866ph Privacy Policy
At 866ph, your privacy is not an afterthought — it is a foundational commitment. This Privacy Policy explains exactly what personal data we collect from you, why we collect it, how we use and protect it, and the rights you hold over it under Philippine law.
Table of Contents
What 866ph Pledges on Data Protection
Your Data, Protected by Law
866ph processes your personal data in full compliance with the Philippine Data Privacy Act of 2012 (RA 10173) and the implementing rules issued by the National Privacy Commission (NPC).
128-Bit SSL Encryption
All data transmitted between your device and 866ph's servers is encrypted using 128-bit SSL — the same standard used by major Philippine banks including BPI, BDO, and Metrobank.
No Sale of Personal Data
866ph does not sell, rent, or trade your personal data to third parties for their own marketing purposes. Your information is used solely to operate, improve, and secure the 866ph platform.
Full Data Subject Rights
As a Filipino data subject, you have rights of access, correction, erasure, portability, and objection over your personal data held by 866ph — exercisable at any time through your account or our support team.
Purpose-Limited Retention
866ph retains your personal data only for as long as is necessary for the purposes for which it was collected, including legal obligations under PAGCOR, AML regulations, and the Philippine Tax Code.
Strict Minimum Data Principle
866ph collects only the personal data that is genuinely necessary for the specific purpose it is needed. We do not collect data speculatively or in anticipation of a future need that has not yet materialised.
Introduction and Controller Identity
This Privacy Policy ("Policy") is issued by 866ph ("we," "us," "our," or the "Company"), the operator of the online gaming platform available at 866ph.vip (the "Platform"). 866ph acts as the data controller in respect of personal data collected from users ("you," "your," or "data subject") of the Platform.
This Policy describes how 866ph collects, uses, stores, shares, and protects personal data in connection with your use of the Platform, and explains the rights available to you as a data subject under the Data Privacy Act of 2012 (Republic Act No. 10173, or "DPA") and its Implementing Rules and Regulations issued by the National Privacy Commission of the Philippines (the "NPC").
By registering for an account or using any 866ph service, you acknowledge that you have read and understood this Policy. This Policy should be read in conjunction with the Terms and Conditions and the Responsible Gaming Policy, both of which are incorporated by reference.
Governing Law
This Policy is governed by the Data Privacy Act of 2012 (RA 10173), its Implementing Rules and Regulations, and all applicable NPC issuances. Where the Platform serves users in other jurisdictions, 866ph will also apply the appropriate local data protection standards as required.
Personal Data We Collect
866ph collects personal data across several categories depending on how you interact with the Platform. The following table sets out the categories of personal data collected and the context in which each category arises:
| Category | Data Elements | When Collected |
|---|---|---|
| Registration Data | Mobile number, date of birth, password (hashed) | At account creation |
| Identity Verification (KYC) | Full legal name, government-issued ID type and number, ID images, selfie or liveness check | During KYC verification |
| Financial Data | GCash/Maya wallet numbers, bank account details (last four digits), transaction amounts, deposit and withdrawal history | When processing payments |
| Gaming Activity | Game history, bet amounts, win/loss records, session durations, bonus redemption records | During Platform use |
| Technical Data | IP address, device type and OS, browser type, session timestamps, geolocation (city-level) | Automatically on access |
| Communications Data | Live chat transcripts, support ticket records, SMS communications | When contacting support |
| Responsible Gaming Data | Deposit limits set, self-exclusion elections, session time alerts configured | When using responsible gaming tools |
866ph does not intentionally collect sensitive personal information as defined under the DPA (such as racial or ethnic origin, religious beliefs, health data, or biometric data used for identification) beyond what is strictly necessary for KYC compliance as required by PAGCOR and applicable AML regulations.
How We Collect Your Data
866ph collects your personal data through the following channels:
3.1 Directly from You
You provide personal data directly when you register for an 866ph account, complete KYC verification, make a deposit or withdrawal, contact our support team, or configure your account settings including responsible gaming preferences.
3.2 Automatically Through Platform Use
When you access and use the 866ph Platform, we automatically collect technical data including your IP address, device identifiers, browser type, operating system, session timestamps, and general geolocation information. This data is collected via server logs, session tracking systems, and cookies as described in Section 9 of this Policy.
