phsin Casino – Privacy Policy

1. Introduction and Scope

phsin ("we," "us," "our") is committed to protecting the privacy and security of the personal data of all individuals who access or use the phsin online gaming platform at phsin.co ("the Platform"). This Privacy Policy ("Policy") explains how phsin collects, processes, stores, discloses, and protects personal data in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 ("DPA"), and its Implementing Rules and Regulations ("IRR"), as enforced by the National Privacy Commission ("NPC") of the Philippines.

This Policy applies to all personal data processed by phsin in connection with your registration, use of the Platform, gameplay activity, financial transactions, customer support interactions, and any other engagement with phsin's services. By registering an Account with phsin, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein.

This Policy should be read alongside phsin's Terms & Conditions and Responsible Gaming Policy, both of which are available on the Platform. In the event of any conflict between this Policy and the Terms & Conditions, this Policy shall govern matters relating specifically to personal data processing.

2. Data Controller and Data Protection Officer

phsin acts as the personal information controller ("PIC") in respect of all personal data collected through the Platform, as defined under the Data Privacy Act of 2012. phsin is responsible for determining the purposes and means of processing personal data obtained from Platform users.

In compliance with the NPC's registration requirements for personal information controllers, phsin has designated a Data Protection Officer ("DPO") responsible for overseeing phsin's data protection compliance program, monitoring adherence to the DPA and this Policy, and serving as the primary point of contact for data subjects exercising their rights under the DPA.

Data subjects may contact phsin's Data Protection Officer regarding any matter relating to this Policy or their personal data by writing to: [email protected] (plain text contact — not a clickable link), with the subject line "Data Privacy Inquiry — Attention DPO."

3. Personal Data We Collect

phsin collects the following categories of personal data from registered Players and Platform visitors:

Identity and Registration Data:

• Full legal name as it appears on a valid Philippine government-issued ID
• Date of birth (for age verification — 21+ only)
• Nationality and country of residence
• Government-issued ID type, number, and expiry date (for KYC verification)
• Selfie photograph submitted during KYC verification

Contact Data:

• Philippine mobile number (Globe, Smart, or DITO)
• Email address
• Residential address (where required for enhanced KYC)

Financial and Transaction Data:

• GCash or Maya registered mobile number and account reference
• Bank account details (account name, number, and bank name for bank transfer transactions)
• Deposit and withdrawal amounts, dates, and reference numbers
• Wallet balance history and transaction logs
• USDT TRC20 wallet address where applicable

Gameplay and Activity Data:

• Game session logs including game type, duration, wager amounts, and outcomes
• Login timestamps, session durations, and device identifiers
• IP address and approximate geolocation at time of login
• Bonus and promotion activity records
• Customer support interaction records including chat transcripts and email correspondence

Technical Data:

• Device type, operating system, and browser version
• Cookie identifiers and session tokens
• Network connection type (Wi-Fi, mobile data) and internet service provider

4. How We Collect Your Data

phsin collects personal data through the following methods:

• Direct collection at registration: Information you provide when creating your phsin Account, including name, mobile number, email address, date of birth, and password.
• KYC verification submissions: Identity documents and selfie photographs submitted through phsin's KYC verification workflow as required by PAGCOR regulations and the Anti-Money Laundering Act.
• Transactional data: Payment method details and transaction records generated when you deposit or withdraw funds through GCash, Maya, bank transfers, 7-Eleven Cliqq, or USDT TRC20.
• Platform activity: Automated collection of gameplay data, session logs, device identifiers, and IP addresses as you use the Platform.
• Customer support interactions: Information you provide during live chat sessions, email correspondence, or other support channel communications with phsin staff.
• Cookies and tracking technologies: Technical identifiers placed on your device as described in Section 11 of this Policy.

phsin does not purchase personal data lists from third parties or collect personal data from social media platforms without your explicit consent.

5. Legal Basis for Processing

phsin processes personal data on the following legal bases as recognized under the Data Privacy Act of 2012:

• Contractual necessity: Processing required to perform phsin's contractual obligations to you under the Terms & Conditions — including account management, gameplay provision, payment processing, and withdrawal fulfillment.
• Legal obligation: Processing required to comply with phsin's obligations under PAGCOR regulations, the Anti-Money Laundering Act (RA 9160 as amended), the Data Privacy Act (RA 10173), and other applicable Philippine law — including KYC verification, transaction monitoring, and regulatory reporting.
• Legitimate interests: Processing necessary for phsin's legitimate business interests, including fraud prevention, platform security, responsible gaming enforcement, and service improvement — where such interests are not overridden by the data subject's rights and interests.
• Consent: Processing for purposes not covered by the above bases, such as marketing communications, where phsin obtains your specific, informed, and freely given consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.

