Organizational Safeguards
phlov3's internal data security practices include: employee privacy and security training; strict need-to-know access controls for all personal data categories; a documented data breach response plan; and regular review of security policies and procedures. Only authorized phlov3 personnel with a verified business need have access to user personal data.
6.3 Data Breach Response
In the event of a personal data breach that poses a real risk to the rights and freedoms of affected users, phlov3 will: (1) notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach; and (2) notify affected individuals without undue delay, providing information about the nature of the breach, the data affected, and recommended protective actions. phlov3 maintains a documented Breach Response Plan tested on an annual basis.
7. Data Retention
phlov3 retains personal data for no longer than is necessary for the purposes for which it was collected, subject to applicable legal, regulatory, and contractual retention obligations. Specific retention periods are as follows:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration and identity data | Duration of account + 5 years post-closure | PAGCOR regulatory requirement; AML compliance |
| KYC documents (ID images, selfies) | Duration of account + 5 years post-closure | RA 9160 (AMLA) and PAGCOR requirements |
| Financial transaction records | Duration of account + 5 years post-closure | RA 9160 (AMLA); PAGCOR; taxation obligations |
| Gaming session and activity logs | Duration of account + 2 years post-closure | Regulatory audit; dispute resolution |
| Customer support records | 3 years from last interaction | Legitimate interest; dispute resolution |
| Marketing consent records | Until consent withdrawn + 1 year | Proof of consent; RA 10173 |
| Technical logs (IP, device, session) | 90 days (rolling) | Security monitoring; fraud detection |
| Cookie data (non-essential) | As specified in cookie settings (typically 30–90 days) | Consent |
Upon expiry of the applicable retention period, phlov3 will securely delete or anonymize personal data. Where anonymization is applied, the resulting data is no longer personal data and may be retained for aggregate analytics purposes.
8. Cookies and Similar Technologies
8.1 What Are Cookies
Cookies are small text files placed on your device by a website when you visit it. phlov3 uses cookies and similar technologies (such as local storage tokens and session identifiers) to operate the platform, maintain your logged-in session, remember your preferences, and gather analytics about how the platform is used.
8.2 Types of Cookies Used by phlov3
- Strictly Necessary Cookies: Required for the platform to function. These include session authentication cookies, CSRF protection tokens, and load balancing cookies. These cannot be disabled without breaking core platform functionality.
- Functional Cookies: Remember your preferences, such as language settings, responsible gaming display preferences, and "Remember Me" login settings. These are set based on your choices within the platform.
- Analytics Cookies: Collect anonymized data about how players use the phlov3 platform — pages visited, features used, session duration. Used to improve platform design and game lobby organization. Set only with your consent.
- Security Cookies: Used by phlov3's fraud detection systems to identify anomalous session behavior and prevent unauthorized account access. These are strictly necessary for platform security.
8.3 Managing Cookies
You can manage non-essential cookie preferences through your browser settings. Most modern browsers (Chrome, Safari, Firefox, and others used by Filipino players across the country) allow you to view, block, and delete cookies. Note that disabling strictly necessary cookies will impair or prevent your ability to use the phlov3 platform, including logging in to your account.
8.4 No Third-Party Advertising Cookies
phlov3 does not allow third-party advertising networks to place tracking or behavioral advertising cookies on the phlov3 platform. The phlov3 platform does not serve third-party advertisements, and user activity on the platform is not shared with advertising networks.
9. Your Data Privacy Rights
Under Republic Act No. 10173 (Data Privacy Act of 2012) and its Implementing Rules and Regulations, you have the following rights with respect to your personal data processed by phlov3. phlov3 is committed to facilitating the exercise of these rights promptly and without unnecessary barriers.
Right to Be Informed
You have the right to be informed of how your personal data is being collected, processed, used, retained, and disclosed. This Privacy Policy fulfills phlov3's obligation to inform you at the point of data collection.
Right of Access
You have the right to request access to the personal data phlov3 holds about you, including a copy of that data and information about the purposes for which it is processed. Access requests are typically fulfilled within 15 business days.
Right to Correction
You have the right to request correction of inaccurate or incomplete personal data held by phlov3. Correction requests may require supporting documentation to verify the accuracy of the proposed correction.
Right to Erasure / Blocking
You have the right to request erasure or blocking of your personal data where it is no longer necessary for its original purpose, or where processing was unlawful. This right is subject to overriding retention obligations under PAGCOR, AMLA, and other applicable regulations.
Right to Object
You have the right to object to the processing of your personal data for marketing purposes at any time, without providing a reason. You may also object to processing based on legitimate interest, subject to phlov3's assessment of its overriding grounds for processing.
Right to Data Portability
You have the right to receive a copy of the personal data you have provided to phlov3 in a structured, commonly used, machine-readable format, where technically feasible and where processing is based on consent or contract.
Right to Damages
You have the right to be indemnified for damages sustained as a result of inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data, in accordance with RA 10173.
Right to File a Complaint
If you believe phlov3 has violated your privacy rights, you have the right to file a complaint with the National Privacy Commission (NPC) of the Philippines. You are encouraged to first contact phlov3's DPO to attempt resolution before escalating to the NPC.
10. Children and Minors
phlov3 does not knowingly collect personal data from individuals under 21 years of age. The phlov3 platform is strictly intended for adults aged 21 and above, in compliance with PAGCOR's minimum age requirement for online gambling services in the Philippines.
phlov3 implements mandatory KYC age verification for all accounts to enforce the 21+ requirement. If phlov3 becomes aware that personal data has been collected from an individual under 21 — whether through an error in the registration process or any other means — the relevant account will be immediately suspended, any balance will be frozen pending investigation, and the data will be flagged for review and deletion in accordance with applicable legal requirements.
