phyata Privacy Policy

This Privacy Policy ("Policy") describes how phyata ("phyata," "we," "us," or "our"), operator of the online casino and sports betting platform at phyata.org, collects, uses, stores, and protects the personal data of users ("you" or "Player") in accordance with Republic Act No. 10173, the Data Privacy Act of 2012 of the Philippines, its Implementing Rules and Regulations, and all applicable issuances of the National Privacy Commission (NPC). By registering on or using the phyata Platform, you acknowledge that you have read and understood this Policy.

1.1 This Policy applies to all personal data collected and processed by phyata in connection with the phyata Platform, including the website at phyata.org, all account services, game interfaces, payment processing functions, customer support channels, and any related communications sent by phyata to registered players.

1.2 This Policy should be read alongside phyata's Terms & Conditions and Responsible Gaming Policy, both of which are published on the phyata Platform and are incorporated into the overall user agreement framework.

1.3 phyata processes personal data only for the specific, legitimate purposes described in this Policy. We do not process personal data in a manner that is incompatible with those purposes, and we do not retain data beyond what is necessary to fulfill them.

2.1 For the purposes of the Data Privacy Act of 2012 and related regulations, phyata acts as the Personal Information Controller (PIC) in respect of the personal data collected and processed through the phyata Platform.

2.2 As the PIC, phyata determines the purposes and means of processing your personal data and is responsible for implementing appropriate technical and organizational security measures to protect it.

2.3 phyata has designated a Data Protection Officer (DPO) responsible for overseeing compliance with this Policy and applicable data protection law. You may contact the DPO regarding any data privacy matter using the contact details provided in Section 16 of this Policy.

phyata collects the following categories of personal data in connection with the provision of its services. The collection of certain data is mandatory for regulatory compliance and account operation; other data is collected on an optional basis to improve the Platform experience.

3.1 phyata does not intentionally collect sensitive personal information as defined under the Data Privacy Act (such as health data, religious beliefs, or political affiliations) unless specifically required by applicable law or regulation and with your explicit consent.

phyata collects personal data through the following means:

4.1 Direct Collection

Information you provide when you register a phyata Account, complete identity verification, make a deposit or withdrawal request, contact customer support, respond to a survey, or participate in a promotion. This includes forms completed on the Platform and documents submitted for KYC purposes.

4.2 Automated Technical Collection

Data collected automatically when you access the phyata Platform, including IP addresses, device identifiers, browser information, and session activity. This is collected through server logs, cookies, and similar technologies described in Section 8 of this Policy.

4.3 Third-Party Sources

phyata may receive identity verification data from regulated KYC service providers, fraud signals from payment processors such as GCash or Maya, and publicly available information used for regulatory compliance purposes — for example, politically exposed person (PEP) screening and anti-money laundering (AML) checks.

phyata processes your personal data on one or more of the following legal grounds, as applicable to the specific processing activity:

• Contract Performance: Processing necessary to perform the contract between phyata and you — including account registration, game play, payment processing, and customer support services.
• Legal Obligation: Processing required to comply with applicable law, including PAGCOR regulatory requirements, the Anti-Money Laundering Act (AMLA), and data retention obligations under Philippine law.
• Legitimate Interests: Processing necessary for phyata's legitimate business interests, including fraud prevention, security monitoring, responsible gaming program administration, and platform analytics — where such interests are not overridden by your privacy rights.
• Consent: Processing based on your freely given, specific, informed, and unambiguous consent — for example, for optional marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.

phyata uses your personal data for the following purposes:

6.1 Account & Service Operation

• Registering and managing your phyata Account;
• Verifying your identity and age (21+ requirement) as required by PAGCOR;
• Processing deposits and withdrawals via GCash, Maya, BDO, BPI, and other supported Philippine payment methods;
• Providing access to games, live dealer tables, bingo rooms, fish shooting arcades, and the sportsbook;
• Crediting and administering bonuses, promotions, and loyalty rewards.

6.2 Security, Fraud Prevention & Compliance

• Detecting, investigating, and preventing fraudulent transactions, money laundering, and unauthorized account access;
• Conducting PEP screening and AML checks as required under Philippine anti-money laundering regulations;
• Complying with legal obligations, regulatory directives, and court orders;
• Maintaining audit trails for regulatory inspection by PAGCOR and other competent authorities.

6.3 Responsible Gaming

• Administering deposit limits, session limits, and self-exclusion requests;
• Monitoring account activity to identify patterns consistent with problem gambling and triggering appropriate intervention measures;
• Applying and enforcing self-exclusion across the phyata Platform.

