Contents
- 1Introduction
- 2Data Controller
- 3Data We Collect
- 4How We Collect Data
- 5Legal Basis
- 6How We Use Your Data
- 7Data Sharing
- 8Data Retention
- 9Data Security
- 10Cookies & Tracking
- 11Your Rights
- 12Minors & Age Gating
- 13Cross-Border Transfers
- 14Policy Amendments
- 15Contact & Complaints
How to Read This Policy
This Privacy Policy applies to all personal data processed by 555ph in connection with your use of the 555ph.one platform, including account registration, gaming activity, payment transactions, customer support interactions, and marketing communications. It applies to all players accessing the platform from the Philippines or from any location where Philippine law applies to your data. References to "555ph," "we," "us," or "our" throughout this document refer to the operating entity of the 555ph platform. "You" and "your" refer to any person whose personal data is processed by 555ph.
1 Introduction
555ph is committed to protecting the privacy and personal data of every player who uses the platform. We understand that your personal information is sensitive and that you have a legitimate expectation that it will be handled with care, transparency, and strict adherence to the law.
This Privacy Policy is designed to give you a complete and honest account of how 555ph collects, uses, stores, and protects your personal data. It also explains the rights available to you as a data subject under Republic Act No. 10173, the Data Privacy Act of 2012 of the Philippines, and how to exercise those rights.
By registering a 555ph account or by continuing to use the 555ph platform, you acknowledge that you have read and understood this Privacy Policy. If you have any concerns about how your data is processed, please contact the 555ph Data Protection Officer using the contact details provided in Section 15 of this Policy.
2 Data Controller
For the purposes of the Data Privacy Act of 2012 and its implementing rules and regulations, 555ph is the Personal Information Controller (PIC) in respect of the personal data of its registered players and website visitors. As PIC, 555ph determines the purposes and means of processing your personal data and is responsible for ensuring that such processing is carried out lawfully, fairly, and transparently.
555ph has appointed a Data Protection Officer (DPO) who is responsible for overseeing the platform's compliance with applicable data privacy laws and regulations, handling data subject requests, and serving as the primary point of contact for data privacy matters. The DPO can be reached at the email address provided in Section 15 of this Privacy Policy.
3 Personal Data We Collect
555ph collects the following categories of personal data, limited to what is necessary for the stated purposes:
3.1 Registration & Identity Data
- Full legal name as it appears on government-issued identification
- Date of birth (for age verification — minimum 21 years of age required)
- Residential address in the Philippines (city, province, postal code)
- Email address (primary contact for account communications)
- Mobile phone number (for account verification and support)
- Chosen username
3.2 Identity Verification (KYC) Data
- Copies of government-issued Philippine identification documents (e.g., PhilSys national ID, passport, LTO driver's licence)
- Proof of address documents (e.g., utility bill, bank statement)
- Source of funds documentation, where required under applicable regulations
3.3 Financial & Transaction Data
- Payment method details — GCash number, PayMaya account, bank account details (BPI, BDO, Metrobank), or card details (Visa/Mastercard). Full card numbers are not stored by 555ph; card data is processed by certified PCI-DSS compliant third-party payment processors.
- Deposit and withdrawal transaction history
- Account balance at specific points in time, as required for regulatory record-keeping
3.4 Gaming Activity Data
- Game session logs — games played, bet amounts, outcomes, session start and end times
- Bonus activity — bonuses claimed, wagering progress, bonus expiry events
- Self-exclusion and responsible gaming tool usage history
3.5 Technical & Device Data
- IP address at time of login and during active sessions
- Device type, operating system, and browser type
- Geolocation data (country/region level only, derived from IP address)
- Session identifiers and authentication tokens
3.6 Communications Data
- Content and records of communications with 555ph customer support
- Records of marketing email opt-ins and opt-outs
- Feedback and survey responses, where voluntarily provided
Sensitive Personal Information
555ph does not intentionally collect sensitive personal information as defined under the Data Privacy Act of 2012 (e.g., health data, biometric data, political affiliation, religious beliefs) as part of its standard account registration or gaming operations. Where identity verification requires document submission, documents are reviewed for the specific information needed (name, date of birth, address) and are retained in accordance with the data retention schedule in Section 8.
4 How We Collect Your Data
555ph collects personal data through the following channels and mechanisms:
- Directly from you — when you register an account, complete KYC verification, make a deposit or withdrawal, contact customer support, respond to a survey, or interact with any form on the 555ph platform.
