phmerry Privacy Policy

This Policy applies to all personal data processed by phmerry in connection with the operation of the phmerry online gaming platform, including data collected through the website at phmerry.one, any associated mobile web interface, customer support communications, and related marketing activities.

This Policy does not apply to third-party websites, applications, or services that may be linked to or from the phmerry platform. phmerry is not responsible for the privacy practices of any third party, and we encourage you to review the privacy policies of any third-party services you access.

For the purposes of the Data Privacy Act of 2012 and PAGCOR regulations, phmerry acts as the Personal Information Controller (PIC) with respect to the personal data of its players and platform users. As PIC, phmerry determines the purposes and means of processing your personal data and is responsible for ensuring that your data is handled in compliance with applicable Philippine data protection law.

phmerry has designated a Data Protection Officer (DPO) responsible for overseeing compliance with this Policy and applicable data privacy law. Inquiries relating to data privacy may be directed to the phmerry support team as described in Section 13 of this Policy.

phmerry collects the following categories of personal data from players and platform users:

phmerry does not collect sensitive personal information as defined under the DPA (such as racial or ethnic origin, religious beliefs, health data, or political opinions) except where strictly required by PAGCOR regulations or applicable anti-money laundering law.

phmerry collects your personal data through the following means:

• Direct collection: Information you provide during account registration, KYC verification, deposit/withdrawal requests, customer support interactions, and promotional opt-ins;
• Automated collection: Technical and usage data collected automatically when you access and use the phmerry platform, including via cookies and similar technologies;
• Third-party sources: Identity verification and anti-fraud data from KYC/AML service providers; payment confirmation data from GCash, Maya, and banking partners; and, where applicable, publicly available data for fraud prevention purposes.

phmerry processes your personal data for the following purposes, each supported by a lawful basis under the Data Privacy Act of 2012:

• Account registration and management — necessary for the performance of the contract between you and phmerry;
• KYC and age verification — legal obligation under PAGCOR regulations and Philippine anti-money laundering laws (AMLA);
• Processing deposits and withdrawals — necessary for the performance of the contract;
• Fraud prevention and security monitoring — legitimate interest of phmerry and legal obligation;
• Regulatory compliance and reporting to PAGCOR — legal obligation;
• Customer support and dispute resolution — legitimate interest and contract performance;
• Personalising your platform experience — legitimate interest, with opt-out available;
• Sending promotional communications and offers — based on your consent, which may be withdrawn at any time;
• Platform analytics and improvement — legitimate interest of phmerry.

phmerry does not sell, rent, or trade your personal data to third parties for marketing purposes. phmerry may share your data with the following categories of recipients, strictly on a need-to-know basis:

• PAGCOR and regulatory authorities: As required by Philippine gaming regulations and applicable law;
• Anti-Money Laundering Council (AMLC): As required by the Anti-Money Laundering Act (AMLA) and related regulations;
• Payment processors: GCash, Maya, BPI, BDO, Metrobank, and other payment service providers, solely to facilitate your transactions;
• KYC and identity verification providers: Third-party services engaged to verify your identity and age in compliance with PAGCOR requirements;
• Game providers: JILI, Pragmatic Play, Evolution Gaming, PG Soft, and other licensed game studios, to the extent necessary to deliver game services and resolve disputes;
• IT and security service providers: Hosting, cloud, cybersecurity, and fraud detection providers engaged by phmerry under strict data processing agreements;
• Legal and professional advisers: Where required for legal proceedings, regulatory investigations, or professional advice.

All third parties with whom phmerry shares personal data are required to handle such data in compliance with applicable Philippine data privacy law and to implement appropriate security measures.

The phmerry platform uses cookies and similar tracking technologies to operate correctly, remember your preferences, and analyse platform usage. The following types of cookies are used:

• Essential cookies: Required for the platform to function — session authentication, security tokens, and load balancing. These cannot be disabled without impairing platform functionality;
• Functional cookies: Remember your language preferences, device settings, and login state for a more convenient experience;
• Analytical cookies: Collect anonymised data on how players navigate and use the platform, used to improve performance and user experience;
• Security cookies: Used to detect and prevent fraudulent login attempts and account takeover attacks.

