Phyata Privacy Policy

1 Introduction

1.1 Phyata respects the privacy of every player who uses our platform and is committed to protecting personal data in accordance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its implementing rules and regulations, as enforced by the National Privacy Commission (NPC) of the Philippines.

1.2 This Privacy Policy describes the types of personal information Phyata collects from players and prospective players, the purposes for which that information is used, the circumstances under which it may be shared with third parties, and the rights available to data subjects under Philippine law.

1.3 This Privacy Policy should be read together with Phyata's Terms and Conditions, which govern the overall use of the Phyata platform. In the event of any conflict between this Privacy Policy and the Terms and Conditions on a privacy-related matter, this Privacy Policy shall prevail.

1.4 If you have any questions about this Privacy Policy or how Phyata handles your personal data, please contact our Data Protection Officer using the details provided in Section 15.

2 Data We Collect

2.1 Phyata collects the following categories of personal data from players and prospective players:

2.1 Identity and Registration Data

• Full legal name as it appears on your government-issued identification;
• Date of birth (used to verify that you meet the 21-year minimum age requirement);
• Gender;
• Nationality and country of residence;
• Username and account password (stored in encrypted form).

2.2 Contact Data

• Email address;
• Mobile phone number;
• Residential address, including barangay, city or municipality, province, and postal code.

2.3 Identity Verification (KYC) Data

• Copies of government-issued photo identification (e.g., Philippine passport, PhilSys National ID, SSS ID, UMID card, or driver's licence);
• Proof of address documents (e.g., utility bill, bank statement, or barangay certificate);
• Selfie or facial image submitted for identity verification purposes.

2.4 Financial and Transaction Data

• Deposit and withdrawal transaction records, including amounts, dates, and payment methods used;
• GCash or PayMaya account reference (registered name only — Phyata does not store full wallet credentials);
• Bank account name and last four digits where applicable for bank transfer transactions;
• Wagering history, including game type, stake amounts, and outcomes.

2.5 Technical and Usage Data

• IP address and approximate geolocation at the time of login and during active sessions;
• Device type, operating system, and browser information;
• Session duration, pages visited, and features used within the Phyata platform;
• Cookie identifiers and similar tracking data as described in Section 7.

2.6 Communications Data

• Records of communications between you and Phyata's customer support team, including chat transcripts and email correspondence;
• Feedback, complaints, and dispute records.

3 How We Collect Your Data

3.1 Phyata collects personal data through the following means:

• Directly from you — when you register an account, complete KYC verification, make a deposit or withdrawal, contact customer support, or participate in a promotion;
• Automatically — through cookies, server logs, and similar technologies when you access and use the Phyata platform (see Section 7);
• From third-party payment providers — when you initiate a deposit or withdrawal via GCash, PayMaya, BPI, BDO, or Metrobank, those providers may share transaction confirmation data with Phyata;
• From identity verification services — where Phyata uses a third-party KYC provider to assist with document verification, that provider may share verification results and associated data with Phyata;
• From regulatory authorities — Phyata may receive information from PAGCOR or other regulatory bodies in connection with compliance obligations.

4 How We Use Your Data

4.1 Phyata uses the personal data it collects for the following purposes:

4.2 Phyata will not use your personal data for any purpose that is incompatible with the purposes listed above without first obtaining your explicit consent or as otherwise required by law.

4.3 Where Phyata sends you promotional communications, you may opt out at any time by updating your communication preferences within your account settings or by contacting our support team. Opting out of marketing communications will not affect your ability to use the Phyata platform or receive essential account and transaction notifications.

