phdram Privacy Policy

1 Introduction

phdram ("phdram," "we," "us," "our") operates the online gaming platform accessible at phdram.net ("Platform") and is committed to protecting the privacy and personal data of all users ("you," "Player," "User"). This Privacy Policy ("Policy") describes how phdram collects, uses, stores, shares, and protects personal information in connection with your use of the Platform and any related services.

This Policy is issued in compliance with the Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 ("DPA"), its Implementing Rules and Regulations, and applicable guidelines issued by the National Privacy Commission of the Philippines ("NPC"). phdram is registered as a personal information controller in accordance with its obligations under the DPA.

By registering an account with phdram, using the Platform, or otherwise providing us with your personal information, you acknowledge that you have read and understood this Policy and consent to the collection and processing of your data as described herein. This Policy should be read alongside phdram's Terms & Conditions.

2 Personal Data We Collect

phdram collects personal data through multiple channels, including account registration forms, KYC verification submissions, payment transactions, gameplay activity, customer support interactions, and automated technical systems. The categories of personal data phdram processes include:

Identity Data:

• Full legal name as it appears on your government-issued Philippine ID;
• Date of birth (used for mandatory age verification — 21+ requirement);
• Gender (optional, for account personalization);
• Photograph and copy of valid Philippine government-issued ID (PhilSys card, driver's license, or passport), collected during KYC verification.

Contact Data:

• Email address (used as primary account identifier and communication channel);
• Philippine mobile phone number (used for 2FA, SMS notifications, and account recovery);
• Residential address in the Philippines.

Financial Data:

• GCash account number or registered mobile number;
• PayMaya account details where applicable;
• Bank account details (BPI, BDO, Metrobank) for bank transfer transactions;
• Cryptocurrency wallet addresses;
• Transaction history including deposit amounts, withdrawal requests, and payment method used.

Usage & Technical Data:

• IP address and geolocation data at time of login;
• Device type, operating system, browser type and version;
• Pages visited, games played, session duration, and navigation patterns;
• Login timestamps and device identifiers;
• Cookies and similar tracking technologies (see Section 6).

Communications Data: Records of your communications with phdram customer support, including live chat transcripts, email correspondence, and any complaint or feedback submissions.

3 How We Use Your Data

phdram processes your personal data for the following purposes:

• Account Creation and Management: To register your account, verify your identity, maintain your account profile, and enable access to phdram's games and services;
• Age Verification and KYC Compliance: To verify that you meet the minimum age requirement of 21 years as required by PAGCOR, and to satisfy Know Your Customer (KYC) and Anti-Money Laundering (AML) obligations;
• Payment Processing: To process deposits, withdrawals, and refunds through GCash, PayMaya, BPI, BDO, Metrobank, and cryptocurrency channels;
• Fraud Prevention and Security: To detect, investigate, and prevent fraudulent transactions, unauthorized account access, money laundering, and other prohibited conduct;
• Responsible Gaming: To monitor gameplay patterns and, where appropriate, implement responsible gaming interventions such as contacting players showing signs of problem gambling;
• Customer Support: To respond to your enquiries, process complaints, and provide account assistance through live chat and email;
• Legal and Regulatory Compliance: To comply with applicable Philippine laws, PAGCOR directives, NPC guidelines, AMLC reporting obligations, and any court orders or regulatory demands;
• Marketing Communications (with consent): To send you promotional offers, bonus notifications, and platform updates via email or SMS, where you have provided consent or where permitted under applicable law. You may withdraw this consent at any time;
• Platform Improvement: To analyse anonymised usage data for the purpose of improving phdram's platform, user experience, and game offerings.