3.3 From Third-Party Service Providers
866ph may receive data about you from third-party service providers in the following limited circumstances: payment processors (GCash, Maya, GrabPay, and banking partners) provide transaction verification data; identity verification providers supply verification status results; and fraud detection partners may provide risk-scoring information based on publicly available data or data shared with their networks.
Legal Basis for Processing
Under the Data Privacy Act of 2012, 866ph is required to have a lawful basis for each category of personal data processing. The legal bases on which 866ph relies are as follows:
- Contractual Necessity: Processing required to fulfil the agreement between you and 866ph as set out in the Terms and Conditions — including account management, payment processing, game delivery, and customer support.
- Legal Obligation: Processing required to comply with applicable Philippine law and regulatory requirements, including PAGCOR obligations, Anti-Money Laundering Act (AMLA) requirements, and NPC data protection obligations.
- Legitimate Interests: Processing for 866ph's legitimate business interests where those interests are not overridden by your rights — including fraud prevention, platform security, and responsible gaming monitoring.
- Consent: For non-essential marketing communications and optional platform features where consent is the appropriate legal basis. You may withdraw consent at any time without affecting the lawfulness of processing based on other grounds.
How 866ph Uses Your Personal Data
866ph uses the personal data it collects for the following specific purposes:
5.1 Account and Service Delivery
To create and manage your 866ph account; process deposits, withdrawals, and game wagers; deliver the gaming products and services you access; and provide customer support through our live chat and other communication channels.
5.2 Identity Verification and Compliance
To verify your identity and age (21+ requirement) in compliance with PAGCOR requirements; to fulfil KYC and AML obligations under the Anti-Money Laundering Act and implementing rules; and to comply with any court orders or regulatory directions from the NPC, PAGCOR, or AMLC.
5.3 Security and Fraud Prevention
To protect the 866ph Platform and its members from fraud, account compromise, money laundering, and other illegal activity; to detect and investigate suspicious account activity; and to enforce the 866ph Terms and Conditions.
5.4 Responsible Gaming
To monitor gaming activity for signs of problem gambling behaviour; to give effect to deposit limits, loss limits, session alerts, and self-exclusion requests made by members; and to fulfil responsible gaming obligations under PAGCOR's framework. Gaming activity data is also used to identify members who may benefit from responsible gaming intervention.
5.5 Platform Improvement and Analytics
To analyse aggregated usage patterns to improve Platform performance, game selection, and user experience; to diagnose technical issues; and to assess the effectiveness of promotional campaigns. Where used for analytics, data is aggregated and de-identified to the extent practicable.
5.6 Marketing Communications (with Consent)
Where you have given your consent, to send you promotional offers, bonus notifications, and relevant updates about new games or features at 866ph via SMS to your registered mobile number. You may opt out of marketing communications at any time by contacting our support team or adjusting your account preferences.
Disclosure and Sharing of Personal Data
866ph does not sell your personal data to any third party. We share personal data only in the limited circumstances described below, and only to the extent necessary for each specific purpose:
- Gaming Technology Providers: Third-party game suppliers (including but not limited to Evolution Gaming, JILI, Pragmatic Play, and PG Soft) receive the minimum necessary data to deliver their games to your account. These providers are bound by contractual data processing obligations consistent with this Policy.
- Payment Processors: GCash, Maya, GrabPay, and Philippine banking partners receive the data necessary to process deposits and withdrawals to and from your account. These entities operate under their own regulatory requirements and privacy policies.
- Identity Verification Providers: Third-party KYC service providers receive the identity documents and biometric data necessary to verify your identity in accordance with PAGCOR and AMLA requirements. These providers are accredited and subject to data processing agreements with 866ph.
- Regulatory and Law Enforcement Authorities: 866ph will disclose personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission, or law enforcement agencies where required by applicable Philippine law, court order, or legitimate regulatory investigation.
- Professional Advisers: Lawyers, auditors, and compliance consultants engaged by 866ph may have access to personal data on a confidential basis where necessary for professional advice.
No Cross-Border Transfers Without Safeguards
Where personal data is transferred to a third party located outside the Philippines, 866ph implements appropriate safeguards including data processing agreements that impose data protection standards consistent with the DPA. See Section 12 (International Transfers) for further detail.