If you are a parent or guardian and believe your child may have registered an account with phlov3, please contact our Data Protection Officer or customer support immediately. phlov3 will take prompt action to investigate and, where confirmed, to delete the data and close the account.
11. Third-Party Links and Integrated Services
The phlov3 platform integrates with third-party services including payment processors, game providers, and live dealer platforms. While phlov3 carefully selects its third-party partners and requires contractual privacy protections, phlov3 is not responsible for the independent privacy practices of these third parties.
Each third-party service provider integrated into the phlov3 platform operates under its own privacy policy. phlov3 recommends that users review the privacy policies of any payment service (such as GCash, Maya, BPI, or BDO) they use to fund or withdraw from their phlov3 account, as phlov3's Privacy Policy does not govern those services.
phlov3 does not operate external social media accounts or third-party community forums where user data would be shared with social media platforms. Links from phlov3 to third-party sites are limited to those expressly referenced in these legal pages and the phlov3 Terms and Conditions.
12. Cross-Border Data Transfers
phlov3 may transfer your personal data to third-party service providers located outside the Philippines, including cloud infrastructure providers and game platform operators. Such transfers are conducted in accordance with RA 10173's requirements for cross-border data transfers, including:
- Ensuring that the recipient country or organization provides an adequate level of protection for personal data consistent with Philippine standards; or
- Entering into data transfer agreements with the recipient that impose binding privacy obligations consistent with RA 10173 and its IRR; or
- Obtaining explicit consent from the data subject for the specific transfer where required.
phlov3 maintains a register of international data transfers and their legal bases. Users may request information about specific international transfers by contacting the DPO at the details in Section 14.
13. Updates to This Privacy Policy
phlov3 reviews and updates this Privacy Policy periodically to reflect changes in our data processing practices, applicable laws, or platform operations. Material changes to this Policy will be communicated to registered users via the email address registered on their phlov3 account and/or through a prominent notice displayed on the phlov3 platform, with a minimum of fourteen (14) days' advance notice before the changes take effect.
The "Last Updated" date at the top of this Policy reflects the most recent revision. Users who continue to use the phlov3 platform after a revised Policy takes effect are deemed to have accepted the updated terms. If you do not accept a material update to this Policy, you may request Account closure in accordance with the phlov3 Terms and Conditions.
Prior versions of this Privacy Policy are archived and available upon written request to the phlov3 Data Protection Officer.
14. Contact the Data Protection Officer
phlov3 has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with this Privacy Policy and RA 10173. The DPO is your primary point of contact for all privacy-related inquiries, data rights requests, and data breach notifications.
If you have questions about this Privacy Policy, wish to exercise any of your data privacy rights, or want to report a potential privacy concern, please contact the phlov3 DPO using the following details:
If you are not satisfied with phlov3's response to your privacy inquiry or data rights request, you have the right to escalate your complaint to the National Privacy Commission (NPC) of the Philippines, which is the independent regulatory authority responsible for enforcing RA 10173.
Data Processing Summary
Quick reference for the key data processing activities at phlov3. This summary does not replace the full Policy text above.
Collected at registration and KYC. Used for age verification, identity confirmation, and AML compliance. Retained 5 years post-account closure.
GCash, Maya, bank details for transactions. Shared only with payment processors. Full credentials never stored. Retained 5 years post-closure.
Game session history, bets, outcomes. Used for service delivery, fairness audits, and responsible gaming monitoring. Retained 2 years post-closure.
IP address, device, browser. Used for fraud detection and security. Technical logs retained 90 days on a rolling basis.
Live chat transcripts, email correspondence. Used for dispute resolution and service improvement. Retained 3 years from last contact.
Only with explicit opt-in consent. Consent withdrawal available at any time via account settings or by contacting support. Never shared for third-party advertising.
phlov3's Privacy Commitments to Filipino Players
Six ways phlov3 goes beyond the minimum to protect your personal data.
We Never Sell Your Data
phlov3 has a zero-tolerance policy on selling user data. Your personal information is never sold, rented, or traded to third parties for their commercial use. This isn't just a legal obligation — it's a foundational principle of how phlov3 treats Filipino players.
AES-256 Encryption at Rest
Sensitive data — including KYC documents, financial account references, and personal details — is encrypted at rest using AES-256 encryption, the same standard used by major banks. Your data is protected even if a storage system is ever compromised.
Full RA 10173 Compliance
phlov3's Privacy Policy and data practices are designed for full compliance with Republic Act No. 10173 (Philippine Data Privacy Act of 2012). Your rights under Philippine law — including access, correction, erasure, portability, and the right to file NPC complaints — are all honored and facilitated.
Marketing Only With Your Consent
phlov3 sends marketing communications only to players who have explicitly opted in. You can withdraw marketing consent at any time through your account settings — no friction, no dark patterns, no "unsubscribe from 47 separate lists" experience. One toggle, done.
Proportionate Retention Periods
phlov3 retains your data only as long as required by regulatory obligations or operational necessity. Technical logs are purged after 90 days. Marketing consent records are deleted after consent withdrawal plus one year. We don't keep data indefinitely just because we can.
DPO Available in English & Tagalog
The phlov3 Data Protection Officer and support team handle privacy inquiries in both English and Tagalog. Exercising your data privacy rights shouldn't require formal legal language. Whether you're in Manila, Cebu, or Davao — reach out in the language you're comfortable with.