phboss888 Privacy Policy

1 Introduction & Scope

phboss888 ("phboss888", "we", "us", "our") is committed to protecting the personal data of all individuals who use the phboss888 platform, accessible at phboss888.app and its associated interfaces. This Privacy Policy (the "Policy") describes our practices with respect to the collection, use, retention, disclosure, and protection of personal data.

This Policy applies to all personal data processed by phboss888 in connection with the operation of its online casino and sports betting platform — including information provided during account registration, identity verification, payment transactions, gaming activity, customer support interactions, and visits to the phboss888 website from any device, including smartphones commonly used by Filipino players across Metro Manila, Cebu, Davao, and other Philippine regions.

This Policy is drafted in accordance with Republic Act No. 10173, the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations (IRR), and the issuances of the National Privacy Commission (NPC) of the Philippines. phboss888 also observes applicable PAGCOR data-handling directives as part of its gaming regulatory obligations.

2 Data Controller

For the purposes of the Data Privacy Act of 2012, phboss888 acts as the Personal Information Controller (PIC) in respect of the personal data of its registered players and website visitors. As PIC, phboss888 determines the purpose and means of processing personal data collected through the platform.

Third-party service providers who process personal data on behalf of phboss888 pursuant to contractual arrangements — including payment processors, game content providers, and identity verification services — act as Personal Information Processors (PIP) and are bound by data processing agreements that impose obligations consistent with this Policy and the requirements of RA 10173.

3 Personal Data We Collect

phboss888 collects the categories of personal data described below. Collection is limited to what is necessary for the purposes stated in Section 6 of this Policy.

4 How We Collect Your Data

phboss888 collects personal data through the following means:

• Direct provision: Information you provide when creating a phboss888 account, completing KYC, submitting payment instructions, or contacting support;
• Automated platform collection: Technical data collected automatically when you access phboss888.app, including device identifiers, IP addresses, session logs, and browser characteristics via server-side logging and essential cookies;
• Third-party verification services: Identity and document verification data returned by phboss888's KYC service providers in response to verification requests initiated by your account submission;
• Payment processors: Transaction confirmation and status data returned by GCash, Maya, BPI, BDO, Metrobank, UnionBank, and other payment channels in connection with deposits and withdrawals you initiate;
• Game providers: Game session and wagering records transmitted by licensed game content providers integrated into the phboss888 platform.

5 Legal Basis for Processing

phboss888 processes personal data only where at least one valid legal basis under the Data Privacy Act of 2012 exists. The applicable bases are:

• Contractual necessity: Processing required to fulfil phboss888's obligations under the account agreement — including account management, payment processing, and game access;
• Legal obligation: Processing required to comply with PAGCOR regulatory requirements, the Anti-Money Laundering Act (AMLA), NPC data breach notification obligations, and other applicable Philippine law;
• Legitimate interests: Processing carried out in pursuit of phboss888's legitimate interests in fraud prevention, platform security, and service improvement, where such interests are not overridden by your rights and freedoms;
• Consent: Processing of optional marketing communications, where your explicit opt-in consent has been obtained and may be withdrawn at any time.

6 How phboss888 Uses Your Data

phboss888 uses the personal data it collects for the following purposes:

• Account creation and management: Registering your phboss888 account, maintaining your profile, resetting credentials, and managing your Royal VIP loyalty tier;
• Identity and age verification: Conducting KYC checks to confirm your identity and that you meet the 21+ age requirement as mandated by PAGCOR regulations. 21+
• Payment processing: Facilitating GCash deposits, Maya transactions, bank transfers, and withdrawal instructions through phboss888's integrated payment infrastructure;
• Anti-money laundering compliance: Monitoring transactions for suspicious activity and filing covered or suspicious transaction reports with the Anti-Money Laundering Council (AMLC) as required by law;
• Fraud detection and platform security: Identifying unauthorized access attempts, multi-accounting, collusion, and other forms of prohibited conduct using IP, device, and behavioral signals;
• Responsible gaming: Monitoring gaming activity patterns to identify signs of problem gambling behavior and to administer Player-requested responsible gaming tools such as deposit limits and self-exclusion;
• Customer support: Resolving queries, processing complaints, and maintaining records of support interactions;
• Platform improvement: Analyzing aggregated, anonymized usage data to improve platform performance, game selection, and user experience;
• Promotional communications: Sending relevant phboss888 promotions, bonus offers, and platform updates to Players who have opted in to receive marketing communications.

