phdrem Privacy Policy

This Privacy Policy ("Policy") describes how phdrem ("phdrem," "we," "us," or "our") collects, processes, stores, shares, and protects personal information in connection with the operation of the phdrem online casino and sports betting platform, accessible at phdrem.co and any associated mobile-optimized interfaces or services (collectively, the "Platform").

phdrem is an online gaming platform primarily serving Filipino players across the Philippines — including Metro Manila, Cebu, Davao, and other cities and provinces nationwide. The personal data we process relates to registered Players and prospective users who interact with the Platform.

This Policy is issued in compliance with the Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 of the Philippines ("DPA"), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission ("NPC"). By registering for a phdrem account or using the Platform in any capacity, you consent to the collection and processing of your personal data as described in this Policy.

For the purposes of the Data Privacy Act of 2012 and applicable data protection regulations, phdrem acts as the Personal Information Controller (PIC) in respect of the personal data it processes about Players and Platform users.

Where phdrem engages third-party service providers to process personal data on its behalf — including payment processors, identity verification services, and cloud infrastructure providers — those providers act as Personal Information Processors (PIPs) and are contractually bound to process your data only in accordance with phdrem's instructions and applicable data protection law.

Questions or requests relating to the exercise of your data privacy rights, or any complaint regarding phdrem's handling of your personal data, should be directed to phdrem's Data Protection Officer (DPO). Contact information is provided in Section 15 of this Policy.

phdrem collects the following categories of personal data in connection with the operation of the Platform:

phdrem does not intentionally collect sensitive personal information (as defined under the DPA) beyond what is strictly necessary for identity verification and regulatory compliance purposes. Where the collection of sensitive information is unavoidable — for example, where a government-issued ID incidentally reveals an individual's blood type or marital status — such information is noted but not separately processed or used for any purpose beyond confirming the validity of the document.

phdrem collects personal data through the following methods:

• Direct collection from you: Information you provide when registering an account, completing KYC verification, making a deposit or withdrawal request, contacting customer support, or updating your account profile;
• Automated collection: Technical data collected automatically when you access the Platform, including IP address, device identifiers, browser type, and session activity logs. This data is collected via server logs, cookies, and similar tracking technologies described in Section 9;
• Third-party sources: Identity verification data confirmed through third-party KYC providers; payment confirmation data received from payment processors including GCash and partner banks; fraud and risk signals from fraud prevention service providers;
• Publicly available sources: Where permitted by law, phdrem may supplement account information using publicly available data to verify identity or assess fraud risk.

phdrem processes your personal data for the following purposes, each supported by a lawful basis under the Data Privacy Act of 2012:

phdrem does not use your personal data for purposes beyond those listed above without first obtaining your separate consent or establishing an alternative lawful basis. Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal.

phdrem does not sell, rent, or trade your personal data to third parties for commercial purposes. Your data may be shared in the following limited circumstances:

• Payment processors: Financial transaction data is shared with GCash, PayMaya, BPI, BDO, Metrobank, Visa, and Mastercard as necessary to process deposits and withdrawals;
• KYC and identity verification providers: Identity data is shared with third-party verification services to authenticate your identity as required by phdrem's anti-fraud and AML obligations;
• Fraud prevention and security providers: Technical and behavioral data may be shared with specialist fraud prevention services to detect and prevent unauthorized account access and financial crime;
• Cloud infrastructure and hosting providers: phdrem operates on cloud infrastructure; data is stored on servers managed by phdrem's technology providers under strict data processing agreements;
• Regulatory and law enforcement authorities: phdrem may disclose personal data to the National Privacy Commission, PAGCOR, the Anti-Money Laundering Council (AMLC), or other competent Philippine government authorities when required by law, court order, or regulatory demand;
• Legal advisors: Data may be shared with phdrem's legal representatives when necessary to defend legal claims or obtain legal advice, subject to confidentiality obligations.

All third parties who process personal data on behalf of phdrem are required to maintain at least the same level of data protection as phdrem itself, and are prohibited from using your data for any purpose other than those specified in their engagement with phdrem.

phdrem retains personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal and regulatory obligations, and to resolve disputes or enforce agreements.

• Active account data: Retained for the duration of your account relationship with phdrem plus a minimum of five (5) years after account closure, in compliance with AML record-keeping obligations;
• Financial transaction records: Retained for a minimum of five (5) years from the date of each transaction, as required by applicable Philippine AML and financial regulations;
• KYC verification documents: Retained for the duration of the account plus five (5) years post-closure;
• Support communications: Retained for three (3) years from the date of the last relevant interaction;
• Marketing consent records: Retained until consent is withdrawn, plus an additional period necessary to demonstrate compliance;
• Self-exclusion records: Retained indefinitely to prevent re-registration in breach of a self-exclusion commitment.

