phcom Privacy Policy

phcom ("we," "us," "our," or "the Company") operates the online gaming platform accessible at phcom.club and all associated subdomains, mobile browser interfaces, and progressive web application versions of the Platform (collectively, "the Platform"). The Platform offers live dealer casino games, slot games, online bingo, crash goal, golf betting, and related services to Filipino players under authorization from the Philippine Amusement and Gaming Corporation ("PAGCOR").

In the course of providing these services, phcom necessarily processes certain personal information about the individuals who register Accounts and use the Platform. This Privacy Policy describes the categories of personal information we collect, the purposes for which we process that information, the legal bases on which we rely, the parties with whom we may share your information, the security measures we apply, the period for which we retain your data, and the rights available to you under Philippine law in respect of your personal information.

This Policy applies to all personal information processed by phcom in connection with the Platform, including information collected during registration, during the course of account operation, through the use of cookies and similar technologies, and through communications between you and phcom's support team. It does not apply to information collected by third parties whose services you may access through links on the Platform.

For the purposes of the Data Privacy Act of 2012 and its Implementing Rules and Regulations, phcom is the personal information controller in respect of all personal data processed in connection with the Platform. As a PAGCOR-licensed operator, phcom is registered with the relevant Philippine authorities and has appointed a Data Protection Officer ("DPO") responsible for overseeing compliance with the DPA and this Policy.

phcom maintains a Privacy Management Program in accordance with NPC Circular 16-01 and conducts regular privacy impact assessments on processing activities that involve sensitive personal information, including identity verification and financial transaction records.

phcom collects personal information that is necessary, adequate, and not excessive relative to the purposes for which it is collected, in accordance with the principle of proportionality under the DPA. The categories of personal data we collect include the following:

phcom processes your personal information only for specific, explicitly declared, and legitimate purposes. The following table sets out the primary purposes for which phcom processes personal data:

phcom processes personal information only when a lawful basis exists under Section 12 or Section 13 of the Data Privacy Act of 2012. The applicable legal bases used by phcom are:

• Performance of a contract: Processing is necessary for the performance of the contract between phcom and the User — specifically, the provision of online gaming services, account management, payment processing, and customer support.
• Legal obligation: Processing is required to comply with obligations imposed by Philippine law, including PAGCOR licensing conditions, AMLC reporting obligations, age verification requirements, and NPC data breach notification obligations.
• Legitimate interests: Processing is necessary for the legitimate interests of phcom, including fraud prevention, security monitoring, responsible gaming compliance, and Platform improvement, provided those interests are not overridden by the fundamental rights and freedoms of the data subject.
• Consent: For marketing communications and certain optional data processing activities, phcom relies on your freely given, specific, informed, and unambiguous consent. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

phcom does not sell, rent, or trade your personal information to any third party for commercial purposes. phcom may share your personal information only in the following strictly defined circumstances:

• Payment processors and e-wallet providers: GCash (GXI), Maya Philippines, and partner banks (BPI, BDO, Metrobank, UnionBank) receive the minimum data necessary to process your deposit and withdrawal transactions. These providers are subject to their own data privacy obligations under Philippine law.
• PAGCOR and regulatory authorities: phcom is required by its PAGCOR licence and by Philippine law to provide certain player data to PAGCOR upon request and to report specific transaction types and player information to the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other competent Philippine government authorities as required by law.
• Game suppliers and content providers: Live dealer game studios and RNG software providers receive session data (but not full identity data) to the extent necessary to deliver the gaming experience. These providers are bound by data processing agreements that restrict their use of such data.
• Identity verification service providers: Third-party KYC and identity verification services accredited under Philippine law may process your government ID data and biometric information solely for the purpose of verifying your identity for PAGCOR compliance purposes.
• Professional advisers: phcom's legal counsel, auditors, and compliance consultants may access personal data to the extent strictly necessary for the performance of their professional services and are subject to confidentiality obligations.
• Law enforcement and courts: phcom will disclose personal information in response to a lawful court order, subpoena, law enforcement request, or other legally valid demand from a competent Philippine authority. phcom will notify affected Users of such disclosures to the extent permitted by law.

phcom uses cookies and similar tracking technologies (including local storage, session tokens, and device fingerprinting) on the Platform to support the delivery of services, maintain session continuity, and analyse Platform usage patterns. The categories of cookies used by phcom are:

• Strictly necessary cookies: Required for the Platform to function. These include session authentication tokens, login state cookies, and security cookies. These cookies cannot be disabled without preventing you from using the Platform.
• Functional cookies: Remember your preferences such as language settings, responsible gaming limit configurations, and game display preferences. These improve your experience but are not essential to Platform operation.
• Analytics cookies: Used by phcom to understand how Users interact with the Platform — which pages are visited most, how long sessions last, and where Users encounter difficulties. Analytics data is aggregated and does not identify individual Users.
• Security and fraud prevention cookies: Used to detect suspicious login patterns, identify multiple accounts from the same device, and flag potentially fraudulent activity. These are strictly necessary for security purposes.