7 Data Sharing & Disclosure

phboss888 does not sell, rent, or trade personal data. Data is disclosed to third parties only in the following circumstances:

• Payment service providers: GCash (Mynt/Globe Fintech Innovations), Maya Philippines (Voyager Innovations), and partner banks receive the minimum transaction data necessary to process deposits and withdrawals;
• Identity verification providers: Third-party KYC and document verification service providers process identity and document data strictly for verification purposes under data processing agreements with phboss888;
• Licensed game content providers: Game providers such as Pragmatic Play, JILI, PG Soft, and others receive session identifiers and wager records required to operate game logic and calculate results;
• Regulatory authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other Philippine government bodies receive data where required by law, lawful order, or regulatory directive;
• Professional advisors: Legal counsel, auditors, and compliance consultants acting under professional confidentiality obligations;
• Business transfers: In the event of a merger, acquisition, or asset sale, personal data may be transferred to the acquiring entity subject to equivalent privacy protections and notification to affected Players.

All third-party processors engaged by phboss888 are subject to contractual data protection obligations and are prohibited from processing phboss888 player data for their own purposes.

8 International Data Transfers

Certain game content providers and technology service providers integrated with phboss888 operate servers and data processing facilities outside the Philippines. Where personal data is transferred internationally in connection with these services, phboss888 ensures that:

• The receiving jurisdiction provides an adequate level of data protection, or
• Appropriate contractual safeguards — including standard contractual clauses or equivalent data processing agreements — are in place to protect your personal data during transfer and processing.

phboss888 will not transfer your personal data to a jurisdiction that does not offer adequate legal protections without implementing the safeguards described above and, where required, obtaining prior approval from the National Privacy Commission.

9 Data Retention

phboss888 retains personal data for as long as necessary to fulfil the purposes described in this Policy and to comply with applicable legal, regulatory, and operational obligations. The following general retention periods apply:

Upon expiry of the applicable retention period, personal data is securely deleted or anonymized in a manner that prevents re-identification, unless a longer retention period is required by a specific legal obligation.

10 Data Security

phboss888 implements a comprehensive set of technical, organizational, and physical security measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures include:

• Transport encryption: All data transmitted between your device and phboss888 servers is encrypted using Transport Layer Security (TLS 1.2 or higher) with 256-bit encryption;
• Data-at-rest encryption: Sensitive personal data including identity documents and financial records is encrypted at rest using AES-256 or equivalent standards;
• Access controls: Personal data access within phboss888 is restricted on a need-to-know basis using role-based access controls. Employee access to player data is logged and audited;
• Two-factor authentication: Internal administrative systems that handle player personal data require multi-factor authentication;
• Security monitoring: phboss888 operates continuous security monitoring and intrusion detection systems for its player data environment;
• Data breach procedures: phboss888 maintains a documented data breach response procedure consistent with NPC Circular 16-03. In the event of a personal data breach affecting your rights and freedoms, phboss888 will notify the NPC within 72 hours of confirmed discovery and will notify affected players without undue delay.

Despite these measures, no digital platform can guarantee absolute security. You are also responsible for maintaining the security of your phboss888 account credentials and for using strong, unique passwords.

11 Cookies & Tracking Technologies

11.1 Types of Cookies Used

phboss888 uses the following categories of cookies and similar technologies:

• Essential session cookies: Required for platform functionality — maintaining your login state, storing game session tokens, and managing cart/wallet state across page loads. These cannot be disabled without impairing platform functionality.
• Security cookies: Used to detect and prevent fraudulent access, CSRF attacks, and unauthorized session manipulation.
• Performance and analytics cookies: Aggregated, anonymized data about how players navigate phboss888 is collected to identify performance issues and improve the platform. No personally identifying information is included in performance analytics.
• Preference cookies: Store your language, display, and notification preferences to personalize your phboss888 experience.