- Automatically through platform use — when you log in, navigate the platform, or play games, technical data including IP address, device information, and session logs are collected automatically through server logs and cookies.
- From third-party payment processors — when you initiate a financial transaction, payment processors including GCash, PayMaya, and banking partners provide transaction confirmation data to 555ph necessary to process your deposit or withdrawal.
- From KYC and identity verification providers — 555ph may use third-party identity verification services to assist with the verification of KYC documents. These providers are subject to data processing agreements with 555ph and are not permitted to use your data for any purpose beyond identity verification.
- From fraud detection and security services — 555ph uses third-party services to detect fraudulent activity, including unusual login patterns, device fingerprinting, and IP reputation analysis. These services provide risk signals to 555ph but do not receive your full personal profile.
5 Legal Basis for Processing
555ph processes your personal data on the following lawful bases as recognised under the Data Privacy Act of 2012:
| Processing Activity | Legal Basis |
|---|---|
| Account registration and management | Performance of a contract (Terms & Conditions) |
| Age and identity verification (KYC) | Legal obligation; legitimate interest |
| Processing deposits and withdrawals | Performance of a contract |
| Anti-money laundering (AML) compliance | Legal obligation (AMLA, PAGCOR requirements) |
| Responsible gaming monitoring | Legal obligation; legitimate interest |
| Fraud prevention and security | Legitimate interest; legal obligation |
| Customer support communications | Performance of a contract; legitimate interest |
| Marketing communications (email/SMS) | Consent (with opt-out available at any time) |
| Platform analytics and improvement | Legitimate interest (anonymised/aggregated data) |
| Regulatory reporting to PAGCOR/NPC | Legal obligation |
6 How We Use Your Personal Data
555ph uses your personal data for the following specific purposes, consistent with the legal bases identified in Section 5:
6.1 Account Administration
To create and maintain your 555ph account, authenticate your identity on login, manage your session security, process KYC verification, and communicate with you regarding account status, security alerts, and important platform notices.
6.2 Financial Transaction Processing
To process deposit and withdrawal transactions through your chosen payment method (GCash, PayMaya, BPI, BDO, Metrobank, Visa/Mastercard), maintain transaction records as required under applicable laws, and investigate and resolve payment disputes.
6.3 Regulatory Compliance
To fulfil 555ph's obligations under applicable gaming regulations, anti-money laundering laws, and data privacy regulations — including verification of player identity and age, monitoring for suspicious financial activity, maintaining required records, and reporting to PAGCOR and other regulatory authorities where legally obligated.
6.4 Responsible Gaming
To identify and respond to potentially problematic gaming behaviour, enforce self-exclusion decisions, implement deposit and loss limits requested by players, and maintain records of responsible gaming tool usage as required under applicable regulations.
6.5 Platform Security & Fraud Prevention
To protect the platform and its players against fraud, account takeover, collusion, bonus abuse, and other prohibited activities. This includes analysis of login patterns, device fingerprinting, IP reputation analysis, and transaction monitoring.
6.6 Customer Support
To respond to your support requests, investigate complaints, and maintain records of support interactions for quality assurance and audit purposes.
6.7 Marketing Communications
Where you have provided consent, to send you promotional communications about 555ph's current offers, new game releases, and platform updates by email or SMS. You may withdraw consent for marketing communications at any time by following the unsubscribe instructions in any marketing email or by updating your communication preferences in your Account settings.
6.8 Platform Improvement
To analyse aggregated, anonymised usage data to understand how players interact with the platform, identify areas for improvement, and develop new features. Individual players are not identified in such analytics.
7 Sharing Your Personal Data
555ph does not sell, rent, or trade your personal data to any third party. We share your personal data only in the following limited circumstances:
- Payment processors — GCash, PayMaya, BPI, BDO, Metrobank, and Visa/Mastercard payment networks, for the purpose of processing your financial transactions. These processors are bound by their own privacy policies and applicable payment industry standards (PCI-DSS).
- KYC and identity verification providers — third-party service providers engaged to assist with document verification and age confirmation, under strict data processing agreements that limit their use of your data to the contracted purpose.
- Fraud detection and security providers — third-party services that assist 555ph in detecting and preventing fraudulent activity. These providers receive limited technical data (IP addresses, device identifiers) and not your full personal profile.
