goldph Privacy Policy

1. About This Privacy Policy

This Privacy Policy ("Policy") governs the collection, use, storage, disclosure, and protection of personal data by goldph ("goldph", "we", "us", "the Platform") in connection with the operation of the goldph online gaming platform accessible at goldph.vip and all associated services provided under the goldph brand.

This Policy applies to all individuals who interact with goldph in any capacity, including registered players, prospective players who browse goldph.vip without registering, and individuals who contact goldph's customer support channels. By accessing goldph.vip or registering a goldph account, you acknowledge that you have read and understood this Policy and consent to the processing of your personal data as described herein.

This Policy forms part of goldph's Terms & Conditions and should be read in conjunction with that document, available at goldph.vip/terms-conditions.

2. Who We Are — Personal Information Controller

goldph is the Personal Information Controller (PIC) as defined under the Data Privacy Act of 2012 and its Implementing Rules. goldph determines the purpose and means of processing the personal data collected through the goldph Platform and is responsible for ensuring that such processing is conducted lawfully, fairly, and transparently.

goldph operates under a PAGCOR license authorizing it to offer online gaming services to eligible Philippine residents. goldph is also registered with the National Privacy Commission (NPC) of the Philippines as required for personal information controllers processing sensitive personal information.

For all data protection inquiries and formal data subject requests, please contact goldph's Data Protection Officer using the contact details provided in Section 14 of this Policy.

3. Personal Data We Collect

goldph collects personal data through several collection points. The categories of personal data collected, and the primary collection method for each, are described below.

Sensitive Personal Information: Government-issued ID numbers and financial account details constitute sensitive personal information under the Data Privacy Act. goldph processes these categories with heightened security controls and strictly limited access.

4. Legal Basis for Processing

goldph processes personal data only where a lawful basis exists under the Data Privacy Act of 2012. The lawful bases goldph relies upon for each category of processing are as follows:

• Contractual Necessity: Processing required to perform the contract between goldph and the registered player — including account creation, game access, transaction processing, and support provision.
• Legal Obligation: Processing required to comply with applicable Philippine laws — including PAGCOR licensing conditions, the Anti-Money Laundering Act (Republic Act No. 9160 as amended), and NPC registration and data breach notification requirements.
• Legitimate Interests: Processing for fraud prevention, platform security, responsible gaming monitoring, and service improvement — where such processing does not override the data subject's rights and freedoms.
• Consent: Processing for marketing communications, optional platform features, and any processing not covered by the above bases — where goldph obtains your explicit, informed, and freely given consent prior to processing.

Where goldph relies on consent as its lawful basis, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.

5. How goldph Uses Your Personal Data

goldph uses the personal data it collects for the following specific purposes:

• Account Registration and Management: Creating and maintaining your goldph account, verifying your identity and age (21+), and managing your account settings and preferences.
• KYC and Regulatory Compliance: Completing mandatory PAGCOR-required Know Your Customer verification and meeting all applicable Philippine regulatory obligations, including Anti-Money Laundering Act reporting requirements.
• Transaction Processing: Processing deposits and withdrawals via GCash, PayMaya, BPI, BDO, Metrobank, and other approved Philippine payment channels, and maintaining accurate financial records of all account transactions.
• Game Service Delivery: Providing access to and recording of gaming sessions across all goldph game categories including live casino, slots, Bingo, Bird Catcher, and Teen Patti Joker.
• Customer Support: Responding to inquiries, resolving disputes, and providing technical assistance through goldph's 24/7 support channels.
• Fraud Prevention and Platform Security: Detecting, investigating, and preventing fraudulent transactions, money laundering, prohibited conduct, and unauthorized access to goldph accounts.
• Responsible Gaming: Monitoring gaming patterns to identify potential problem gambling indicators; administering deposit limits, self-exclusion requests, and cooling-off periods; and fulfilling goldph's responsible gaming obligations under PAGCOR requirements.
• Marketing Communications: Sending promotional offers, platform updates, and relevant communications to players who have consented to receive such messages. Players may opt out of marketing communications at any time through account settings or by contacting support.
• Platform Improvement: Analyzing aggregated, anonymized usage data to improve the goldph Platform, optimize game performance, and enhance the user experience for Filipino players.

