At phfin, your personal data is handled with the same care we put into every part of the platform. This Privacy Policy explains exactly what we collect, why we collect it, how we use it, and what rights you have under Philippine law.
The most important things to know about how phfin handles your data
phfin's data practices comply fully with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its implementing rules. A designated Data Protection Officer oversees all data processing activities on the platform.
phfin collects only the personal data that is strictly necessary for Account management, KYC verification, payment processing, fraud prevention, and regulatory compliance. We do not collect data for its own sake.
phfin does not sell, rent, or trade your personal data to third-party marketers or data brokers. Your information is shared only with service providers who help us operate the platform, and only under strict data processing agreements.
As a data subject under Philippine law, you have the right to access, correct, delete, and port your personal data. You also have the right to object to certain processing activities. phfin will respond to all data subject requests within 15 business days.
All data transmitted between your device and phfin is encrypted using TLS 1.2 or higher. Stored personal data is protected by AES-256 encryption, access controls, and regular security audits conducted by independent third parties.
phfin uses cookies and similar technologies to keep you logged in, remember your preferences, and analyze platform usage. You can manage cookie preferences through your browser settings. Essential cookies cannot be disabled as they are required for the platform to function.
Complete data privacy notice for phfin Casino players and platform visitors
Important: This Privacy Policy applies to all personal data collected by phfin Casino ("phfin", "we", "us", "our") through the phfin.org website and platform. By registering an Account or using the phfin platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use the phfin platform.
phfin Casino operates the online gaming platform accessible at phfin.org, directed at players located in the Philippines. phfin acts as the data controller for all personal data collected through the platform, meaning we determine the purposes and means of processing your personal information.
phfin has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with the Philippine Data Privacy Act of 2012 (RA 10173) and this Privacy Policy. You may contact the DPO at any time using the details provided in Section 16 of this Policy.
phfin is committed to processing personal data lawfully, fairly, and transparently, and to implementing appropriate technical and organizational measures to protect the personal data of all players and platform visitors.
When you create a phfin Account, we collect: full legal name, date of birth, Philippine residential address, email address, mobile phone number, and a username of your choosing. This information is required to create and maintain your Account.
To comply with Philippine anti-money laundering regulations and PAGCOR requirements, phfin collects copies of government-issued identification documents (e.g., PhilSys National ID, passport, driver's license, SSS/GSIS ID, PRC ID, Voter's ID), proof of address documents, and โ where required โ source of funds documentation. Biometric data embedded in government IDs (such as photographs) is processed solely for identity verification purposes.
phfin collects transaction data including deposit amounts, withdrawal requests, payment method identifiers (e.g., GCash mobile number, bank account name), and transaction timestamps. phfin does not store full bank account numbers, debit card numbers, or GCash PINs. Payment processing is handled by regulated payment service providers under their own security standards.
phfin records your gaming activity on the platform, including games played, wager amounts, game outcomes, session durations, and bonus usage. This data is used for Account management, dispute resolution, responsible gaming monitoring, and regulatory reporting.
When you access phfin, we automatically collect: IP address, device type and operating system, browser type and version, screen resolution, referring URL, pages visited, session duration, and click-path data. This information is collected via server logs and cookies as described in Section 9.
If you contact phfin support via live chat, email, or any other channel, we retain records of those communications including the content of messages, timestamps, and the resolution of any issues raised. This data is used for quality assurance, dispute resolution, and staff training.
Where you have opted in to receive marketing communications from phfin, we record your consent and your stated preferences regarding communication channels and content types. You may withdraw marketing consent at any time as described in Section 10.
phfin collects personal data through the following means:
phfin uses the personal data it collects for the following purposes:
Under the Philippine Data Privacy Act of 2012, phfin processes your personal data on the following legal bases:
phfin shares personal data with carefully selected third-party service providers who assist in operating the platform. These include payment processors (GCash, PayMaya, banking partners), KYC verification providers, fraud detection services, cloud hosting providers, and customer support software vendors. All service providers are bound by data processing agreements that restrict their use of your data to the specific services they provide to phfin.
To deliver games on the phfin platform, certain technical data (such as player session tokens and wager data) is shared with licensed game providers. Game providers are not permitted to use this data for any purpose other than delivering the game session to the phfin platform.
phfin may disclose personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), or other Philippine government authorities where required by law, court order, or regulatory direction. phfin will notify affected players of such disclosures where legally permitted to do so.
In the event of a merger, acquisition, or sale of all or part of phfin's business, personal data held by phfin may be transferred to the acquiring entity as part of that transaction. phfin will notify affected players via registered email prior to any such transfer and will ensure the acquiring entity is bound by privacy obligations no less protective than those in this Policy.
phfin does not sell, rent, or otherwise transfer your personal data to third-party marketers, data brokers, or any other commercial entity for their own marketing or commercial purposes. This prohibition applies regardless of compensation offered.