- Regulatory and law enforcement authorities — PAGCOR, the National Privacy Commission, the Anti-Money Laundering Council (AMLC), law enforcement agencies, and courts where disclosure is required by law, regulation, court order, or legal process.
- Professional advisers — lawyers, auditors, and accountants bound by professional confidentiality obligations, where access is necessary to provide professional services to 555ph.
- Business transfers — in the event of a merger, acquisition, or sale of all or a material part of 555ph's business, your personal data may be transferred to the successor entity, subject to equivalent privacy protections. You will be notified of any such transfer and your options in that event.
No Sale of Personal Data
555ph does not sell, license, or otherwise commercially exploit your personal data to third parties for advertising, profiling, or marketing purposes. This applies regardless of whether such data is individually identifiable or aggregated.
8 Data Retention
555ph retains your personal data for as long as is necessary to fulfil the purposes for which it was collected, to comply with legal and regulatory obligations, and to resolve disputes. The following retention periods apply as general guidelines:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration data | Duration of account + 5 years post-closure | Regulatory requirement (gaming/AML) |
| KYC identity documents | Duration of account + 5 years post-closure | AMLA, PAGCOR regulations |
| Financial transaction records | 10 years from transaction date | AMLA, tax law obligations |
| Gaming activity logs | 5 years from session date | PAGCOR regulatory requirements |
| Customer support records | 3 years from last interaction | Legitimate interest; dispute resolution |
| Marketing consent records | Until consent is withdrawn + 1 year | DPA consent requirement |
| Technical/device logs | 12 months from collection | Security; fraud detection |
| Self-exclusion records | Duration of exclusion + 5 years | Responsible gaming obligations |
At the end of the applicable retention period, personal data is securely deleted or anonymised so that it can no longer be attributed to an identified or identifiable individual.
9 Data Security
555ph implements appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, alteration, and unlawful disclosure. These measures include, but are not limited to:
- 256-bit SSL/TLS encryption for all data in transit between your device and 555ph servers.
- Encryption at rest for sensitive data categories including passwords (stored using one-way cryptographic hash functions), KYC documents, and financial records.
- Access controls — access to your personal data by 555ph staff is restricted to those with a documented business need, on a least-privilege basis. All access to personal data systems is logged and audited.
- Two-factor authentication available to players for account login security, and mandatory for 555ph staff accessing internal systems containing personal data.
- Regular security assessments — 555ph conducts periodic security reviews, vulnerability assessments, and penetration testing of its platform infrastructure.
- Incident response procedures — 555ph maintains a documented data breach response procedure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, 555ph will notify the National Privacy Commission within 72 hours of becoming aware of the breach and will notify affected players without undue delay.
While 555ph implements robust technical security measures, no online platform can provide absolute guarantees of security. You play an important role in your own data security by protecting your account credentials, enabling two-factor authentication, and notifying 555ph immediately of any suspected unauthorised access to your account.
10 Cookies & Tracking Technologies
555ph uses cookies and similar tracking technologies on its platform. Cookies are small text files stored on your device that help the platform function correctly, remember your preferences, and provide security features.
10.1 Essential Cookies
These cookies are strictly necessary for the operation of the 555ph platform. They enable core functions such as user authentication, session management, security features, and fraud detection. Essential cookies cannot be disabled without fundamentally impairing your ability to use the platform.
10.2 Functional Cookies
These cookies enable personalisation features — remembering your language preference, game lobby layout, and other personal settings across sessions. Functional cookies improve your experience but are not strictly required for the platform to operate.
10.3 Analytics Cookies
555ph uses anonymised analytics data to understand how players navigate the platform and to identify opportunities for improvement. Analytics data is aggregated and does not identify individual players. You may opt out of analytics cookies through your browser settings or cookie preference controls.
10.4 Managing Cookies
You can manage cookie preferences through your browser settings. Most modern browsers allow you to view, delete, and block cookies from specific websites. Please note that disabling essential cookies will affect your ability to log in and use the 555ph platform. Detailed instructions for managing cookies are available in your browser's help documentation.
11 Your Data Subject Rights
As a data subject under the Data Privacy Act of 2012 of the Philippines, you have the following rights in relation to your personal data processed by 555ph. To exercise any of these rights, please contact the 555ph Data Protection Officer using the details in Section 15. 555ph will respond to all verified data subject requests within thirty (30) calendar days of receipt.