4 Legal Basis for Processing

phdram processes your personal data on the following legal bases as provided under the Data Privacy Act of 2012:

• Contractual Necessity: Processing of identity, contact, and financial data is necessary for the performance of the contract between you and phdram (your account agreement as set out in the Terms & Conditions);
• Legal Obligation: Processing for KYC, AML, age verification, and regulatory reporting is required to comply with phdram's obligations under Philippine law and PAGCOR licensing requirements;
• Legitimate Interests: Processing for fraud prevention, security monitoring, and platform improvement serves phdram's legitimate interests and does not override your fundamental privacy rights;
• Consent: Processing for direct marketing communications (promotional emails, SMS offers) is based on your explicit consent, which you may withdraw at any time without affecting the lawfulness of prior processing.

5 Data Sharing & Disclosure

phdram does not sell, rent, or trade your personal data to any third party for their independent marketing purposes. phdram may share your personal data with third parties only in the following circumstances:

• Payment Service Providers: GCash (Mynt), PayMaya (Voyager Innovations), partner banks (BPI, BDO, Metrobank), and cryptocurrency processors receive the minimum payment data necessary to process your transactions. These providers are bound by their own privacy obligations and Philippine financial regulations;
• Game Software Providers: Where required for gameplay functionality, anonymised or pseudonymised player data may be shared with phdram's certified game providers. No directly identifiable personal data is shared beyond what is technically necessary;
• KYC and Identity Verification Services: phdram uses third-party KYC verification tools to validate the authenticity of identity documents submitted during account verification. These processors are contractually obligated to process data solely for verification purposes;
• Regulatory and Law Enforcement Authorities: phdram is required to share personal data with PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission, and law enforcement agencies where required by law, court order, or regulatory directive;
• Service Providers and Processors: Cloud hosting providers, cybersecurity vendors, analytics platforms, and customer support tooling providers who process data on phdram's behalf under Data Processing Agreements that require compliance with the DPA;
• Corporate Transactions: In the event of a merger, acquisition, or sale of assets involving phdram, personal data may be transferred as part of that transaction, subject to equivalent data protection obligations.

6 Cookies & Tracking Technologies

phdram uses cookies and similar technologies on the Platform. A cookie is a small text file placed on your device by the Platform when you visit. phdram uses the following categories of cookies:

• Strictly Necessary Cookies: Required for the Platform to function. These include session authentication cookies, CSRF protection tokens, and load-balancing cookies. These cannot be disabled without impacting your ability to use phdram;
• Functional Cookies: Remember your preferences such as language settings, game lobby view preferences, and whether you have acknowledged certain notifications;
• Analytics Cookies: Collect anonymised data about how users navigate the Platform — pages visited, time on page, error events. This data is used in aggregate and does not identify you individually. phdram uses privacy-focused analytics that do not share raw data with advertising networks;
• Security Cookies: Support fraud detection and bot protection systems, including device fingerprinting used to detect suspicious login patterns.

phdram does not use third-party advertising or behavioural tracking cookies. You may control cookie settings through your browser, though disabling strictly necessary cookies will affect Platform functionality.

7 Data Retention

phdram retains personal data for no longer than is necessary for the purpose for which it was collected, subject to the following minimum retention periods imposed by regulatory obligations:

• Account and KYC Data: Retained for a minimum of five (5) years following account closure, as required by PAGCOR AML compliance standards and AMLC record-keeping obligations under Republic Act No. 9160 (Anti-Money Laundering Act);
• Transaction Records: Retained for a minimum of five (5) years from the date of each transaction;
• Customer Support Communications: Retained for two (2) years from the date of the interaction, unless required longer for ongoing dispute resolution;
• Marketing Consent Records: Retained for as long as your account is active and for two (2) years after account closure, to demonstrate compliance with consent requirements;
• Technical Logs (IP, device, session): Retained for ninety (90) days under standard operations, extended to five (5) years where a security incident, fraud investigation, or regulatory inquiry requires longer retention.

Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised.