When data is no longer required, phdrem securely deletes or anonymizes it in accordance with its internal data disposal procedures.

phdrem implements appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, destruction, alteration, or disclosure. Key security measures include:

• 256-bit SSL/TLS encryption on all data transmitted between your device and the phdrem Platform — the same standard used by Philippine commercial banks for their online banking services;
• Encryption at rest for sensitive stored data including KYC documents and financial records;
• Access controls restricting internal access to personal data on a need-to-know basis, with role-based permissions and audit logging;
• Multi-factor authentication required for administrative access to systems holding personal data;
• Intrusion detection and monitoring systems operating continuously to identify and respond to security anomalies;
• Regular security assessments including penetration testing and vulnerability scanning of the Platform's infrastructure.

Despite these measures, no method of transmission over the internet or electronic storage is completely secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, phdrem will notify the National Privacy Commission within 72 hours of becoming aware of the breach, and will notify affected individuals without undue delay where required by the DPA.

phdrem uses cookies and similar tracking technologies on the Platform to enhance functionality, maintain session state, and support security operations. The following types of cookies are used:

• Strictly Necessary Cookies: Required for the Platform to function. These include session authentication cookies that keep you logged in while navigating between pages. These cookies cannot be disabled without impacting Platform functionality;
• Functional Cookies: Remember your language preferences, game settings, and display preferences to provide a consistent experience across sessions;
• Security Cookies: Used for fraud detection, bot mitigation, and to identify unusual login patterns that may indicate unauthorized access attempts;
• Analytics Cookies: Aggregate, anonymized data used to understand how Players interact with the Platform — which games are played most, which pages have high exit rates, and how the Platform performs across different devices and network conditions. Analytics data does not identify you as an individual.

phdrem does not use third-party advertising cookies or permit third-party advertising networks to place cookies on the Platform. You can manage cookie settings through your browser preferences. Disabling strictly necessary cookies may prevent you from using the Platform.

In compliance with PAGCOR's regulations for online casino-style gaming in the Philippines, phdrem strictly enforces a minimum age of 21 years for account registration. Age is confirmed at registration and further verified through the KYC process prior to any withdrawal being processed.

If phdrem becomes aware that personal data has been collected from an individual under 21, the account will be immediately closed, all gaming activity voided, and the personal data deleted in accordance with applicable regulations. Where deposits have been made by a minor, those funds will be handled according to phdrem's terms and applicable Philippine law.

Parents and guardians who believe a minor has registered with phdrem are encouraged to contact the support team immediately at the contact details provided in Section 15.

Under the Data Privacy Act of 2012 and its Implementing Rules, you have the following rights with respect to your personal data held by phdrem. To exercise any of these rights, please contact phdrem's Data Protection Officer using the details in Section 15.

In the course of providing services, phdrem may transfer your personal data to recipients located outside of the Philippines — for example, where cloud infrastructure, game software providers, or identity verification services operate servers in other countries.

All cross-border transfers of personal data from phdrem are carried out subject to appropriate safeguards as required under the Data Privacy Act of 2012 and the NPC's implementing issuances. Safeguards used include contractual clauses requiring recipient entities to maintain equivalent data protection standards to those applicable under Philippine law.

Where a transfer is to a jurisdiction that does not provide an adequate level of data protection equivalent to the Philippines, phdrem will implement additional contractual or technical measures to protect your data.

The phdrem Platform may contain references to or integrations with third-party services — for example, payment gateways operated by GCash or partner banks. When you leave the phdrem Platform to interact with a third-party service, that service's own privacy policy governs the collection and use of your data by that provider.

phdrem is not responsible for the privacy practices of third-party services accessed through or in connection with the Platform. We encourage you to review the privacy policies of any third-party services you use in connection with your phdrem account.

phdrem reserves the right to update this Privacy Policy from time to time to reflect changes in our data practices, legal obligations, or the services we provide. When material changes are made to this Policy, phdrem will notify registered Players by email to their registered address and by posting a notice on the Platform for a reasonable period prior to the changes taking effect.

The "Last Updated" date at the top of this page indicates when the most recent revision was made. Your continued use of the phdrem Platform after the effective date of any amended Policy constitutes your acceptance of the revised terms. If you disagree with any changes, you may request account closure in accordance with the procedure described in phdrem's Terms & Conditions.

For any questions, requests, or concerns regarding this Privacy Policy or phdrem's handling of your personal data, please contact our Data Protection Officer. phdrem's customer support team is available 24 hours a day, 7 days a week, including Philippine public holidays.

For issues related to responsible gaming or self-exclusion, please visit our Responsible Gaming page or contact support directly.