Data Retention
866ph retains personal data for the periods set out below, calculated from the later of account closure or the last relevant activity. These periods reflect the minimum retention obligations imposed by PAGCOR, the AMLC, and the NPC, as well as operational requirements:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account and Registration Data | 5 years after account closure | PAGCOR regulatory requirement |
| KYC and Identity Documents | 5 years after last transaction | AMLA (RA 9160, as amended) |
| Financial / Transaction Records | 5 years after transaction date | AMLA and Tax Code obligation |
| Gaming Activity Logs | 3 years after account closure | PAGCOR and dispute resolution |
| Support Communications | 3 years after last interaction | Legitimate interests / dispute resolution |
| Marketing Consent Records | Duration of consent plus 2 years | DPA consent record-keeping |
Upon expiry of the applicable retention period, personal data will be securely deleted or anonymised using industry-standard methods such that the data can no longer be associated with any identifiable individual.
Data Security Measures
866ph implements a layered information security programme designed to protect your personal data against unauthorised access, disclosure, alteration, destruction, or accidental loss. The technical and organisational measures in place include:
- Transport Encryption: All data transmitted between your device and 866ph's platform infrastructure is encrypted using TLS 1.2 or higher (128-bit SSL). The padlock in your browser's address bar confirms this encryption is active.
- Password Hashing: Account passwords are stored exclusively as salted cryptographic hashes (bcrypt). 866ph staff cannot view your password in any form, which is why lost passwords must be reset rather than retrieved.
- Access Controls: Access to personal data within 866ph's systems is restricted to staff who require it for their specific job function. Access is governed by role-based permissions and logged for audit purposes.
- Two-Factor Authentication: 866ph offers optional two-factor authentication (2FA) for member accounts. Members are encouraged to enable 2FA to add a second layer of security to their login process.
- Fraud Detection Systems: Automated systems monitor transaction patterns and login activity for indicators of fraudulent or suspicious behaviour, triggering alerts and manual review where necessary.
- Data Breach Response: 866ph maintains a documented data breach response procedure. In the event of a personal data breach that poses risk to data subjects, 866ph will notify the NPC within seventy-two (72) hours of becoming aware of the breach, and will notify affected data subjects without undue delay as required by the DPA.
While 866ph implements robust security measures, no digital system is completely impenetrable. You are responsible for maintaining the security of your own 866ph account credentials and for ensuring that you access the Platform through a secure, trusted device and connection.
Cookies and Tracking Technologies
The 866ph Platform uses cookies and similar tracking technologies to operate the Platform, improve your experience, and fulfil security and analytics functions. A cookie is a small text file stored on your device by your browser when you visit the Platform.
9.1 Essential Cookies
These cookies are strictly necessary for the Platform to function. They enable session management, login persistence (where you have selected "Remember Me"), and security features including CSRF protection. These cookies cannot be disabled without preventing the Platform from functioning correctly.
9.2 Analytical Cookies
866ph uses first-party analytics cookies to understand how the Platform is used — including which pages are visited most frequently, how long users spend on different sections, and what game categories attract the most engagement. This data is used in aggregated form to improve the Platform and is not used to profile individual members for marketing purposes.
9.3 Functional Cookies
Functional cookies remember your preferences — such as your preferred language, game category, and display settings — so that the Platform can provide a more personalised experience on subsequent visits. These cookies store no personal data beyond your stated preferences.
9.4 Managing Cookies
You may control or disable non-essential cookies through your browser settings. Most browsers allow you to block or delete cookies via their privacy or settings menus. Please note that disabling essential cookies will prevent you from logging in to your 866ph account or using key Platform functions.
Your Data Subject Rights
Under the Data Privacy Act of 2012, you hold the following rights in respect of your personal data held by 866ph. These rights may be exercised by contacting our Data Protection Officer (DPO) at the details in Section 14 of this Policy:
Right to Access
Request a copy of all personal data 866ph holds about you, and information about how it is being processed.
Right to Correction
Request correction of any inaccurate or incomplete personal data about you. Account holders can update basic profile data directly within their account settings.
Right to Erasure
Request deletion of your personal data where it is no longer necessary for the purposes it was collected, subject to overriding legal obligations (e.g., AML record-keeping requirements).
Right to Data Portability
Request a copy of your personal data in a structured, commonly used, machine-readable format for transfer to another service provider where technically feasible.
Right to Object
Object to processing of your data for direct marketing purposes or where processing is based on legitimate interests. Such objection will be honoured unless 866ph has compelling legitimate grounds.
Right to Restriction
Request restriction of processing in specific circumstances — for example, where accuracy is contested, while 866ph assesses an objection you have raised.