8 Your Rights as a Data Subject

Under the Data Privacy Act of 2012, as a Filipino data subject, you have the following rights in relation to your personal data held by phdram:

• Right to be Informed: The right to know whether phdram processes your personal data, the purposes for processing, and the categories of data held — all of which are set out in this Policy;
• Right to Access: The right to obtain a copy of the personal data phdram holds about you, along with information about how it is being used;
• Right to Rectification: The right to correct any inaccurate, outdated, or incomplete personal data in your phdram account. Most contact details can be updated directly through your account settings;
• Right to Erasure ("Right to be Forgotten"): The right to request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, subject to phdram's legal retention obligations;
• Right to Data Portability: The right to receive a copy of your personal data in a structured, commonly used electronic format for transfer to another service provider;
• Right to Object: The right to object to processing of your personal data for direct marketing purposes. You may opt out of marketing communications at any time through your account settings or by contacting support;
• Right to Damages: The right to be indemnified for damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorised use of personal data under Section 16(f) of the DPA.

To exercise any of the above rights, please contact phdram's Data Protection Officer through the contact details provided in Section 13. phdram will process your request within fifteen (15) business days of receipt.

9 Data Security

phdram implements appropriate technical and organisational security measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and phdram's servers;
• Encryption of sensitive data fields (passwords, payment details) at rest using industry-standard algorithms;
• Role-based access controls ensuring that phdram personnel can only access personal data required for their specific job function;
• Two-factor authentication enforced for phdram administrative systems;
• Regular security audits, penetration testing, and vulnerability assessments conducted by qualified third-party security specialists;
• Incident response procedures for detecting, containing, and notifying the NPC and affected users in the event of a personal data breach, consistent with NPC Circular 16-03.

While phdram takes all reasonable steps to protect your data, no internet transmission is completely secure. You are responsible for maintaining the confidentiality of your phdram account credentials and for notifying phdram immediately upon suspecting unauthorized account access.

10 Children's Privacy

The phdram Platform is strictly for adults. phdram enforces a minimum age of 21 years for all account holders, consistent with PAGCOR's minimum age requirements for online casino gaming in the Philippines. phdram does not knowingly collect personal data from individuals under the age of 21.

If phdram becomes aware that personal data has been collected from a player who is under 21 years of age, the account will be immediately suspended, all deposited funds will be returned to the original payment source, and all associated personal data will be securely deleted in accordance with applicable law.

If you believe a minor has registered a phdram account, please contact us immediately at the support email provided in Section 13.

11 Third-Party Links & Services

The phdram Platform may contain references or links to phdram's own internal pages. Where phdram's game library includes titles operated by licensed third-party software providers, those providers operate their game engines under independent data processing agreements with phdram and are subject to their own data protection obligations.

phdram is not responsible for the privacy practices of third-party payment processors (GCash, PayMaya, BPI, BDO, Metrobank) in relation to your account with those services. Your use of those payment services is governed by their respective privacy policies and terms of service.

12 Changes to This Policy

phdram reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, legal obligations, or regulatory requirements. When material changes are made, phdram will provide notice through one or more of the following channels: an in-platform notification, an email to your registered address, or a prominently displayed notice on the phdram website.

The "Last updated" date at the top of this Policy reflects the date of the most recent revision. Continued use of the phdram Platform following publication of a revised Policy constitutes your acceptance of the changes. If you do not agree with any amendment, you must cease using the Platform and may request account closure in accordance with phdram's Terms & Conditions.

13 Contact & Data Requests

For any questions, concerns, or requests relating to this Privacy Policy or the exercise of your data subject rights under the Data Privacy Act of 2012, please contact phdram through the following channels:

• Data Protection Officer / Privacy Enquiries Email: [email protected]
• Subject Line for Data Requests: Use "Data Privacy Request – [Your Full Name]" so your request is routed to the correct team immediately
• Live Chat: Available 24/7 through the phdram Platform for general privacy queries
• Response Timeframe: phdram will acknowledge data subject requests within five (5) business days and provide a substantive response within fifteen (15) business days

If you are dissatisfied with phdram's handling of your personal data or your data subject rights request, you have the right to lodge a complaint with the National Privacy Commission of the Philippines (NPC).