6. How We Use Your Personal Data

phsin uses collected personal data for the following purposes:

• Creating, verifying, and managing your phsin Account
• Conducting KYC verification as required by PAGCOR and AMLC regulations
• Processing deposits, withdrawals, and in-Platform transactions through GCash, Maya, and other supported payment channels
• Delivering online gaming services, including live dealer games, slots, poker, bingo, and Dragon Tiger
• Providing customer support and resolving complaints or disputes
• Enforcing phsin's Terms & Conditions, including detecting and preventing fraud, collusion, and prohibited conduct
• Fulfilling responsible gaming obligations, including age verification (21+), deposit limit enforcement, and self-exclusion management
• Complying with AMLC transaction monitoring and suspicious transaction reporting obligations
• Sending transactional communications including deposit confirmations, withdrawal notifications, and account security alerts
• Sending marketing and promotional communications where you have opted in to receive them
• Improving phsin's platform, games, and services through aggregated and anonymized analytics
• Responding to lawful requests from PAGCOR, AMLC, the NPC, or other competent Philippine government authorities

7. Disclosure of Personal Data to Third Parties

phsin does not sell, rent, or trade your personal data to third parties for their independent marketing purposes. phsin discloses personal data to third parties only in the following circumstances:

• PAGCOR and regulatory authorities: phsin is required to provide player account data, transaction records, and gameplay reports to PAGCOR as a condition of its online gaming license, and to AMLC in compliance with anti-money laundering reporting obligations.
• Payment service providers: GCash (G-Xchange Inc.), Maya (Voyager Innovations), BPI, BDO, Metrobank, and UnionBank receive the minimum personal data necessary to process your deposit and withdrawal transactions.
• KYC and identity verification providers: Third-party identity verification services that assist phsin in processing KYC documents and conducting biometric verification, operating under data processing agreements compliant with the DPA.
• Game software providers: Licensed game studios whose titles are hosted on phsin may receive anonymized or pseudonymized game session data for technical support and audit purposes. Raw personal identity data is not shared with game providers.
• IT and platform service providers: Cloud infrastructure, cybersecurity, and platform operations vendors who process data on phsin's behalf under contractual data processing agreements that impose DPA-equivalent obligations.
• Law enforcement and courts: Where phsin is compelled by a lawful court order, subpoena, or directive from a competent Philippine authority to disclose personal data.

All third-party data processors engaged by phsin are required to maintain appropriate technical and organizational safeguards and to process personal data only on phsin's documented instructions.

8. International Data Transfers

Some of phsin's third-party service providers — including cloud infrastructure and game software providers — may process or store personal data outside of the Philippines. Where such international transfers occur, phsin ensures that:

• The receiving country provides an adequate level of protection recognized by the NPC, or
• Appropriate contractual safeguards, including standard contractual clauses that impose DPA-equivalent obligations on the recipient, are in place prior to the transfer

phsin does not transfer personal data internationally beyond what is necessary for the purposes described in this Policy. Data subjects may request information about specific international transfer arrangements by contacting phsin's Data Protection Officer.

9. Data Retention

phsin retains personal data for the following periods, or longer where required by applicable law:

• Account and KYC data: For the duration of your phsin Account plus five (5) years following permanent Account closure, in compliance with AMLC record-keeping requirements under the Anti-Money Laundering Act.
• Financial transaction records: Five (5) years from the date of the relevant transaction, in accordance with AMLC and PAGCOR record-keeping obligations.
• Gameplay logs: Two (2) years from the date of the relevant game session, or five (5) years where gameplay records are relevant to an ongoing investigation or dispute.
• Customer support records: Three (3) years from the date of the relevant interaction.
• Marketing preferences and consent records: For the duration of your Account plus three (3) years following Account closure, or until you withdraw consent, whichever is earlier.

Upon expiry of the applicable retention period, personal data will be securely deleted or anonymized so that it can no longer be attributed to an identified individual. Where anonymization is not technically feasible, phsin will implement access controls that render retained data inaccessible for operational purposes.

10. Security of Personal Data

phsin implements appropriate technical and organizational security measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures include:

• SSL/TLS encryption for all data transmitted between your device and phsin's servers
• Encryption of sensitive data at rest, including KYC documents, financial details, and authentication credentials
• Two-factor authentication (2FA) available to all registered Players to protect Account access
• Access controls limiting phsin staff access to personal data to those with a legitimate operational need
• Regular security audits and penetration testing of phsin's platform infrastructure
• Logging and monitoring of access to personal data systems for anomaly detection
• Vendor security assessments for all third-party processors handling phsin player data

In the event of a personal data breach that is likely to result in risk to the rights and freedoms of affected data subjects, phsin will notify the NPC within 72 hours of becoming aware of the breach, and will notify affected data subjects without undue delay, in accordance with Section 20 of the DPA and its IRR.