Right to Withdraw Consent
Where processing is based on your consent (e.g., marketing SMS), you may withdraw that consent at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint
File a complaint with the National Privacy Commission (NPC) of the Philippines if you believe 866ph has processed your data in violation of the Data Privacy Act.
Response Timeframes
866ph will acknowledge data subject rights requests within five (5) business days of receipt and will respond substantively within thirty (30) calendar days. Where a request is particularly complex or multiple requests have been submitted, the response period may be extended by a further thirty (30) days with prior notification.
Minors and the 21+ Age Requirement
866ph services are strictly intended for adults aged 21 years and older in accordance with PAGCOR regulations and Philippine law. 866ph does not knowingly collect personal data from persons under 21 years of age. Age is collected at registration through date of birth entry and is verified during the KYC process through government-issued identification.
In the event that 866ph discovers or has reasonable cause to believe that personal data of a person under 21 years of age has been collected — whether as a result of misrepresentation at registration or any other reason — 866ph will immediately suspend the relevant account, delete all associated personal data to the extent not required to be retained for legal compliance purposes, and report the matter to the relevant authorities as required by applicable law.
21+ Only — No Exceptions
If you are the parent or guardian of a person under 21 and believe they may have registered for an 866ph account, please contact our support team immediately via live chat. We will investigate and take immediate corrective action. Providing false age information at registration is a violation of 866ph's Terms and Conditions and may constitute fraud under Philippine law.
International Data Transfers
Some of 866ph's third-party service providers — particularly gaming technology providers and cloud infrastructure partners — may be located outside the Philippines. Where personal data is transferred to a country outside the Philippines, 866ph ensures that appropriate safeguards are in place to protect your personal data to a standard consistent with the DPA. These safeguards include:
- Data processing agreements incorporating the NPC's standard contractual clauses or equivalent protections
- Transfers only to recipients in countries or organisations that the NPC has recognised as providing adequate data protection
- Binding corporate rules or contractual mechanisms where the above standards are not otherwise satisfied
866ph will not transfer your personal data internationally unless at least one of the above safeguards is in place. If you require further information about the specific safeguards applicable to a particular international transfer, please contact our DPO using the details in Section 14.
Changes to This Privacy Policy
866ph reserves the right to update or amend this Privacy Policy at any time to reflect changes in applicable law, NPC guidance, PAGCOR regulatory requirements, or our data processing practices. All updates will be published on this page with a revised "Effective Date" at the top of the Policy.
Where a change is material — meaning it significantly affects how we process your personal data or the rights available to you — 866ph will provide advance notice of at least fourteen (14) days via notification on the Platform and/or SMS to your registered mobile number before the change takes effect. For non-material updates (such as clarifications of existing practices or administrative corrections), changes may take effect upon publication without prior notice.
Your continued use of the 866ph Platform after the effective date of any updated Policy constitutes your acknowledgement of the updated terms. If you do not agree with the updated Policy, you should discontinue use of the Platform and may request account closure in accordance with the Terms and Conditions.
Contact and Data Protection Officer
866ph has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with this Policy and with the Data Privacy Act of 2012. If you wish to exercise any of your data subject rights, have a question about how your personal data is processed, or wish to raise a privacy concern, please contact us through the following channels:
- Live Chat: Available 24 hours a day, 7 days a week at 866ph.vip — our fastest channel for urgent privacy matters
- Email (DPO): [email protected] — for formal data subject rights requests and privacy enquiries
- General Support: [email protected] — for general account queries that may involve personal data
All formal privacy requests submitted to the DPO should include your full name as registered with 866ph, your registered mobile number, and a clear description of the request or concern. Where requests concern sensitive matters (such as erasure or access to gaming history), 866ph may require additional identity verification before processing the request.
If you are dissatisfied with 866ph's response to your privacy concern, you have the right to file a complaint with the National Privacy Commission of the Philippines (NPC) at npc.gov.ph. This right exists independently of any rights you have under these Terms or our dispute resolution process.
This Privacy Policy was last reviewed and updated by the 866ph Data Protection Officer on 1 January 2026. The current version supersedes all prior versions of this Policy.
Play at 866ph With Complete Confidence in Your Privacy
866ph has built its privacy programme from the ground up to protect Filipino players' personal data. GCash deposits, gaming activity, and identity documents are all handled with industry-leading security and full DPA compliance. Register in under two minutes. 21+ only.