You may manage cookie preferences through your browser settings. Please note that disabling essential cookies may prevent you from logging in or accessing certain features of the phmerry platform.

phmerry retains personal data for as long as is necessary for the purposes for which it was collected, subject to applicable legal and regulatory retention obligations. Specifically:

• Account and KYC data: Retained for a minimum of five (5) years following account closure, as required by PAGCOR regulations and the AMLA;
• Financial transaction data: Retained for a minimum of five (5) years in compliance with AMLA reporting obligations;
• Customer support records: Retained for three (3) years from the date of each interaction;
• Marketing preference data: Retained until you withdraw consent or request deletion, whichever is earlier;
• Technical and usage logs: Retained for up to twelve (12) months for security and fraud investigation purposes.

Following the expiry of applicable retention periods, phmerry will securely delete or anonymise your personal data in a manner that prevents reconstruction or re-identification.

phmerry implements appropriate technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and phmerry servers;
• At-rest encryption for sensitive data stored in phmerry's databases;
• Multi-factor authentication requirements for account access and administrative systems;
• Regular security audits and penetration testing;
• Role-based access controls limiting staff access to personal data on a strictly need-to-know basis;
• Incident response procedures for detecting, managing, and reporting personal data breaches in accordance with NPC (National Privacy Commission) notification requirements.

While phmerry takes all reasonable precautions, no method of electronic transmission or storage is completely secure. phmerry cannot guarantee absolute security against all potential threats and is not liable for breaches attributable to factors outside its reasonable control.

As a data subject under the Republic Act No. 10173 (Data Privacy Act of 2012), you have the following rights with respect to your personal data held by phmerry:

• Right to be Informed: The right to know how your data is being collected and processed — the purpose of this Policy;
• Right to Access: The right to request a copy of the personal data phmerry holds about you;
• Right to Rectification: The right to have inaccurate or incomplete personal data corrected;
• Right to Erasure / Right to be Forgotten: The right to request deletion of your personal data, subject to phmerry's legal retention obligations;
• Right to Object: The right to object to processing of your data for direct marketing purposes or where processing is based on legitimate interest;
• Right to Data Portability: The right to receive your personal data in a structured, commonly used format;
• Right to Lodge a Complaint: The right to file a complaint with the National Privacy Commission (NPC) if you believe your data privacy rights have been violated.

To exercise any of the above rights, please contact phmerry's support team as set out in Section 13. phmerry will respond to verified data subject requests within thirty (30) days. Note that certain rights may be limited where retention of data is required for legal, regulatory, or fraud prevention purposes.

The phmerry platform is strictly intended for individuals aged twenty-one (21) years and older. phmerry does not knowingly collect personal data from anyone under the age of 21. If phmerry becomes aware that it has collected personal data from an individual under 21 years of age, it will promptly delete such data, close the associated account, and, where required, report the matter to PAGCOR.

If you are a parent or guardian and believe that a minor has registered on the phmerry platform, please contact phmerry's support team immediately so that the account can be reviewed and closed.

phmerry reserves the right to update or amend this Privacy Policy at any time. Where material changes are made, phmerry will provide notice to registered players via email or platform notification at least seven (7) days before the changes take effect, except where immediate updates are required to comply with a legal or regulatory obligation.

The effective date of the current version of this Policy is indicated at the top of this page. Your continued use of the phmerry platform following the effective date of any revised Policy constitutes your acknowledgement of, and agreement to, the revised Policy.

For any questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data, please contact the phmerry Data Protection team:

• 24/7 Live Chat: Available directly within the phmerry platform
• Email: [email protected]
• Language: Support available in English and Filipino

For formal data privacy complaints or regulatory matters, you may also contact the National Privacy Commission (NPC) of the Philippines through their official channels.