phferry Privacy Policy

1.1 This Privacy Policy applies to all personal data collected by phferry in connection with the registration, operation, and maintenance of player accounts on the phferry platform, including the website at phferry.club, the mobile web application, customer support interactions, and any promotional communications.

1.2 phferry processes personal data in compliance with the Republic Act No. 10173, known as the Data Privacy Act of 2012 (DPA) of the Philippines, its Implementing Rules and Regulations (IRR), and the guidelines issued by the National Privacy Commission (NPC). For players accessing phferry from jurisdictions with additional data protection requirements, phferry applies the higher standard where practicable.

1.3 This Policy should be read in conjunction with phferry's Terms & Conditions and Responsible Gaming Policy, both of which are incorporated by reference. Personal data related to responsible gaming tools — including deposit limits, loss limits, and self-exclusion records — is handled with the highest level of sensitivity and confidentiality.

2.1 For the purposes of the Data Privacy Act of 2012 and this Policy, the data controller responsible for personal data collected through phferry is the phferry operating entity ("phferry," "the Platform").

2.2 phferry has designated a Data Protection Officer (DPO) responsible for overseeing data privacy compliance across all phferry systems and processes. Players may contact the DPO for privacy-related inquiries by writing to the address or email specified in Section 14 of this Policy.

phferry collects the following categories of personal data from Filipino players:

3.2 phferry does not collect sensitive personal information beyond what is strictly necessary for identity verification, anti-money laundering compliance, and responsible gaming obligations.

phferry collects personal data through the following means:

• Direct collection — Information you provide when registering a phferry account, completing KYC verification, depositing or withdrawing funds, contacting support, or responding to surveys and promotions.
• Automated collection — Technical data collected automatically when you access the phferry platform, including IP address, device identifiers, cookies, and server logs.
• Third-party collection — Data received from payment processors (GCash, Maya, BPI, BDO, Metrobank) necessary to verify and process financial transactions, and from identity verification service providers used during KYC processes.
• Gameplay collection — Bet histories, game session durations, and win/loss records generated automatically as part of normal gameplay on phferry's platform.

phferry processes your personal data for the following purposes:

• Registering and maintaining your phferry account and verifying your identity
• Processing deposits and withdrawals via GCash, Maya, and other supported Philippine payment methods
• Fulfilling Anti-Money Laundering (AML) obligations under Republic Act No. 9160 and its amendments
• Verifying that you meet the 21+ age requirement before granting access to real-money gaming
• Delivering customer support, resolving disputes, and responding to your enquiries
• Operating and administering responsible gaming tools including deposit limits, loss limits, and self-exclusion
• Personalising your phferry experience, including game recommendations and bonus offers
• Detecting and preventing fraud, cheating, and unauthorised account access
• Complying with applicable Philippine legal and regulatory requirements
• Sending promotional communications (where you have provided consent or where permitted under applicable law)
• Analysing platform usage to improve phferry's services and game library

phferry processes personal data on the following legal bases under the Data Privacy Act of 2012:

• Contractual necessity — Processing required to perform the contract between phferry and the player, including account management, payments, and game delivery.
• Legal obligation — Processing required to comply with Philippine laws, including the Anti-Money Laundering Act, PAGCOR regulatory requirements, and National Privacy Commission guidelines.
• Legitimate interests — Processing for fraud prevention, security monitoring, platform analytics, and responsible gaming programme administration, where phferry's legitimate interests are not overridden by your rights.
• Consent — Processing for optional marketing communications and personalisation features, where you have expressly opted in. You may withdraw this consent at any time without affecting the lawfulness of prior processing.

7.1 phferry does not sell your personal data to third parties. phferry may share your personal data with the following categories of recipients strictly on a need-to-know basis:

• Payment processors — GCash (GXI), Maya (PayMaya Philippines), BPI, BDO, Metrobank, and other Philippine payment service providers, solely for the purpose of processing deposits and withdrawals.
• Identity verification providers — Third-party KYC and document verification services used to validate government-issued Philippine IDs during account verification.
• Game providers — Licensed third-party game studios may receive anonymised technical data necessary to deliver their games to your device. No personally identifiable information is shared with game providers beyond a session token.
• Regulatory authorities — Philippine regulatory bodies including PAGCOR, the Anti-Money Laundering Council (AMLC), and the National Privacy Commission, where disclosure is required by law or regulatory order.
• Law enforcement — Where phferry is legally compelled to disclose data in response to a valid court order, subpoena, or law enforcement request under Philippine law.
• Service providers — IT infrastructure providers, cloud hosting services, customer support platform providers, and analytics vendors operating under binding data processing agreements with phferry.

7.2 All third parties with whom phferry shares personal data are required to implement appropriate technical and organisational security measures and to process data only for the specified purposes.

