PHJoint Privacy Policy

1 Introduction

This Privacy Policy ("Policy") describes how PHJoint ("we," "us," "our," or "the Company") collects, uses, stores, and protects the personal information of users ("you," "your," or "Player") who access or use the PHJoint website at phjoint.com, the PHJoint mobile application, and all related services (collectively, the "Platform").

PHJoint is committed to handling your personal data responsibly, transparently, and in accordance with applicable data protection laws, including the Republic Act No. 10173, also known as the Data Privacy Act of 2012 of the Philippines, and its implementing rules and regulations as administered by the National Privacy Commission (NPC).

This Policy applies to all personal data collected from registered players, visitors to the Platform, and any other individuals who interact with PHJoint in any capacity. Please read this Policy carefully. If you have questions about how PHJoint handles your data, our contact details are provided in Section 15.

2 Data Controller

PHJoint acts as the data controller in respect of the personal information collected through the Platform. As data controller, PHJoint determines the purposes and means by which your personal data is processed.

For all data privacy inquiries, requests, or complaints, you may contact PHJoint's designated Data Protection Officer (DPO) through the contact details provided in Section 15 of this Policy. PHJoint's DPO is responsible for overseeing compliance with this Policy and applicable data protection legislation.

3 Personal Data We Collect

PHJoint collects the following categories of personal data from users of the Platform:

PHJoint does not collect sensitive personal information such as racial or ethnic origin, political opinions, religious beliefs, or health data unless specifically required by law or regulatory obligation and with your explicit consent.

4 How We Collect Your Data

PHJoint collects personal data through the following means:

• Direct interactions: Information you provide when registering an account, completing identity verification, making deposits or withdrawals, contacting customer support, or participating in promotions;
• Automated technologies: Technical and usage data collected automatically when you access the Platform, including through cookies, web beacons, pixel tags, and server logs;
• Third-party sources: Identity verification data from KYC service providers, fraud prevention data from security partners, and payment data from payment processors such as GCash and PayMaya;
• Publicly available sources: Information from public databases or social media platforms where permitted by applicable law and relevant to fraud prevention or regulatory compliance.

5 How We Use Your Personal Data

PHJoint uses the personal data we collect for the following purposes:

• To create, verify, and manage your PHJoint account;
• To process deposits, withdrawals, and betting transactions securely;
• To verify your identity and age in compliance with applicable gaming regulations, including the requirement that all players be at least 21 years of age;
• To detect, investigate, and prevent fraudulent activity, money laundering, and other illegal conduct;
• To comply with legal and regulatory obligations, including reporting requirements under PAGCOR guidelines and the Anti-Money Laundering Act (AMLA);
• To provide customer support and resolve disputes;
• To send you transactional communications, including account notifications, deposit confirmations, and withdrawal updates;
• To send you marketing communications about PHJoint promotions, bonuses, and new features, where you have provided consent or where we have a legitimate interest in doing so;
• To monitor your betting activity for responsible gaming purposes and to apply any self-imposed limits or exclusions you have requested;
• To improve the Platform, personalise your experience, and conduct internal analytics and research;
• To enforce our Terms & Conditions and other applicable policies.

6 Legal Basis for Processing

PHJoint processes your personal data on the following legal bases as recognised under the Data Privacy Act of 2012 and applicable regulations:

• Contractual necessity: Processing required to fulfil our obligations to you under the PHJoint Terms & Conditions, including account management, transaction processing, and service delivery;
• Legal obligation: Processing required to comply with applicable laws and regulations, including anti-money laundering obligations, gaming licensing requirements, and tax reporting;
• Legitimate interests: Processing carried out for PHJoint's legitimate business interests, including fraud prevention, platform security, and service improvement, where such interests are not overridden by your rights and freedoms;
• Consent: Processing based on your freely given, specific, informed, and unambiguous consent, particularly in relation to direct marketing communications. You may withdraw your consent at any time by contacting PHJoint support.

7 Sharing Your Personal Data

PHJoint does not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may share your personal data with the following categories of recipients only where necessary and in accordance with this Policy:

• Payment processors: GCash, PayMaya, BPI, BDO, Metrobank, and other payment service providers, solely for the purpose of processing your financial transactions;
• Identity verification providers: Third-party KYC and age verification service providers engaged to verify your identity and comply with regulatory requirements;
• Fraud prevention and security partners: Service providers who assist PHJoint in detecting and preventing fraudulent activity and ensuring platform security;
• Regulatory and law enforcement authorities: PAGCOR, the National Privacy Commission, the Anti-Money Laundering Council (AMLC), and other competent authorities where disclosure is required by law or court order;
• IT and infrastructure providers: Cloud hosting, data storage, and technology service providers who process data on PHJoint's behalf under strict data processing agreements;
• Professional advisers: Lawyers, auditors, and consultants engaged by PHJoint in the course of its business operations, subject to professional confidentiality obligations.