6.4 Platform Improvement & Analytics

• Analyzing usage patterns to improve Platform performance, navigation, and game offerings;
• Troubleshooting technical issues and monitoring system health;
• Understanding which game categories and features are most valued by Filipino players.

6.5 Marketing Communications

Where you have consented to receive marketing communications, phyata may send you information about promotions, new games, special offers, and platform updates via SMS to your registered Philippine mobile number or email. You may opt out of marketing communications at any time by updating your preferences in Account Settings or by contacting phyata customer support.

phyata shares personal data with third parties only where necessary and on a strictly controlled basis. The categories of recipients are as follows:

• Payment Processors: GCash (G-Xchange, Inc.), Maya (Voyager Innovations, Inc.), BDO, BPI, Metrobank, and other licensed Philippine financial institutions — for the purpose of processing deposits and withdrawals. These entities are bound by their own regulatory obligations and privacy policies.
• KYC & Identity Verification Providers: Third-party service providers that assist phyata in verifying the identity and age of Players as required by PAGCOR and AML regulations.
• Game Content Providers: Licensed game studios and providers (such as JILI, PG Soft, and others) whose games are integrated into the phyata Platform. These providers may receive anonymized or session-level technical data necessary to deliver gameplay.
• Regulatory Authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other competent Philippine government agencies — where disclosure is required by law, court order, or regulatory directive.
• Technology & Infrastructure Partners: Cloud hosting providers, cybersecurity services, and IT support contractors who process data on phyata's behalf under binding data processing agreements that require them to maintain confidentiality and security standards at least equivalent to those in this Policy.
• Professional Advisors: Lawyers, auditors, and compliance consultants where necessary for legal, financial, or regulatory purposes and subject to professional confidentiality obligations.

phyata does not sell, rent, or license your personal data to any party for their own commercial or marketing purposes under any circumstances.

8.1 The phyata Platform uses cookies and similar technologies to enable core functionality, improve security, and understand how players use the Platform.

8.2 phyata uses the following categories of cookies:

• Strictly Necessary Cookies: Required for the Platform to function. These include session authentication cookies, security tokens, and fraud prevention identifiers. These cannot be disabled without breaking core Platform functionality.
• Functional Cookies: Remember your preferences, such as preferred game categories, language settings, and responsible gaming configurations, so you don't have to re-enter them on every visit.
• Analytics Cookies: Collect anonymized data about how you navigate the Platform — which pages you visit, how long you stay, and which features you interact with — to help phyata improve the user experience.
• Security & Fraud Detection Cookies: Assist phyata in identifying unusual or suspicious activity, detecting multiple account registrations from the same device, and protecting the integrity of the Platform.

8.3 Most web browsers allow you to control cookies through their settings. Disabling cookies may impair the functionality of the phyata Platform, including the ability to log in or maintain a session. phyata does not currently support Do Not Track (DNT) browser signals.

9.1 phyata retains your personal data for as long as is necessary to fulfill the purposes described in this Policy, including compliance with legal obligations, resolution of disputes, and enforcement of agreements.

9.2 The following general retention periods apply:

• Active Account Data: Retained for the duration of your Account plus any mandatory post-closure retention period required by applicable law.
• KYC and Identity Records: Retained for a minimum of five (5) years following Account closure, in compliance with AMLA and PAGCOR record-keeping requirements.
• Financial Transaction Records: Retained for a minimum of five (5) years following the date of each transaction, as required by Philippine financial regulations.
• Customer Support Communications: Retained for two (2) years following resolution of the relevant support interaction, unless retention is required for ongoing legal proceedings.
• Marketing Preferences: Retained until you withdraw consent or request deletion, subject to any mandatory retention obligations.

9.3 When data is no longer required to be retained, phyata will securely delete or irreversibly anonymize it in accordance with industry-standard data destruction procedures.

10.1 phyata implements appropriate technical and organizational security measures designed to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These measures include but are not limited to:

• 256-bit SSL/TLS encryption for all data transmitted between your device and the phyata Platform;
• Encrypted storage of sensitive data, including passwords (stored as salted cryptographic hashes) and financial account identifiers;
• Access controls ensuring that personal data is accessible only to phyata staff and contractors who require access to perform their duties;
• Regular security audits and penetration testing by independent cybersecurity specialists;
• Intrusion detection systems and real-time monitoring of Platform infrastructure for anomalous activity;
• Two-factor authentication (2FA) available to all phyata Account holders and required for all phyata staff accounts.

10.2 In the event of a personal data breach that is likely to adversely affect your rights and freedoms, phyata will notify you and the National Privacy Commission (NPC) within the timeframes required by the Data Privacy Act and its Implementing Rules.