5 Legal Basis for Processing

5.1 Phyata processes your personal data on the following legal bases under the Philippine Data Privacy Act of 2012:

• Contractual necessity: Processing is necessary to perform the contract between you and Phyata — specifically, to operate your account, process transactions, and provide access to games;
• Legal obligation: Processing is required to comply with applicable laws and regulations, including PAGCOR licensing requirements, anti-money laundering obligations, and tax reporting requirements;
• Legitimate interests: Processing is necessary for Phyata's legitimate interests in preventing fraud, ensuring platform security, and improving our services, provided those interests are not overridden by your rights and interests;
• Consent: Where Phyata relies on your consent as the legal basis for processing (e.g., for marketing communications), you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

6 Data Sharing and Disclosure

6.1 Phyata does not sell, rent, or trade your personal data to third parties for their own marketing purposes. Phyata may share your personal data with the following categories of recipients only to the extent necessary for the purposes described in this Privacy Policy:

• Payment service providers — GCash, PayMaya, BPI, BDO, and Metrobank, for the purpose of processing deposits and withdrawals;
• Identity verification providers — third-party KYC service providers engaged by Phyata to assist with document verification and age confirmation;
• IT and platform service providers — cloud hosting, data storage, and cybersecurity providers who process data on Phyata's behalf under strict data processing agreements;
• Regulatory and law enforcement authorities — PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other competent authorities where disclosure is required by law or court order;
• Professional advisers — lawyers, auditors, and accountants where necessary for legal, compliance, or financial reporting purposes.

6.2 All third-party service providers who process personal data on behalf of Phyata are required to do so only in accordance with Phyata's instructions and are bound by contractual obligations to maintain the confidentiality and security of your data.

7 Cookies & Tracking Technologies

7.1 Phyata uses cookies and similar tracking technologies on the phyata.com website and mobile application. Cookies are small text files stored on your device that help us recognise you, maintain your session, and improve your experience on the platform.

7.2 Phyata uses the following categories of cookies:

• Strictly necessary cookies: These are essential for the platform to function. They enable core features such as account login, session management, and security. These cookies cannot be disabled without affecting platform functionality;
• Functional cookies: These remember your preferences (such as language settings and display options) to provide a more personalised experience;
• Analytics cookies: These help Phyata understand how players use the platform — for example, which games are most popular and where players encounter difficulties. Analytics data is aggregated and anonymised where possible;
• Security cookies: These are used to detect and prevent fraudulent activity, including bot detection and session integrity checks.

7.3 Phyata does not use advertising or cross-site tracking cookies. We do not share cookie data with advertising networks or social media platforms.

7.4 You can manage cookie preferences through your browser settings. Please note that disabling strictly necessary cookies may prevent you from accessing certain features of the Phyata platform, including account login.

8 Data Retention

8.1 Phyata retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following general retention periods apply:

• Account and identity data: Retained for the duration of your account and for a minimum of five (5) years after account closure, in accordance with PAGCOR licensing requirements and anti-money laundering regulations;
• Transaction and financial data: Retained for a minimum of five (5) years from the date of the transaction, as required by the Anti-Money Laundering Act and applicable tax regulations;
• KYC documents: Retained for a minimum of five (5) years after account closure or the completion of the relevant transaction;
• Customer support communications: Retained for three (3) years from the date of the last communication;
• Technical and usage data: Retained for up to twelve (12) months, after which it is anonymised or deleted.

8.2 Where Phyata is required by law to retain data for a longer period, the statutory retention period will apply. Upon expiry of the applicable retention period, personal data will be securely deleted or anonymised.

9 Data Security

9.1 Phyata implements appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include:

• Transport Layer Security (TLS) encryption for all data transmitted between your device and the Phyata platform;
• Encryption of sensitive data at rest, including passwords and KYC documents;
• Role-based access controls limiting employee access to personal data on a need-to-know basis;
• Regular security assessments and penetration testing of the Phyata platform;
• Two-factor authentication (2FA) options for player accounts;
• Secure, access-controlled data centres for all server infrastructure.

9.2 While Phyata takes all reasonable steps to protect your personal data, no method of electronic transmission or storage is completely secure. Phyata cannot guarantee absolute security and encourages players to use strong, unique passwords and to enable two-factor authentication on their accounts.