All third parties with whom PHJoint shares personal data are required to handle such data in accordance with applicable data protection laws and PHJoint's data processing standards.

8 Data Retention

PHJoint retains your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

As a general guide, PHJoint applies the following retention periods:

• Account and identity data: Retained for the duration of your account and for a minimum of five (5) years following account closure, in accordance with PAGCOR and AMLC requirements;
• Transaction and financial data: Retained for a minimum of five (5) years from the date of the transaction, as required by anti-money laundering regulations;
• Customer support communications: Retained for three (3) years from the date of the interaction;
• Marketing preferences and consent records: Retained until you withdraw consent or for three (3) years from the last interaction, whichever is earlier;
• Technical and usage data: Retained for up to twelve (12) months from collection, unless required for longer periods for security or fraud investigation purposes.

Upon expiry of the applicable retention period, PHJoint will securely delete or anonymise your personal data in accordance with its data disposal procedures.

9 Data Security

PHJoint implements appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures include:

• SSL/TLS encryption for all data transmitted between your device and the PHJoint Platform;
• Encryption of sensitive data at rest, including financial information and identity documents;
• Role-based access controls limiting employee access to personal data on a strict need-to-know basis;
• Regular security audits, vulnerability assessments, and penetration testing;
• Multi-factor authentication requirements for account access and administrative systems;
• Incident response procedures for detecting, reporting, and managing personal data breaches.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, PHJoint will notify the National Privacy Commission and affected users in accordance with the requirements of the Data Privacy Act of 2012.

10 Cookies & Tracking Technologies

PHJoint uses cookies and similar tracking technologies to enhance your experience on the Platform, analyse usage patterns, and support security functions. The following types of cookies may be used:

• Strictly necessary cookies: Essential for the Platform to function correctly, including session management, login authentication, and security features. These cannot be disabled;
• Functional cookies: Used to remember your preferences, such as language settings and display options, to personalise your experience;
• Analytics cookies: Used to collect aggregated, anonymised data about how users interact with the Platform, helping PHJoint improve its services;
• Marketing cookies: Used to deliver relevant promotional content and track the effectiveness of PHJoint's marketing campaigns, where you have provided consent.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform. PHJoint does not use cookies to collect personal data for sale to third parties.

11 Your Data Privacy Rights

Under the Data Privacy Act of 2012 and applicable regulations, you have the following rights in relation to your personal data held by PHJoint:

• Right to be informed: The right to be notified of how your personal data is collected and processed, as set out in this Policy;
• Right of access: The right to request a copy of the personal data PHJoint holds about you;
• Right to rectification: The right to request correction of inaccurate or incomplete personal data;
• Right to erasure: The right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations;
• Right to object: The right to object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interests;
• Right to data portability: The right to receive your personal data in a structured, commonly used format and to transmit it to another controller where technically feasible;
• Right to withdraw consent: Where processing is based on consent, the right to withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact PHJoint's Data Protection Officer using the contact details in Section 15. PHJoint will respond to all verified requests within thirty (30) days. We may need to verify your identity before processing your request.

12 Minors & Age Verification

As part of the registration process, PHJoint requires all users to confirm that they are at least 21 years of age. PHJoint also conducts identity and age verification checks using government-issued identification documents. Where PHJoint discovers that personal data has been collected from a person under the age of 21, it will take immediate steps to delete that data and close the associated account.

If you believe that PHJoint has inadvertently collected personal data from a minor, please contact us immediately using the details in Section 15.

13 International Data Transfers

PHJoint primarily stores and processes personal data within the Philippines. In certain circumstances, personal data may be transferred to, stored in, or processed by service providers located in other countries, including for cloud hosting, IT support, or fraud prevention purposes.

Where personal data is transferred outside the Philippines, PHJoint ensures that appropriate safeguards are in place to protect your data, including contractual data processing agreements that impose data protection standards equivalent to those required under Philippine law. PHJoint will not transfer your personal data to countries that do not provide an adequate level of data protection without implementing appropriate safeguards.

14 Changes to This Privacy Policy

PHJoint reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data practices, legal obligations, or Platform features. The date of the most recent revision is always displayed at the top of this page.

Where changes are material, PHJoint will notify registered users by email or through a prominent notice on the Platform prior to the changes taking effect. Your continued use of the Platform following notification of changes constitutes your acceptance of the revised Policy.

We encourage you to review this Policy periodically to stay informed about how PHJoint protects your personal data.

15 Contact & Complaints

If you have any questions, concerns, or requests regarding this Privacy Policy or PHJoint's handling of your personal data, please contact our Data Protection Officer:

Data Protection Officer — PHJoint

Email: [email protected]

General Support: [email protected]

PHJoint aims to respond to all data privacy requests and complaints within thirty (30) calendar days of receipt. If you are not satisfied with PHJoint's response, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines, which is the supervisory authority responsible for enforcing the Data Privacy Act of 2012.