Privacy Policy

1. Overview

winph22 ("we," "us," "our," "the Company," "winph22") is committed to protecting the privacy and personal data of all users ("you," "your," "the User") of the winph22 online gaming platform accessible at winph22.co. This Privacy Policy applies to all personal data collected through the winph22 website, account registration process, customer support channels, payment processing flows, and any other touchpoint where personal data is submitted to or collected by winph22.

By registering an account on winph22 or continuing to use the platform, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein. This Policy should be read in conjunction with the winph22 Terms and Conditions.

2. Data Controller

For the purposes of the Data Privacy Act of 2012 (Republic Act 10173, "DPA") and its implementing rules, winph22 acts as the Personal Information Controller (PIC) in respect of personal data collected through the platform. winph22 operates under a PAGCOR license and is subject to the data protection requirements applicable to all PAGCOR-regulated online gaming operators in the Philippines.

winph22 has designated a Data Protection Officer (DPO) responsible for overseeing compliance with data protection obligations. Inquiries regarding the exercise of data subject rights and data protection matters may be directed to the winph22 support team as described in Section 14 of this Policy.

3. Personal Data We Collect

winph22 collects personal data from you in the following categories:

3.1 Registration and Identity Data. When you create a winph22 account, we collect your full legal name, date of birth, nationality, residential address (including barangay, city, and province for Philippine residents), email address, and mobile phone number. This information is required to fulfill PAGCOR Know Your Customer (KYC) obligations and to create and administer your account.

3.2 Identity Verification Documents. To comply with PAGCOR KYC and Anti-Money Laundering Act (AMLA) requirements, winph22 may collect copies or images of government-issued identification documents, including Philippine national IDs, passports, driver's licenses, and equivalent documentation. These documents are used solely for identity verification and are retained in accordance with the schedule set out in Section 7.

3.3 Financial and Transaction Data. We collect records of all deposits, withdrawals, wagers, wins, losses, and bonus transactions conducted through your winph22 account. We also collect payment method details as necessary to process transactions — such as GCash-registered mobile numbers, PayMaya account references, and bank account details where relevant. Full financial account credentials (e.g., bank passwords or PINs) are never collected or stored by winph22.

3.4 Technical and Usage Data. When you access the winph22 platform, our systems automatically collect certain technical data including your IP address, device type and model, operating system, browser type and version, session timestamps, pages visited, features used, game sessions, click patterns, and referring URLs. This data is used for platform security, fraud detection, and service improvement purposes.

3.5 Communications Data. When you contact winph22 customer support — whether by live chat, email, or any other channel — we retain records of those communications including the content, timestamps, and outcome of each interaction. This data is used for quality assurance, dispute resolution, and training purposes.

3.6 Responsible Gaming Data. If you use winph22's responsible gaming tools — such as setting deposit limits, requesting a cooling-off period, or initiating self-exclusion — we record those instructions and their effective dates. This data is processed solely to give effect to your responsible gaming choices and to comply with regulatory obligations.

4. Purpose of Processing

winph22 processes your personal data for the following specific, lawful purposes:

• Account creation and management: Registration, authentication, account settings, and profile maintenance;
• Identity verification and KYC compliance: Verifying your identity as required by PAGCOR and AMLA regulations;
• Transaction processing: Handling deposits, withdrawals, wagers, and bonus credits through GCash, PayMaya, BPI, BDO, Metrobank, and other approved payment channels;
• Fraud prevention and security: Detecting and preventing unauthorized account access, money laundering, collusion, bonus abuse, and other prohibited conduct;
• Regulatory compliance: Meeting PAGCOR reporting obligations, AMLA transaction monitoring requirements, and other applicable legal mandates;
• Customer support: Responding to inquiries, resolving disputes, and providing platform assistance;
• Platform improvement: Analyzing usage patterns to improve game performance, interface design, and overall user experience;
• Responsible gaming: Administering self-exclusion, deposit limits, and other player protection measures;
• Marketing communications: Sending promotional offers, bonus notifications, and platform updates to users who have consented to receive such communications. You may withdraw consent at any time.

5. Legal Basis for Processing

winph22 processes personal data on the following legal bases under RA 10173 and its Implementing Rules and Regulations:

• Contractual necessity: Processing required to perform the account agreement and deliver the services you have requested;
• Legal obligation: Processing necessary to comply with PAGCOR licensing requirements, AMLA reporting obligations, and other applicable Philippine laws;
• Legitimate interests: Processing for fraud prevention, platform security, and service improvement where such interests are not overridden by your fundamental rights;
• Consent: Processing for marketing communications, optional platform features, and cookie categories beyond strictly necessary — where your explicit consent has been obtained and is revocable.

6. Sharing of Personal Data

winph22 does not sell personal data. We share personal data only in the following circumstances:

6.1 Regulatory Authorities. winph22 is required by law and PAGCOR licensing conditions to share certain transaction data, KYC records, and suspicious transaction reports with PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other competent Philippine government bodies upon lawful demand.

6.2 Payment Service Providers. To process your deposits and withdrawals, winph22 shares necessary transaction details with payment processors including GCash (Mynt), PayMaya (Maya Bank), and partner banks such as BPI, BDO, and Metrobank. These providers act as processors and are contractually bound to use your data only to execute the relevant payment instruction.