11. Cookies and Tracking Technologies

phsin uses cookies and similar tracking technologies on the Platform to maintain session state, ensure Platform security, and improve user experience. The categories of cookies phsin uses are:

• Strictly necessary cookies: Required for the Platform to function — including session authentication tokens, security cookies, and load balancing identifiers. These cannot be disabled without impairing core Platform functionality.
• Functional cookies: Remember your Platform preferences including language settings, game lobby layout, and last-visited game category.
• Analytics cookies: Aggregate, anonymized data about how Players navigate the Platform — used to identify usability issues and improve the Platform's design and performance. No individual player is identified in analytics data.
• Security cookies: Detect and prevent fraudulent activity, bot access, and suspicious behavioral patterns on the Platform.

phsin does not use third-party advertising cookies or cross-site tracking technologies. You may configure your browser to refuse non-essential cookies. Doing so may affect the functionality of certain Platform features but will not prevent access to the login or cashier functions.

12. Your Data Subject Rights

Under the Data Privacy Act of 2012, phsin Players have the following rights with respect to their personal data held by phsin:

• Right to be informed: To be notified of the manner in which your personal data is being or will be processed, including the purposes and recipients of processing.
• Right to access: To obtain a copy of the personal data phsin holds about you, together with information about how it is processed.
• Right to rectification: To have inaccurate or incomplete personal data corrected or completed.
• Right to erasure or blocking: To request the deletion or blocking of personal data where it is incomplete, outdated, false, unlawfully obtained, or no longer needed for the purposes for which it was collected — subject to phsin's legal retention obligations.
• Right to data portability: To receive a copy of your personal data in a structured, commonly used, and machine-readable format.
• Right to object: To object to the processing of your personal data for direct marketing purposes or on grounds relating to your particular situation where processing is based on legitimate interests.
• Right to damages: To be compensated for damages suffered as a result of inaccurate, incomplete, or unauthorized use of your personal data.
• Right to file a complaint: To lodge a complaint with the National Privacy Commission of the Philippines regarding phsin's data processing practices.

To exercise any of the above rights, submit a written request to phsin's Data Protection Officer at [email protected] (plain text — not a clickable link). phsin will respond to verified data subject requests within fifteen (15) calendar days of receipt. Verification of identity will be required before phsin processes any data subject request.

13. Children and Minors

The phsin platform is strictly restricted to individuals aged 21 years and above in accordance with PAGCOR's online gaming regulations. 21+ phsin does not knowingly collect personal data from individuals under 21 years of age.

Age verification is enforced at registration through KYC procedures requiring submission of a valid Philippine government-issued ID. Any Account found to belong to a person under 21 years of age will be immediately closed, and any personal data collected from that individual will be securely deleted except where retention is required by applicable law for regulatory reporting purposes.

If phsin becomes aware that it has inadvertently collected personal data from a minor, it will take prompt steps to delete that data. Individuals with reason to believe that a minor has registered with phsin are encouraged to notify phsin's Data Protection Officer immediately.

14. Amendments to This Privacy Policy

phsin reserves the right to amend, update, or replace this Privacy Policy at any time to reflect changes in applicable law, NPC guidance, PAGCOR requirements, or phsin's data processing practices. Material amendments will be communicated to registered Players via email or SMS notification to their registered contact details at least seven (7) days before the amended Policy takes effect.

The current version of this Privacy Policy is always available on the phsin website at phsin.co/privacy-policy. The "Last Updated" date at the top of this Policy reflects the date of the most recent revision. Continued use of the Platform following the effective date of any amendment constitutes acceptance of the amended Policy.

Where amendments require new consent — for example, where a new processing purpose is introduced that is not covered by phsin's existing legal bases — phsin will obtain your specific consent before commencing processing on the new basis.

15. Contact and Complaints

For any questions, concerns, or requests relating to this Privacy Policy or phsin's processing of your personal data, please contact:

• phsin Data Protection Officer: [email protected] — Subject line: "Data Privacy Inquiry — Attention DPO" (plain text — not a clickable link)
• Live Chat: Available 24/7 from your phsin Account dashboard for general privacy queries

If you are not satisfied with phsin's response to your privacy concern, you have the right to lodge a complaint with the National Privacy Commission of the Philippines. Information on filing a complaint with the NPC is available through the NPC's official government channels.

phsin is committed to resolving all data privacy concerns promptly and transparently. Our DPO will acknowledge receipt of all formal privacy inquiries within 48 hours and provide a substantive response within 15 calendar days.