This Privacy Policy describes how ph38 collects, uses, stores, shares, and protects your personal data in compliance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and applicable PAGCOR regulatory requirements.
This Privacy Policy applies to all personal data processed by ph38 in connection with the ph38 platform at ph38.asia and any associated interfaces. By registering an account or using the ph38 platform, you acknowledge that you have read and understood this Privacy Policy. This Policy is incorporated by reference into the ph38 Terms and Conditions and should be read alongside them. If you have questions at any point, contact ph38's Data Protection Officer at [email protected].
ph38 is committed to protecting the privacy and personal data of every Filipino player who uses the ph38 online gaming platform. This Privacy Policy has been prepared in accordance with Republic Act No. 10173, the Data Privacy Act of 2012 (DPA), and its Implementing Rules and Regulations (IRR) issued by the National Privacy Commission (NPC) of the Philippines, as well as applicable PAGCOR regulatory requirements governing the handling of player data on licensed online gaming platforms.
This Policy applies to:
This Policy does not apply to third-party websites, services, or applications that may be linked to or from ph38.asia. ph38 is not responsible for the privacy practices of those third parties.
ph38 is the data controller of personal data processed under this Privacy Policy. As data controller, ph38 determines the purposes and means of processing your personal data and is responsible for ensuring that such processing complies with the Data Privacy Act of 2012 and applicable regulations.
ph38 operates under the PAGCOR regulatory framework and maintains registrations with the National Privacy Commission of the Philippines as required under the DPA and its IRR. ph38 has appointed a Data Protection Officer (DPO) who is responsible for overseeing ph38's data protection compliance and serving as the point of contact for data subject inquiries and regulatory communications.
Data Protection Officer Contact: All data privacy inquiries, requests to exercise data subject rights, and formal DPA-related complaints should be directed to ph38's Data Protection Officer at [email protected] with the subject line "DATA PRIVACY REQUEST." The DPO will acknowledge requests within three (3) business days.
ph38 collects personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. The categories of personal data ph38 collects include the following:
| Data Category | Specific Data Elements | Collection Point |
|---|---|---|
| Registration Data | Legal full name, date of birth, username, email address, Philippine mobile number, password (hashed) | Account registration |
| Identity Verification (KYC) | Government-issued ID document (type, number, expiry), ID document images, selfie photographs, date of birth, residential address | KYC submission prior to first withdrawal |
| Financial Data | Deposit and withdrawal records, GCash or Maya account reference, bank account details (where applicable), transaction amounts, timestamps | Cashier transactions |
| Gaming Activity Data | Game sessions, wagers placed, game outcomes, bonus usage, session duration, betting history | Platform gameplay |
| Technical Data | IP address, device type, operating system, browser type, session tokens, login timestamps | Automatic collection on access |
| Communications Data | Support chat transcripts, email correspondence, responsible gaming interaction records | Support and responsible gaming interactions |
| Responsible Gaming Data | Deposit limits set, self-exclusion requests, cooling-off activations, responsible gaming tool usage | Account settings and support |
ph38 does not collect sensitive personal information as defined under Section 3(l) of the DPA — such as government-issued identification numbers, racial or ethnic origin, political opinions, religious beliefs, genetic data, or health data — except to the limited extent required for age verification and anti-money laundering compliance, in which case such data is collected under a lawful basis and subject to enhanced security measures.
ph38 collects personal data through the following means:
The majority of personal data ph38 processes is provided directly by you during: account registration; KYC document submission; deposit and withdrawal transactions through the ph38 cashier; communications with ph38's support team via live chat or email; and your voluntary use of responsible gaming tools such as deposit limits, cooling-off periods, and self-exclusion requests.
When you access and use the ph38 platform, certain technical data is collected automatically, including your IP address, device characteristics, browser type, and session activity. This data is collected through standard server logging and cookie mechanisms described in Section 8 of this Policy.
ph38 may receive personal data about you from third-party sources in the following circumstances: from payment service providers such as GCash, Maya, BPI, BDO, and Metrobank in connection with processing your financial transactions; from identity verification service providers engaged to assist with KYC processing; from fraud prevention and anti-money laundering screening services; and from PAGCOR or other competent Philippine authorities where required for regulatory compliance.