6.3 Game Content Providers. winph22 integrates games from third-party providers. Game providers may receive pseudonymized session data (such as an anonymized player ID and wager amounts) necessary to operate the game. They do not receive your full name, contact details, or financial account information.

6.4 IT and Security Service Providers. winph22 engages third-party providers for hosting, cybersecurity, fraud detection, and analytics services. These providers process data strictly as processors under data processing agreements that impose equivalent data protection obligations.

6.5 Legal Proceedings. winph22 may disclose personal data where required by a valid court order, legal process, or government investigation applicable under Philippine law.

7. Data Retention

winph22 retains personal data for no longer than is necessary for the purpose for which it was collected, subject to the following minimum retention periods mandated by regulation:

• Account registration and KYC records: minimum five (5) years from account closure, as required by AMLA;
• Transaction records: minimum five (5) years from the date of the transaction;
• Customer support communications: three (3) years from the date of the final interaction;
• Technical and usage logs: up to twelve (12) months, except where retained longer for active fraud or security investigations;
• Marketing consent records: retained until revocation of consent plus one (1) year for audit purposes.

Upon expiry of the applicable retention period, personal data is securely deleted or anonymized in accordance with winph22's data disposal procedures.

8. Security Measures

winph22 implements a multi-layered security framework to protect personal data against unauthorized access, disclosure, alteration, and destruction. Key measures include: TLS 1.2 / 1.3 encryption for all data in transit; AES-256 encryption for sensitive data at rest; role-based access controls limiting staff access to personal data on a need-to-know basis; multi-factor authentication for administrative system access; regular penetration testing and vulnerability assessments; and a documented incident response plan aligned with NPC breach notification requirements.

Notwithstanding these measures, no online system is completely immune from security risks. winph22 encourages all users to use strong, unique passwords, enable two-factor authentication on their accounts, and notify our support team immediately upon suspecting unauthorized access.

9. Cookies and Tracking Technologies

winph22 uses cookies and similar tracking technologies on the platform for the following purposes:

• Strictly necessary cookies: Required for the platform to function — session management, login authentication, and security features. These cannot be disabled.
• Functional cookies: Remembering your preferences such as language settings, last viewed games, and display options to improve your experience.
• Analytics cookies: Collecting aggregated, anonymized usage statistics to understand how users navigate the platform and identify areas for improvement. These are activated only with your consent.
• Marketing cookies: Tracking conversion events for winph22's own promotional campaigns. Activated only with your consent.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect platform functionality. winph22 does not use cross-site tracking cookies for third-party advertising networks.

10. Your Data Subject Rights

Under the Data Privacy Act of 2012 and its Implementing Rules, you have the following rights in respect of your personal data held by winph22:

• Right to be informed: The right to know what personal data we hold about you, how it is used, and with whom it is shared;
• Right of access: The right to request a copy of the personal data we hold about you;
• Right to rectification: The right to request correction of inaccurate or incomplete personal data;
• Right to erasure: The right to request deletion of personal data that is no longer necessary, where consent has been withdrawn, or where processing has no lawful basis — subject to overriding legal retention obligations;
• Right to object: The right to object to processing based on legitimate interests or for direct marketing purposes;
• Right to data portability: The right to receive your personal data in a structured, machine-readable format where technically feasible;
• Right to lodge a complaint: The right to file a complaint with the National Privacy Commission (NPC) if you believe winph22 has violated your data privacy rights.

To exercise any of these rights, contact the winph22 support team. We will respond to verified requests within thirty (30) days as required by the DPA. Identity verification may be required before actioning certain requests.

11. Minors and Age Restriction

The winph22 platform is strictly prohibited for persons under 21 years of age in accordance with PAGCOR regulations. winph22 does not knowingly collect personal data from anyone under 21. If we become aware that personal data has been collected from a person under the required age, we will promptly close the account and delete the associated personal data except where retention is required by law. Parents or guardians who believe their minor child has registered on the platform should contact winph22 support immediately.

12. Cross-Border Data Transfers

winph22's primary data processing infrastructure is located within the Philippines. Where personal data is transferred to processors or service providers in other jurisdictions — such as international game content providers or cloud infrastructure providers with data centers outside the Philippines — winph22 ensures that equivalent data protection standards are contractually imposed through data processing agreements, and that such transfers comply with the cross-border transfer provisions of RA 10173 and NPC guidance.

13. Changes to This Privacy Policy

winph22 reserves the right to update this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or PAGCOR regulatory requirements. Material changes will be communicated to registered users via email notification or an in-platform notice at least seven (7) days prior to taking effect. The date of the most recent revision is displayed at the top of this page. Continued use of the winph22 platform after the effective date of a revised Policy constitutes acceptance of the updated terms.

14. Contact and DPO Inquiries

For questions about this Privacy Policy, to exercise your data subject rights, or to raise a data protection concern, please contact the winph22 customer support and Data Protection Officer through the contact details displayed in the footer of this page. winph22 is committed to addressing all genuine data privacy inquiries promptly and in good faith.

If you are not satisfied with winph22's response to a data privacy concern, you have the right to escalate your complaint to the National Privacy Commission of the Philippines, the regulatory body responsible for enforcement of RA 10173.