8.1 phferry retains personal data for the minimum period necessary to fulfil the purposes described in this Policy, subject to applicable legal retention requirements. The following general retention periods apply:

• Account and identity data — Retained for the duration of the account relationship and for a minimum of five (5) years following account closure, as required by the Anti-Money Laundering Act.
• Financial transaction records — Retained for a minimum of five (5) years from the date of each transaction, in accordance with AMLC reporting requirements.
• Gameplay records — Retained for a minimum of three (3) years for dispute resolution and regulatory compliance purposes.
• Customer support communications — Retained for two (2) years from the date of the last interaction.
• Self-exclusion records — Retained indefinitely to prevent re-registration of self-excluded players, even after account closure.

8.2 Following the expiry of applicable retention periods, personal data is securely deleted or anonymised in a manner that prevents re-identification.

9.1 phferry implements industry-standard technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and phferry's servers
• Encryption of sensitive data fields (including payment references and government ID numbers) at rest
• Role-based access controls limiting phferry staff access to personal data on a strict need-to-know basis
• Two-factor authentication (2FA) available to all players for account login security
• Regular security audits, vulnerability assessments, and penetration testing by independent third parties
• Incident response procedures aligned with National Privacy Commission notification requirements

9.2 In the event of a personal data breach that is likely to result in harm to affected players, phferry will notify the National Privacy Commission and affected individuals within the timeframes required by the Data Privacy Act of 2012 and NPC guidelines.

Under the Data Privacy Act of 2012, Filipino players have the following rights with respect to their personal data held by phferry:

• Right to be Informed — You have the right to know what personal data phferry collects, how it is used, and who it is shared with. This Policy fulfils that right.
• Right to Access — You may request a copy of the personal data phferry holds about you at any time.
• Right to Correction — You may request correction of inaccurate or incomplete personal data in your phferry account.
• Right to Erasure / Right to be Forgotten — You may request deletion of your personal data where retention is no longer necessary for the purposes for which it was collected, subject to phferry's legal retention obligations.
• Right to Object — You may object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interests.
• Right to Data Portability — You may request a structured, machine-readable copy of personal data you have provided to phferry for portability to another service.
• Right to Lodge a Complaint — You have the right to file a complaint with the National Privacy Commission (NPC) of the Philippines if you believe phferry has processed your personal data in violation of the Data Privacy Act.

To exercise any of these rights, contact phferry's Data Protection Officer via the details in Section 14. phferry will respond to verified requests within thirty (30) days in accordance with NPC guidelines.

11.1 phferry uses cookies and similar tracking technologies to operate the platform, personalise the player experience, and analyse platform usage. The following categories of cookies are used:

• Essential cookies — Required for the phferry platform to function correctly, including session management, login authentication, and security features. These cannot be disabled without impairing platform functionality.
• Functional cookies — Remember your preferences such as language settings, game lobby layout, and last-played games.
• Analytics cookies — Collect anonymised data about how players use phferry to help us improve the platform experience. No personally identifiable data is transmitted to analytics providers.
• Marketing cookies — Used only where you have provided explicit consent. May be used to deliver relevant bonus and promotional information based on your phferry activity.

11.2 You may manage cookie preferences through your browser settings. Disabling essential cookies will impair your ability to use phferry normally. Disabling marketing cookies will not affect your access to games or basic platform functionality.

12.1 phferry's platform is strictly for individuals who are 21 years of age or older. phferry does not knowingly collect personal data from anyone under 21 years of age.

12.2 Age verification is conducted as part of the KYC process for all phferry accounts prior to the processing of any withdrawal. Where phferry discovers or has reasonable grounds to believe that a registered account belongs to a person under 21, the account will be immediately suspended, all real-money balances will be frozen, and the matter will be reviewed in accordance with applicable Philippine law.

12.3 Any parent or guardian who believes their minor child has registered on phferry should contact phferry support immediately via live chat or email at the address in Section 14. phferry will take immediate action to investigate and close the account.

13.1 phferry may update this Privacy Policy from time to time to reflect changes in legal requirements, platform operations, or data processing practices. The date of the most recent revision is displayed at the top of this page.

13.2 Where changes to this Policy are material — particularly changes that affect the categories of data collected, purposes of processing, or your rights — phferry will provide advance notice to registered players via email or in-platform notification at least fourteen (14) days before the revised Policy takes effect.

13.3 Your continued use of phferry following the effective date of any revision constitutes acceptance of the updated Privacy Policy. If you do not agree with any changes, you must cease using phferry and may request account closure as described in the Terms & Conditions.

For all data privacy-related enquiries, access requests, correction requests, or complaints, please contact phferry's Data Protection Officer:

If you are not satisfied with phferry's handling of your data privacy complaint, you have the right to escalate your complaint to the National Privacy Commission of the Philippines. The NPC accepts complaints at its official government offices and through its online complaint portal. phferry cooperates fully with all NPC investigations.