10.3 No data transmission over the internet or electronic storage system can be guaranteed as completely secure. While phyata takes all reasonable precautions, we cannot guarantee absolute security. Players are encouraged to use strong, unique passwords and to enable 2FA on their phyata Accounts.

As a data subject under Republic Act No. 10173 (Data Privacy Act of 2012), you have the following rights in relation to your personal data held by phyata:

Exercising Your Rights

To exercise any of the rights listed above, please submit a written request to the phyata Data Protection Officer using the contact details in Section 16. phyata will respond to verified data subject requests within fifteen (15) working days from receipt. In complex cases, phyata may extend this period by a further fifteen (15) working days with notice to you.

phyata may require you to verify your identity before processing a data subject request to ensure that personal data is not disclosed to or modified by unauthorized persons. Requests from individuals who cannot be verified may not be actioned.

Right to Erasure — Important Limitations

Please note that the right to erasure ("right to be forgotten") is not absolute under Philippine law. phyata may be required to retain certain personal data — particularly KYC records, financial transaction data, and AML-related records — regardless of an erasure request, for the periods specified in Section 9 above and as mandated by applicable legal and regulatory obligations.

12.1 The phyata Platform is strictly restricted to individuals who are 21 years of age or older in accordance with PAGCOR regulations governing online gambling in the Philippines. phyata does not knowingly collect personal data from individuals under the age of 21.

12.2 All Account registrations require submission of a valid Philippine government-issued ID for age verification. Registration attempts that fail age verification are rejected and any data collected during the failed attempt is deleted within a reasonable period.

12.3 If phyata discovers that personal data has been collected from an individual under the age of 21 due to misrepresentation of age, phyata will immediately close the relevant Account, delete the personal data collected (subject to any mandatory legal retention obligations), and take appropriate action in accordance with applicable law and PAGCOR compliance procedures.

13.1 Some of the third parties with whom phyata shares personal data (as described in Section 7) may be located outside the Philippines, including cloud infrastructure providers and game content providers with servers in other jurisdictions.

13.2 Where personal data is transferred outside the Philippines, phyata ensures that appropriate safeguards are in place to protect your data, in accordance with the Data Privacy Act and NPC guidelines. These safeguards may include:

• Contractual clauses in agreements with overseas recipients requiring them to apply data protection standards at least equivalent to those required under Philippine law;
• Transfers to recipients in jurisdictions that the NPC has recognized as providing an adequate level of data protection;
• Binding corporate rules where the recipient is a member of a corporate group subject to group-wide data protection policies.

13.3 You may request information about specific cross-border transfers involving your personal data by contacting the phyata Data Protection Officer.

14.1 The phyata Platform may incorporate content from or integrations with third-party service providers, including game studios, payment processors, and analytics platforms. These third parties operate under their own privacy policies, which phyata does not control.

14.2 phyata is not responsible for the data practices of third-party service providers. Players are encouraged to review the privacy policies of any third-party services they interact with in connection with the phyata Platform.

14.3 The phyata Platform does not contain links to external websites for general browsing purposes. Any data collected by third-party services integrated into the Platform is governed by those parties' privacy policies and their contractual obligations to phyata as described in Section 7.

15.1 phyata reviews this Privacy Policy periodically and may update it to reflect changes in our data practices, applicable law, regulatory guidance from the NPC, or PAGCOR compliance requirements.

15.2 Where changes are material — such as changes to the categories of personal data collected, the purposes for which data is used, or the rights available to you — phyata will provide advance notice through the phyata Platform or by direct communication to your registered contact details, with a minimum notice period of fourteen (14) days before the changes take effect.

15.3 For non-material changes (such as typographical corrections or clarifications that do not alter the substance of this Policy), phyata may update the Policy without advance notice but will update the "Last Updated" date at the top of this document.

15.4 Continued use of the phyata Platform after the effective date of any updated Privacy Policy constitutes your acceptance of the revised Policy. If you do not accept the updated Policy, you should cease using the Platform and contact customer support to request Account closure.

If you have questions, concerns, or requests regarding this Privacy Policy or phyata's handling of your personal data, please contact the phyata Data Protection Officer:

• Live Chat: Available 24/7 through the phyata Platform (authenticated users receive priority DPO routing via the support team)
• Email: [email protected] — mark your message "Data Privacy Request" or "DPO" for routing to the correct team

phyata will acknowledge data privacy requests within three (3) business days and aims to resolve all requests within the statutory fifteen (15) working day period.

Complaints to the National Privacy Commission

If you believe that phyata has violated your rights under the Data Privacy Act of 2012 and you are not satisfied with our response to your complaint, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines. The NPC's contact information and complaint procedures are available on the NPC's official website.