6. Disclosure of Personal Data to Third Parties

6.1 No Sale of Personal Data. goldph does not sell, rent, or trade your personal data to any third party for their own marketing or commercial purposes. This is an absolute commitment.

6.2 Authorized Disclosures. goldph discloses personal data to third parties only in the following circumstances:

• Payment Service Providers: GCash (G-Xchange Inc.), PayMaya (Voyager Innovations Inc.), and participating Philippine banks (BPI, BDO, Metrobank) receive financial data necessary to process deposits and withdrawals. These providers are bound by their own regulatory obligations under Bangko Sentral ng Pilipinas supervision.
• Game Content Providers: Third-party game studios and live dealer platform providers receive anonymized player session data necessary to deliver game content. These providers operate under data processing agreements with goldph and may not use player data for their own purposes.
• Regulatory Authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), the Bureau of Internal Revenue (BIR), and other Philippine government agencies receive data when required by applicable law, court order, or regulatory mandate. goldph will comply with all lawful regulatory data requests.
• Service Providers: IT infrastructure providers, security auditors, and legal advisors who process data on goldph's behalf under binding data processing agreements with appropriate security and confidentiality obligations.

6.3 Business Transfers. In the event of a merger, acquisition, or sale of goldph's business, personal data may be transferred to the successor entity. goldph will provide notice of such transfer and the successor entity will be bound by the obligations of this Privacy Policy.

7. Cookies and Tracking Technologies

goldph uses cookies and similar tracking technologies on goldph.vip to ensure the platform functions correctly and to improve your experience. The categories of cookies used by goldph are described below.

• Strictly Necessary Cookies: These cookies are required for the goldph Platform to function. They enable core features such as user authentication (keeping you logged in to your goldph account), session security tokens, and load balancing. These cookies cannot be disabled without impairing platform functionality.
• Functional Cookies: These cookies remember your preferences — such as your language setting, preferred game category, and responsible gaming settings — to provide a personalized experience on your return visits to goldph.vip.
• Analytics Cookies: goldph uses anonymized analytics data to understand how users navigate the Platform. Analytics data is aggregated and does not identify individual players. goldph uses this data solely to improve platform performance and user experience.
• Security Cookies: These cookies support goldph's fraud prevention and security systems by helping detect unusual access patterns and account activity.

You may configure your browser to refuse or delete cookies. Note that disabling strictly necessary cookies will impair your ability to use the goldph Platform, including the ability to log in to your goldph account.

8. Data Security

goldph implements comprehensive technical and organizational security measures to protect personal data against unauthorized access, disclosure, alteration, and destruction. These measures include but are not limited to:

• Encryption in Transit: All data transmitted between your device and goldph servers is encrypted using TLS 1.3 with 256-bit encryption.
• Encryption at Rest: Sensitive personal data stored on goldph systems — including identity documents and financial account details — is encrypted using AES-256 encryption.
• Access Controls: Personal data is accessible only to goldph personnel and authorized third-party processors with a documented legitimate need. Role-based access controls are enforced and access logs are maintained.
• Security Audits: goldph conducts regular vulnerability assessments and penetration tests. Material security vulnerabilities identified during audits are subject to mandatory remediation timelines.
• Incident Response: goldph maintains a documented personal data breach response procedure. In the event of a personal data breach that creates a risk to the rights and freedoms of affected players, goldph will notify the NPC within seventy-two (72) hours of becoming aware of the breach, and will notify affected players without undue delay, in accordance with the Data Privacy Act and NPC Circular No. 16-03.
• Personnel Security: All goldph personnel with access to personal data are subject to confidentiality obligations and receive regular data protection training.