11.2 What phboss888 Does Not Use

phboss888 does not deploy third-party advertising trackers, social media pixels, or cross-site behavioral advertising technologies. Your phboss888 browsing data is not shared with advertising networks.

11.3 Managing Cookies

You may manage or delete non-essential cookies through your browser settings. Note that disabling essential session cookies will prevent you from logging in and using phboss888 platform features. For instructions on managing cookies in your browser — whether Chrome on Android, Safari on iOS, or desktop browsers commonly used in the Philippines — consult your browser's help documentation.

12 Your Data Privacy Rights

Under the Data Privacy Act of 2012, as a Philippine data subject you have the following rights in relation to your personal data held by phboss888:

13 Children & Minors

The phboss888 platform is strictly restricted to individuals who are twenty-one (21) years of age or older, consistent with PAGCOR regulations and Philippine gaming law. 21+ Only

phboss888 does not knowingly collect or process the personal data of individuals under 21 years of age. If phboss888 becomes aware that personal data of a minor has been collected — whether through misrepresentation during registration or otherwise — the relevant account will be immediately suspended, all associated data will be securely deleted, and any balances will be returned through the registered payment method after identity investigation is completed.

If you are a parent or guardian and believe that a minor in your care has registered an account on phboss888, please contact our Data Protection Officer immediately using the contact details in Section 17.

14 Marketing & Communications

With your consent, phboss888 may send promotional communications about bonuses, new games, Royal VIP program updates, sports betting offers, and other platform news via email or SMS to your registered contact details.

You may withdraw consent for marketing communications at any time by:

• Updating your communication preferences within your phboss888 account dashboard;
• Clicking the unsubscribe link in any phboss888 marketing email;
• Contacting phboss888 support via live chat and requesting removal from marketing lists.

Withdrawal of marketing consent will be processed within five (5) business days. Note that operational communications — such as transaction confirmations, security alerts, and account verification messages — are sent regardless of marketing consent status, as they are necessary for account management.

15 Third-Party Links

The phboss888 platform may contain references to or integrations with third-party services — including game providers, payment systems, and support tools. phboss888 is not responsible for the privacy practices of third-party services and their respective privacy policies govern the handling of any data you interact with directly on those platforms.

phboss888 encourages you to review the privacy notices of any third-party service you interact with in connection with your use of the phboss888 platform.

16 Changes to This Privacy Policy

phboss888 reserves the right to update this Privacy Policy from time to time to reflect changes in platform operations, applicable law, NPC guidance, or PAGCOR regulatory requirements. Material changes will be communicated to registered players via email to the address on file and/or via a notice on the phboss888 platform at least seven (7) days before the revised Policy takes effect, where practicable.

The current effective version of this Privacy Policy is always accessible at phboss888.app/privacy-policy. The "Last Updated" date at the top of this document indicates when the most recent revision was made. Your continued use of phboss888 following the effective date of a revised Policy constitutes acknowledgement of the updated terms.

17 Contact & Data Protection Officer

phboss888 has designated a Data Protection Officer (DPO) as required under RA 10173 and NPC regulations. The DPO is responsible for overseeing phboss888's data protection compliance program and serves as the primary point of contact for player privacy inquiries.

For privacy-related requests, concerns, or to exercise your data subject rights under RA 10173, please contact phboss888 through the following channels:

• Email: [email protected] (plain text — not a link; subject line: "Data Privacy Request")
• Live Chat: Available 24/7 within the phboss888 platform after login; state "Privacy Request" at the start of your inquiry
• Response Time: phboss888 will acknowledge receipt within 2 business days and respond fully within 15 business days

If you are not satisfied with phboss888's response to your privacy concern, you have the right to lodge a complaint with the National Privacy Commission of the Philippines (NPC). The NPC's complaint procedures and contact information are published on the NPC's official website.