Under the Data Privacy Act of 2012 and its IRR, ph38 processes your personal data on the following lawful bases:
ph38 uses the personal data it collects for the following purposes, each of which is supported by a lawful basis described in Section 5:
To create, maintain, and administer your ph38 account; to verify your identity and age in accordance with PAGCOR's 21+ requirement; to process your deposits and withdrawals using your chosen Philippine payment methods; to provide access to the ph38 game library including slots, live dealer games, bingo, and specialty titles; and to manage your account settings including responsible gaming tools.
To fulfil ph38's obligations under PAGCOR regulations; to comply with anti-money laundering and counter-terrorism financing obligations under the Anti-Money Laundering Act; to respond to lawful requests and orders from PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission, and other competent Philippine authorities; and to maintain mandatory transaction records as required by applicable law.
To detect, investigate, and prevent fraud, account takeovers, bonus abuse, collusion, and other prohibited conduct outlined in the ph38 Terms and Conditions; to monitor for suspicious transaction patterns in compliance with AMLC reporting requirements; and to maintain the security and integrity of the ph38 platform for all players.
To operate ph38's responsible gaming programme — including processing your voluntary limit settings, cooling-off requests, and self-exclusion requests; to monitor gaming patterns that may indicate problem gambling; and to enable ph38's responsible gaming support team to provide appropriate interventions and resources where required.
To respond to and resolve your support inquiries; to maintain records of support interactions for quality assurance and dispute resolution purposes; and to provide targeted support based on your account history where relevant to resolving your query.
To analyse aggregated, de-identified usage data to understand how Filipino players use the ph38 platform and to make improvements to game selection, interface design, and payment processing. ph38 does not use individually identified gaming behaviour data for algorithmic decisions that affect your account without your knowledge.
To send you promotional emails, SMS messages, and in-platform notifications about ph38 bonuses, promotions, and new features — subject to your marketing communication preferences and only where you have provided the requisite consent. See Section 14 for details on marketing opt-out rights.
ph38 does not sell your personal data to third parties. ph38 shares personal data only in the following circumstances and only to the extent necessary for the stated purpose:
ph38 engages third-party service providers who process personal data on ph38's behalf as data processors under written data processing agreements that impose obligations consistent with the DPA and this Policy. These include: payment processing providers (GCash/Maya infrastructure partners, acquiring banks); identity verification and KYC service providers; game content providers (Pragmatic Play, Evolution Gaming, PG Soft, JILI, and others) to the limited extent required for game session management; IT infrastructure, hosting, and cloud service providers; fraud detection and anti-money laundering screening services; and customer support platform providers.
ph38 will disclose personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission, the Bureau of Internal Revenue (BIR), law enforcement agencies, and courts of competent jurisdiction where required or permitted by Philippine law, including under lawful order, subpoena, or regulatory request. ph38 will notify affected users of such disclosures where legally permitted to do so.
In the event of a merger, acquisition, restructuring, or sale of all or part of ph38's business, personal data held by ph38 may be transferred to the acquiring entity as part of that transaction, subject to the acquiring entity agreeing to process the data in accordance with this Privacy Policy or a substantially equivalent policy, and subject to any applicable regulatory approvals.
No Sale of Data: ph38 does not sell, rent, or lease your personal data to any third party for their independent commercial purposes. Personal data shared with service providers is shared strictly for the purpose of providing services to ph38 and not for the service provider's own commercial use.
ph38 uses cookies and similar tracking technologies to provide essential platform functionality, remember your preferences, and analyse platform performance. Cookies are small text files stored on your device by your browser when you access ph38.asia.