Right to Access
Request a copy of the personal data 555ph holds about you, along with information about how it is used and shared.
Right to Rectification
Request correction of inaccurate or incomplete personal data. Some corrections may require re-verification of identity.
Right to Erasure
Request deletion of your personal data where it is no longer necessary for the purposes collected, subject to legal retention obligations.
Right to Block / Restriction
Request restriction of processing your personal data while accuracy is disputed or where processing is unlawful but you prefer restriction over erasure.
Right to Object
Object to processing based on legitimate interest grounds, including profiling for marketing purposes. Marketing opt-outs are honoured immediately.
Right to Data Portability
Receive a copy of your personal data in a structured, commonly used, machine-readable format, where technically feasible.
Right to Withdraw Consent
Withdraw consent for processing activities based on consent at any time, without affecting the lawfulness of processing prior to withdrawal.
Right to Complain
Lodge a complaint with the National Privacy Commission (NPC) if you believe 555ph has processed your personal data in breach of the Data Privacy Act of 2012.
12 Minors & Age Gating
The 555ph platform is strictly intended for use by persons aged 21 years or older, in accordance with the minimum age requirement set by PAGCOR for online gaming in the Philippines. 555ph does not knowingly collect personal data from individuals under the age of 21.
If 555ph discovers or has reasonable grounds to believe that personal data has been collected from a person under 21 years of age without appropriate KYC verification, it will immediately suspend the relevant Account, initiate age verification procedures, and — if the player is confirmed to be under 21 — permanently close the Account and delete the associated personal data, subject only to any legally required retention obligations.
If you believe that a person under 21 years of age has registered an Account on 555ph, please contact the 555ph Data Protection Officer immediately at the contact details provided in Section 15.
21+ Requirement — No Exceptions
The 21+ minimum age requirement is a hard regulatory requirement under PAGCOR rules. 555ph enforces this requirement through KYC document verification for all accounts seeking to make withdrawals. Any account holder discovered to be under 21 years of age will have their account permanently closed immediately, with no exceptions.
13 Cross-Border Data Transfers
In some circumstances, your personal data may be transferred to and processed in countries outside the Philippines — for example, where 555ph uses cloud infrastructure, fraud detection services, or game software providers whose servers are located outside the Philippines. Where such transfers occur, 555ph ensures that appropriate safeguards are in place to protect your personal data to a standard equivalent to that required under the Data Privacy Act of 2012.
Safeguards for cross-border transfers may include contractual data processing agreements incorporating the standard data protection clauses approved by the National Privacy Commission, transfer to jurisdictions that have been assessed as providing adequate data protection standards, or binding corporate rules where the recipient is part of a corporate group.
For details of specific cross-border transfers affecting your personal data, or to obtain a copy of the safeguards in place, please contact the 555ph Data Protection Officer.
14 Amendments to This Privacy Policy
555ph reserves the right to update this Privacy Policy from time to time to reflect changes in applicable law, regulatory requirements, or our data processing practices. The effective date at the top of this page will always indicate when the most recent version came into force.
Where amendments are material — meaning they significantly affect your rights or the way your personal data is processed — 555ph will notify you by email to your registered address and/or by posting a prominent notice on the platform no less than fourteen (14) days before the amendments take effect. For minor clarificatory changes that do not materially affect your rights, the Privacy Policy may be updated immediately with the revised effective date noted at the top of this page.
Your continued use of the 555ph platform after the effective date of any amendment constitutes your acknowledgement of the revised Privacy Policy. If you do not accept the amended Privacy Policy, you must cease using the platform and contact 555ph to request closure of your Account.
15 Contact & Data Subject Complaints
For all data privacy enquiries, data subject right requests, or complaints regarding 555ph's handling of your personal data, please contact the 555ph Data Protection Officer using the details below. All requests must be submitted in writing. 555ph will acknowledge receipt of your request within five (5) business days and will provide a substantive response within thirty (30) calendar days.
Data Protection Officer, 555ph
Email: [email protected]
Platform: 555ph.one
Response Time: Within 30 calendar days of receipt
If you are dissatisfied with 555ph's response to your data privacy complaint, you have the right to escalate the matter to the National Privacy Commission (NPC) of the Philippines, which is the competent supervisory authority for data protection matters under the Data Privacy Act of 2012.
For questions regarding your gaming account, responsible gaming tools, or terms of service, please also refer to the Terms & Conditions and Responsible Gaming pages of this site.