While goldph takes all reasonable precautions to protect your personal data, no internet transmission or electronic storage system is completely secure. Players are encouraged to maintain strong, unique credentials for their goldph accounts and to enable two-factor authentication.

9. Data Retention

goldph retains personal data for as long as necessary to fulfil the purposes described in this Policy and to comply with applicable legal and regulatory obligations. The retention periods applicable to each category of personal data are as follows:

On expiry of the applicable retention period, goldph will securely delete or anonymize personal data in a manner that prevents identification of the data subject.

10. Your Rights as a Data Subject

Under the Data Privacy Act of 2012, goldph players have the following rights in relation to their personal data. These rights may be exercised by contacting goldph's Data Protection Officer as described in Section 14.

goldph will respond to all data subject requests within fifteen (15) Philippine business days of receipt. In cases of complexity or high volume, goldph may extend this period by a further thirty (30) days with written notice to the requesting data subject.

11. Children's Privacy — 21+ Policy

goldph does not knowingly collect personal data from individuals under the age of twenty-one (21). The goldph Platform is strictly intended for adults meeting the Philippine minimum legal gambling age requirement of 21, as prescribed by PAGCOR regulations.

goldph requires mandatory age verification as part of the KYC registration process. Any account found to belong to a person under 21 years of age will be immediately suspended, all transactions will be voided, and the matter will be reported to PAGCOR as required by regulatory guidelines.

If you believe that goldph has inadvertently collected personal data from a person under 21, please contact goldph's Data Protection Officer immediately using the contact details in Section 14. goldph will promptly investigate and, where confirmed, delete the relevant data and close the associated account.

12. Cross-Border Data Transfers

goldph's primary data processing infrastructure is located within the Philippines. However, certain third-party game content providers and technology service providers may process data in other jurisdictions as part of service delivery.

Where personal data is transferred outside of the Philippines, goldph ensures that such transfers are subject to appropriate safeguards in accordance with NPC requirements, including contractual data transfer agreements that impose equivalent data protection standards on the receiving party. goldph does not transfer personal data to jurisdictions that do not provide adequate protection for personal data without implementing appropriate safeguards.

13. Amendments to This Privacy Policy

goldph reserves the right to amend this Privacy Policy at any time to reflect changes in applicable law, PAGCOR regulatory requirements, NPC guidelines, or goldph's data processing practices. Material amendments will be communicated to registered players via email notification to the registered account email address and via a prominent notice on goldph.vip, with a minimum of fourteen (14) days' notice before the amendments take effect.

Continued use of the goldph Platform following the effective date of any amendment constitutes acceptance of the amended Privacy Policy. The current version of this Policy and its effective date are displayed at the top of this page. Prior versions of this Privacy Policy are available upon request from goldph's Data Protection Officer.

14. Data Protection Officer

goldph has appointed a Data Protection Officer (DPO) as required under the Data Privacy Act of 2012 and NPC Circular No. 16-01. The DPO is responsible for overseeing goldph's compliance with data protection obligations and serving as the primary point of contact for data subject requests and regulatory inquiries.

To exercise any of your data subject rights, submit a formal data protection complaint, or make any inquiry regarding this Privacy Policy, please contact goldph's Data Protection Officer through the following channels:

• DPO Email: [email protected] — Subject line: "Data Subject Request — [Your Account Username]" (plain text — not a clickable link)
• Live Chat: Available 24/7 on the goldph Platform — request to speak with the Data Protection team
• Response Time: Within 15 Philippine business days of receipt

15. Complaints to the National Privacy Commission

If you are not satisfied with goldph's response to a data subject request or data protection complaint, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines — the independent supervisory authority responsible for enforcing the Data Privacy Act of 2012.

goldph encourages players to contact goldph's Data Protection Officer in the first instance to allow goldph the opportunity to resolve the concern directly. However, this does not affect your right to approach the NPC directly at any time.

The NPC's contact information and complaint procedures are available on the NPC's official website. goldph cooperates fully with all NPC investigations and inquiries.