You may manage cookie preferences through your browser settings. Most browsers allow you to block or delete cookies; however, blocking essential cookies will prevent you from logging in to your ph38 account. ph38 does not use advertising tracking cookies or share cookie data with advertising networks.
ph38 implements technical and organisational security measures consistent with industry standards and the security requirements of the Data Privacy Act of 2012 and its IRR. These measures are designed to protect your personal data against unauthorised access, accidental loss, destruction, and unlawful processing.
ph38's security measures include, but are not limited to:
While ph38 takes appropriate technical security measures, no internet-based platform can guarantee absolute security. You are also responsible for maintaining the security of your ph38 account credentials. ph38 will never ask for your password through any channel.
ph38 retains personal data for only as long as necessary to fulfil the purposes for which it was collected, subject to any longer retention periods required by applicable Philippine law or PAGCOR regulations.
Upon expiry of the applicable retention period, ph38 will securely delete or anonymise personal data in accordance with the NPC's guidelines on personal data disposal.
Under the Data Privacy Act of 2012, you have the following rights in relation to your personal data held by ph38. To exercise any of these rights, contact ph38's Data Protection Officer at [email protected] with "DATA PRIVACY REQUEST" in the subject line.
You have the right to be informed about how your personal data is collected, processed, stored, and shared — which is the primary purpose of this Privacy Policy.
You have the right to request access to the personal data ph38 holds about you and to receive a copy of that data in a commonly used electronic format.
You have the right to request correction of inaccurate or incomplete personal data ph38 holds about you. Some corrections may require re-verification.
You have the right to request deletion of your personal data where it is no longer necessary for the purpose it was collected, subject to ph38's legal retention obligations.
You have the right to object to processing based on legitimate interests, including direct marketing. Objections to marketing are processed immediately.
You have the right to receive your personal data in a structured, commonly used, machine-readable format for transfer to another service where technically feasible.
ph38 will respond to data subject rights requests within thirty (30) calendar days of receipt of a verified request. Some requests may take longer where they are complex or where a large volume of requests has been received — in which case ph38 will notify you of the extended timeline. Rights requests are free of charge for reasonable requests; ph38 reserves the right to charge a reasonable administrative fee for manifestly unfounded or excessive requests.
If you are not satisfied with ph38's response to a data subject rights request, you have the right to lodge a complaint with the National Privacy Commission of the Philippines through its official channels.
ph38 is strictly a 21+ platform in compliance with PAGCOR regulations. ph38 does not knowingly collect personal data from individuals under 21 years of age. If ph38 becomes aware that personal data has been collected from a person under 21, that data will be deleted and the associated account permanently closed. If you believe your child or a person under 21 has registered a ph38 account, please contact [email protected] immediately.
ph38 enforces the 21+ age requirement through KYC identity verification, which is required for all accounts before a withdrawal can be processed. KYC review confirms that the date of birth on the submitted government-issued Philippine ID shows the account holder is at least 21 years of age. Accounts where age verification fails are permanently closed and deposited funds are returned to the original payment source.
Some of ph38's third-party service providers — including game content providers such as Evolution Gaming and Pragmatic Play, cloud infrastructure providers, and certain payment processing infrastructure — may be located outside of the Philippines. When ph38 transfers personal data to third parties located in other countries, ph38 ensures that appropriate safeguards are in place in accordance with Section 21 of the DPA and its IRR.
These safeguards include requiring that recipient countries provide an adequate level of data protection, or where the NPC has not made an adequacy finding for the relevant country, ensuring that appropriate contractual protections are in place through data processing agreements that incorporate the NPC's standard contractual clauses or equivalent protections recognised under the DPA.
ph38 maintains records of all cross-border data transfers and makes these available to the NPC on request. For information about the specific countries to which ph38 transfers personal data and the safeguards in place, contact ph38's Data Protection Officer at [email protected].
ph38 may send you promotional communications about bonuses, new game releases, seasonal promotions, and platform features by email, SMS to your registered Philippine mobile number, or in-platform notification — where you have consented to receiving such communications during registration or subsequently updated your account preferences to opt in.
ph38 does not send marketing communications to self-excluded players. The responsible gaming self-exclusion process automatically suppresses all marketing communications for the duration of the exclusion period.