9.3 In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, Phyata will notify the National Privacy Commission (NPC) within seventy-two (72) hours of becoming aware of the breach, and will notify affected players without undue delay, in accordance with the requirements of the Data Privacy Act of 2012.

10 Your Data Rights

10.1 Under the Philippine Data Privacy Act of 2012, you have the following rights in relation to your personal data held by Phyata:

• Right to be informed: You have the right to be informed about how your personal data is collected, used, and shared, as set out in this Privacy Policy;
• Right of access: You have the right to request a copy of the personal data Phyata holds about you, along with information about how it is being processed;
• Right to rectification: You have the right to request correction of any inaccurate or incomplete personal data held by Phyata. You may update certain account details directly through your account settings;
• Right to erasure: You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to Phyata's legal retention obligations;
• Right to object: You have the right to object to the processing of your personal data where Phyata relies on legitimate interests as the legal basis, or where your data is used for direct marketing purposes;
• Right to data portability: You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format, where technically feasible;
• Right to lodge a complaint: You have the right to lodge a complaint with the National Privacy Commission (NPC) if you believe that Phyata has processed your personal data in violation of the Data Privacy Act of 2012.

10.2 To exercise any of the rights listed above, please contact Phyata's Data Protection Officer using the details provided in Section 15. Phyata will respond to all valid requests within thirty (30) days of receipt. In complex cases, this period may be extended by a further thirty (30) days, and you will be notified accordingly.

11 Children's Privacy

11.1 The Phyata platform is strictly intended for adults aged 21 years and above. Phyata does not knowingly collect personal data from individuals under the age of 21.

11.2 If Phyata becomes aware that personal data has been collected from a person under the age of 21, that data will be deleted immediately and the associated account will be suspended. If you believe that a minor has registered on the Phyata platform, please contact our support team immediately.

11.3 Phyata implements age verification procedures during the registration process and as part of KYC verification to prevent underage access to the platform. These measures are in place to comply with PAGCOR regulations and to protect minors from the potential harms associated with online gaming.

12 International Data Transfers

12.1 Phyata's primary operations and data storage are based in the Philippines. In certain circumstances, personal data may be transferred to or processed by service providers located outside the Philippines — for example, cloud infrastructure providers or KYC verification services operating internationally.

12.2 Where personal data is transferred outside the Philippines, Phyata ensures that appropriate safeguards are in place to protect your data, including contractual clauses that require the recipient to apply data protection standards equivalent to those required under the Philippine Data Privacy Act of 2012.

12.3 By using the Phyata platform, you acknowledge and consent to the transfer of your personal data to countries outside the Philippines where necessary for the purposes described in this Privacy Policy, subject to the safeguards described above.

13 Third-Party Links

13.1 The Phyata platform may contain links to third-party websites or services, such as payment provider portals. This Privacy Policy applies only to the Phyata platform and does not cover the privacy practices of any third-party websites or services.

13.2 Phyata is not responsible for the privacy practices or content of any third-party websites. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Phyata platform.

14 Updates to This Privacy Policy

14.1 Phyata reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data practices, applicable law, or regulatory requirements. The most current version of this Privacy Policy will always be available at phyata.com/privacy-policy.

14.2 Where Phyata makes a material change to this Privacy Policy, we will notify registered players via their registered email address at least seven (7) days before the change takes effect, where reasonably practicable.

14.3 Your continued use of the Phyata platform after any update to this Privacy Policy constitutes your acceptance of the revised policy. If you do not agree to the revised Privacy Policy, you must stop using the platform and may close your account in accordance with the Terms and Conditions.

15 Contact Us

15.1 If you have any questions, concerns, or requests relating to this Privacy Policy or the way Phyata handles your personal data, please contact our Data Protection Officer using the details below:

15.2 You also have the right to lodge a complaint directly with the National Privacy Commission (NPC) of the Philippines if you believe your data privacy rights have been violated. The NPC is the government body responsible for enforcing the Data Privacy Act of 2012.