7.1 Some of phfin's service providers โ including cloud hosting and game delivery infrastructure โ may be located outside the Philippines. Where personal data is transferred to a country that does not provide an equivalent level of data protection to the Philippines, phfin implements appropriate safeguards including contractual clauses approved by the National Privacy Commission and technical security measures to protect your data during and after transfer.
7.2 By using the phfin platform, you acknowledge that your personal data may be transferred to and processed in countries outside the Philippines, subject to the safeguards described above.
8.1 phfin retains personal data for as long as your Account is active and for a period of five (5) years following Account closure, in compliance with PAGCOR record-keeping requirements and Philippine AMLA obligations.
8.2 KYC documentation is retained for a minimum of five (5) years from the date of the last transaction on your Account, as required by the Anti-Money Laundering Act.
8.3 Gaming activity records are retained for five (5) years for regulatory compliance and dispute resolution purposes.
8.4 Marketing consent records are retained for the duration of your Account and for three (3) years following Account closure or withdrawal of consent, whichever is later, to demonstrate compliance with consent requirements.
8.5 Where retention beyond these periods is required by a specific legal obligation, court order, or ongoing regulatory investigation, phfin will retain the relevant data until that obligation is fulfilled.
8.6 Upon expiry of the applicable retention period, personal data is securely deleted or anonymized in accordance with phfin's data destruction procedures.
Cookies are small text files placed on your device when you visit the phfin platform. They allow the platform to recognize your device, remember your preferences, and collect usage data. phfin also uses similar technologies including web beacons, pixel tags, and local storage objects.
You can manage non-essential cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. Note that blocking essential cookies will prevent you from logging in to your phfin Account. For detailed instructions on managing cookies in your specific browser, refer to your browser's help documentation.
Under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data held by phfin:
To exercise any of these rights, submit a written request to phfin's Data Protection Officer using the contact details in Section 16. phfin will respond within fifteen (15) business days of receiving a valid request. We may request proof of identity before processing your request.
11.1 The phfin platform is strictly intended for individuals aged twenty-one (21) years and older. phfin does not knowingly collect personal data from persons under the age of 21.
11.2 Age verification is conducted as part of the KYC process for all registered Accounts. Where phfin discovers that an Account has been registered by or on behalf of a person under 21 years of age, the Account will be immediately closed, all balances forfeited, and the personal data of the minor deleted in accordance with applicable law.
11.3 If you believe that phfin has inadvertently collected personal data from a person under 21 years of age, please contact the DPO immediately using the details in Section 16 so that appropriate action can be taken without delay.
12.1 phfin implements a comprehensive set of technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, and destruction. These measures include:
12.2 While phfin takes all reasonable steps to protect your personal data, no online platform can guarantee absolute security. You are responsible for maintaining the confidentiality of your phfin Login credentials and for notifying phfin immediately if you suspect unauthorized access to your Account.
13.1 In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected players, phfin will notify the National Privacy Commission (NPC) within seventy-two (72) hours of becoming aware of the breach, in accordance with NPC Circular No. 16-03.
13.2 Where a breach is likely to result in a high risk to affected players โ for example, where sensitive personal data such as KYC documents or financial data is compromised โ phfin will also notify affected players directly via their registered email address without undue delay.
13.3 Breach notifications to players will include: a description of the nature of the breach, the categories and approximate number of players affected, the likely consequences of the breach, and the measures phfin has taken or proposes to take to address the breach and mitigate its effects.
14.1 The phfin platform may contain references to third-party game providers and payment services. These third parties operate under their own privacy policies, which phfin does not control. phfin is not responsible for the data practices of third-party services accessed through or in connection with the phfin platform.
14.2 phfin recommends that you review the privacy policies of any third-party service providers whose services you use in connection with your phfin Account, including your chosen payment provider (GCash, PayMaya, or your bank).
15.1 phfin may update this Privacy Policy from time to time to reflect changes in our data practices, applicable law, or regulatory requirements. Where changes are material, phfin will notify registered players via email to the address on file at least seven (7) days before the updated Policy takes effect.
15.2 The effective date at the top of this document indicates when the current version of the Privacy Policy came into force. The most current version is always available at phfin.org/privacy-policy.
15.3 Your continued use of the phfin platform after the effective date of any update constitutes your acknowledgment of the revised Privacy Policy. If you do not accept the updated Policy, you must cease using the platform and may request Account closure in accordance with the phfin Terms & Conditions.
For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data by phfin, please contact our Data Protection Officer:
You also have the right to lodge a complaint with the National Privacy Commission of the Philippines if you believe your data privacy rights have been violated:
Your data is protected, your identity is secure, and your privacy is our priority. Join thousands of Filipino players who trust phfin Casino for a safe, fair, and exciting gaming experience. 21+ only.
Explore phfin Casino21+ only ยท PAGCOR guidelines apply ยท Gambling is addictive. Know when to stop.