You may manage non-essential cookies through your browser settings. Disabling strictly necessary cookies will prevent you from logging in and using the Platform. phcom does not use third-party advertising cookies or retargeting pixels.

phcom retains personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable Philippine law. The following retention periods apply:

• Account and identity data: Retained for the duration of your Account plus a minimum of five (5) years following Account closure, in compliance with PAGCOR record-keeping requirements and the Anti-Money Laundering Act of 2001 (as amended by Republic Act No. 10927).
• Financial transaction records: Retained for a minimum of five (5) years from the date of the transaction, as required under AMLC regulations.
• KYC and identity verification documents: Retained for the duration of the Account plus five (5) years following closure, subject to any extended retention required by law enforcement orders or regulatory investigation.
• Gaming activity data: Retained for three (3) years from the date of the session or transaction, subject to any regulatory extension.
• Marketing communications data: Retained until you withdraw consent or for two (2) years from your last interaction with a marketing communication, whichever is earlier.
• Customer support communications: Retained for two (2) years from the date of the last communication in a support interaction.

Upon expiry of the applicable retention period, phcom will securely delete or anonymise your personal information in a manner that makes re-identification impossible, unless a longer retention period is required by law or by a subsisting legal hold.

phcom implements appropriate technical and organisational security measures to protect your personal information against unauthorised access, accidental loss, destruction, alteration, or disclosure. Our security infrastructure includes:

• Encryption: All data transmitted between your device and phcom's servers is encrypted using 256-bit SSL/TLS protocols. Data at rest in phcom's databases is encrypted using industry-standard symmetric encryption.
• Access controls: Access to personal data within phcom's systems is restricted to authorised personnel on a strictly need-to-know basis, governed by role-based access control policies and audit logging.
• Two-factor authentication: phcom's internal systems require multi-factor authentication for all personnel accessing production data environments.
• Penetration testing and vulnerability assessment: phcom conducts regular security testing of the Platform's infrastructure and engages independent security professionals to conduct periodic penetration tests.
• Incident response: phcom maintains a documented data breach incident response procedure. In the event of a personal data breach that is likely to result in risk to the rights and freedoms of affected individuals, phcom will notify the National Privacy Commission within seventy-two (72) hours of becoming aware of the breach, and will notify affected data subjects without undue delay.

Under the Data Privacy Act of 2012 and its Implementing Rules and Regulations, you have the following rights in respect of your personal information held by phcom:

To exercise any of the above rights, please submit a written request to phcom's Data Protection Officer at [email protected]. phcom will acknowledge your request within three (3) business days and respond substantively within fifteen (15) business days. phcom may request proof of identity before processing any rights request to protect against unauthorised disclosure.

phcom implements age verification measures at the point of registration and during the KYC process to enforce the 21+ restriction. These measures include verification of government-issued identification documents confirming date of birth. phcom's KYC process is a mandatory regulatory requirement under PAGCOR's licensing conditions, and no withdrawal will be processed from an unverified Account.

If you are a parent or guardian and believe that your child under 21 may have registered an Account on phcom, please contact [email protected] immediately. phcom will investigate the matter, close the Account, delete the associated personal data, and return any deposited funds to the source payment method within thirty (30) business days of confirmation of the minor's use.

phcom's primary data processing infrastructure is located within the Philippines. Where phcom uses third-party service providers — such as cloud infrastructure providers, game content suppliers, or payment processing partners — whose servers may be located outside the Philippines, phcom ensures that such transfers comply with Section 21 of the Data Privacy Act of 2012 and the NPC's implementing guidelines on cross-border data transfers.

Safeguards implemented for cross-border transfers include:

• Data processing agreements containing standard contractual clauses requiring recipient parties to maintain data protection standards equivalent to those required under Philippine law;
• Transfer impact assessments for transfers to jurisdictions not recognised as providing adequate data protection;
• Data minimisation to ensure that only the data strictly necessary for the relevant processing purpose is transferred outside the Philippines.

You may request further information about the cross-border transfer mechanisms applicable to your personal data by contacting [email protected].

phcom sends marketing communications — including information about new games, promotions, bonuses, and Platform updates — only to Users who have expressly opted in to receive such communications at the time of registration or thereafter through their Account settings. Marketing communications may be delivered via email or SMS to the contact details registered on your phcom Account.

You may opt out of marketing communications at any time by:

• Updating your communication preferences in your phcom Account settings;
• Clicking the "Unsubscribe" link included in every marketing email sent by phcom;
• Sending a written opt-out request to [email protected].

Opting out of marketing communications will not affect transactional communications relating to your Account, including deposit confirmations, withdrawal notifications, security alerts, and compliance-related correspondence. These transactional messages are sent on the basis of contract performance or legal obligation and cannot be opted out of while your Account remains active.

phcom reviews this Privacy Policy regularly and may update it from time to time to reflect changes in our data processing practices, changes in applicable Philippine law, or regulatory guidance issued by the National Privacy Commission. The "Last Updated" date at the top of this Policy reflects the date of the most recent revision.

Where a change to this Policy materially affects your rights or the manner in which phcom processes your personal information, phcom will notify you via the email address registered to your Account at least seven (7) calendar days before the change takes effect. For non-material changes — such as clarifications or corrections — phcom may update this Policy without individual notice, with the change taking effect upon publication.

Your continued use of the phcom Platform following publication of a revised Privacy Policy constitutes your acknowledgment of the revised Policy. If you do not accept the revised Policy, you should stop using the Platform and may close your Account by contacting [email protected].

For any questions, requests, or concerns relating to this Privacy Policy or the processing of your personal information by phcom, please contact:

If you are not satisfied with phcom's response to a privacy complaint or rights request, you have the right to lodge a complaint with the National Privacy Commission of the Philippines ("NPC"). The NPC is the independent regulatory body established under the Data Privacy Act of 2012 with jurisdiction over privacy violations by personal information controllers operating in the Philippines. Information about the NPC's complaint process is available through official Philippine government channels.