You may withdraw your consent to receive marketing communications at any time through the following methods: updating your communication preferences in your ph38 account settings; clicking the unsubscribe link included in any ph38 marketing email; or contacting ph38 support at [email protected] with "UNSUBSCRIBE" in the subject line. Opt-out requests are processed within five (5) business days. Please note that opting out of marketing communications does not affect transactional notifications such as deposit confirmations, withdrawal updates, and security alerts, which ph38 sends as part of the account service.
The ph38 platform may contain references to or interactions with third-party services — including payment providers such as GCash and Maya, and game content from licensed providers. These third-party services operate under their own privacy policies, which ph38 does not control. ph38 is not responsible for the privacy practices of third-party service providers with whom you interact directly outside of the ph38 platform interface.
When you process a GCash or Maya payment, you are interacting with GCash (G-Xchange, Inc.) and Maya (PayMaya Philippines, Inc.) respectively, and their respective privacy policies govern the processing of your data within their systems. ph38 only receives the transaction reference data necessary to confirm and process your deposit or withdrawal on the ph38 side.
ph38 reserves the right to update this Privacy Policy from time to time to reflect changes in applicable Philippine law, NPC guidelines, PAGCOR regulations, ph38's data processing practices, or the services ph38 provides. When ph38 makes material updates to this Policy — meaning changes that significantly affect your rights or the way ph38 processes your data — ph38 will notify registered players through one or more of the following channels: an email notification to your registered email address; a notice displayed within your ph38 account dashboard at next login; or a prominent notice on the ph38.asia website.
The date at the top of this Privacy Policy indicates when it was last updated. ph38 encourages you to review this Policy periodically. Your continued use of the ph38 platform following notification of a material update constitutes your acknowledgement of the updated Policy. For non-material changes — such as typographical corrections or clarifications that do not affect the substance of the Policy — ph38 will update the Policy without individual notification but will update the effective date.
If you have questions, concerns, or requests relating to this Privacy Policy or ph38's data protection practices, please contact ph38's Data Protection Officer through the following channels:
ph38 values the trust that Filipino players — in Manila, Cebu, Davao, and across the Philippines — place in the platform with their personal data. ph38 is committed to handling that data with transparency, security, and respect for the rights enshrined in the Data Privacy Act of 2012. If you have any doubt about how your data is being used, please reach out — the DPO team is here to help.
Six commitments that define how ph38 handles your personal data
ph38's data processing practices are built to comply with Republic Act No. 10173 — the Philippine Data Privacy Act of 2012 — and the NPC's implementing rules. This means enforceable rights for Filipino players, not just policy statements.
All data transmitted between your device and ph38's servers is encrypted using 256-bit SSL/TLS. Sensitive data at rest — including KYC documents and financial account references — is stored in encrypted form with access controls.
ph38 does not sell, rent, or trade your personal data to third parties for their commercial use. Data shared with service providers is shared under binding processing agreements strictly for the purpose of delivering ph38 services to you.
ph38's data subject rights process is backed by a dedicated DPO. Requests for access, rectification, erasure, or data portability are acknowledged within 3 business days and resolved within 30 calendar days — in line with NPC requirements.
ph38 does not hold your data indefinitely. Each data category has a defined retention period set by legal obligation. When the retention period expires, data is securely deleted or anonymised — not archived indefinitely.
In the event of a personal data breach that poses real risk to players, ph38 is committed to notifying the National Privacy Commission within 72 hours — and affected players as promptly as possible — in accordance with NPC Circular 16-03.
ph38 is a PAGCOR-licensed platform built for Filipino players. Certified fair games, instant GCash payouts, Tagalog and English support 24/7, and a data privacy framework that meets Philippine legal standards. 21+ only.
Must be 21 years of age or older to register and play at ph38. Gambling involves financial risk. Please play responsibly. PAGCOR licensed.