phferry Privacy Policy

phferry ("phferry," "we," "us," or "our") operates the online gaming platform accessible at phferry.app. We are committed to protecting the privacy and personal data of all users who access or register on our platform. This Privacy Policy ("Policy") describes how phferry collects, uses, stores, shares, and protects your personal information in connection with your use of our services.

This Policy is issued in compliance with Republic Act No. 10173, the Data Privacy Act of 2012 of the Philippines ("DPA"), its Implementing Rules and Regulations ("IRR"), and the issuances of the National Privacy Commission ("NPC"). It applies to all personal data collected through the phferry website, mobile platform, customer support channels, and any other touchpoints through which you interact with phferry.

By registering for a phferry account or continuing to use our platform, you acknowledge that you have read and understood this Policy and consent to the collection and processing of your personal data as described herein. If you do not agree with any part of this Policy, please discontinue use of the phferry platform and contact us to close your account.

For the purposes of the Philippine Data Privacy Act of 2012, phferry acts as the personal information controller ("PIC") in respect of the personal data it collects from users of the platform. phferry has appointed a Data Protection Officer ("DPO") who is responsible for overseeing compliance with this Policy and applicable data protection laws.

You may contact our Data Protection Officer at any time using the contact details provided in Section 15 of this Policy. All data subject requests, privacy complaints, and inquiries regarding this Policy should be directed to the DPO in the first instance.

phferry collects the following categories of personal data from users:

phferry does not intentionally collect sensitive personal information beyond what is strictly necessary for identity verification and regulatory compliance. Where sensitive personal information is collected (such as government ID details), it is handled with the highest level of security and access controls.

phferry collects personal data through the following means:

• Direct collection: Information you provide when registering an account, completing KYC verification, making deposits or withdrawals, contacting customer support, or participating in promotions;
• Automated collection: Technical and usage data collected automatically when you access and use the phferry platform, including through cookies, web beacons, and similar tracking technologies (see Section 8);
• Third-party sources: Identity verification data from KYC service providers; payment data from GCash, PayMaya, and banking partners; fraud prevention data from security service providers; and publicly available information where relevant to regulatory compliance.

phferry uses your personal data for the following purposes:

1. To create, manage, and maintain your phferry account, including verifying your identity and age (21+ requirement under Philippine law);
2. To process deposits and withdrawals through approved Philippine payment channels;
3. To provide, operate, and improve the phferry gaming platform and its features;
4. To comply with PAGCOR licensing requirements, anti-money laundering (AML) obligations, and other applicable Philippine laws and regulations;
5. To detect, investigate, and prevent fraud, cheating, money laundering, and other prohibited activities;
6. To monitor gaming activity for responsible gaming purposes and to apply responsible gaming tools where necessary;
7. To communicate with you regarding your account, transactions, promotions, and platform updates;
8. To respond to your customer support inquiries and resolve disputes;
9. To conduct analytics and improve the performance, security, and user experience of the platform;
10. To enforce our Terms and Conditions and other applicable policies.

phferry will not use your personal data for purposes incompatible with those listed above without first obtaining your explicit consent or as otherwise permitted by the Data Privacy Act.

phferry processes your personal data on the following legal bases under the Data Privacy Act of 2012:

• Contractual necessity: Processing required to perform our contract with you, including account management, payment processing, and service delivery;
• Legal obligation: Processing required to comply with PAGCOR regulations, AML laws, tax obligations, and other applicable Philippine legal requirements;
• Legitimate interests: Processing necessary for fraud prevention, platform security, responsible gaming monitoring, and service improvement, where these interests are not overridden by your rights;
• Consent: Processing based on your freely given, specific, informed, and unambiguous consent, such as for certain marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.

phferry does not sell, rent, or trade your personal data to third parties for commercial purposes. We may share your personal data only in the following circumstances:

• Service providers: Trusted third-party vendors who assist in operating the phferry platform, including KYC verification providers, payment processors (GCash, PayMaya, Philippine banks), IT infrastructure providers, and customer support tools. All such providers are bound by data processing agreements and are prohibited from using your data for any purpose other than providing services to phferry;
• Regulatory authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), the Bureau of Internal Revenue (BIR), and other competent Philippine government agencies, where disclosure is required by law or regulatory directive;
• Law enforcement: Philippine law enforcement agencies where disclosure is required pursuant to a valid court order, subpoena, or other lawful process;
• Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of phferry's assets, your personal data may be transferred to the successor entity, subject to the same privacy protections described in this Policy;
• With your consent: To any other third party where you have provided explicit prior consent to such disclosure.

phferry uses cookies and similar tracking technologies to operate and improve the platform. Cookies are small text files stored on your device that help us recognize you, maintain your session, and understand how you use our services.

We use the following types of cookies:

• Strictly necessary cookies: Essential for the platform to function, including session management and security tokens. These cannot be disabled;
• Functional cookies: Remember your preferences such as language settings and display options to improve your experience;
• Analytics cookies: Help us understand how users interact with the platform so we can improve performance and usability. Data collected is aggregated and anonymized where possible;
• Security cookies: Used for fraud detection, bot prevention, and platform integrity monitoring.

You may control non-essential cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the phferry platform. phferry does not use cookies to serve third-party advertising.

phferry retains your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable Philippine law and PAGCOR regulations. The following general retention periods apply:

• Account data: Retained for the duration of your account and for a minimum of five (5) years following account closure, as required by PAGCOR and AML regulations;
• Transaction records: Retained for a minimum of five (5) years from the date of the transaction, in compliance with AMLC reporting requirements;
• KYC documents: Retained for a minimum of five (5) years following the end of the business relationship;
• Support communications: Retained for three (3) years from the date of the last interaction, or longer if relevant to an ongoing dispute or investigation;
• Technical and usage data: Generally retained for up to twelve (12) months, after which it is aggregated or anonymized.

Upon expiry of the applicable retention period, phferry will securely delete or anonymize your personal data in accordance with NPC guidelines.

phferry implements a comprehensive set of technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, loss, or destruction. These measures include:

• TLS/SSL encryption for all data transmitted between your device and phferry servers;
• Hashing and salting of passwords and other sensitive credentials;
• Role-based access controls limiting employee access to personal data on a strict need-to-know basis;
• Regular penetration testing and vulnerability assessments;
• 24/7 security monitoring and intrusion detection systems;
• Secure data center facilities with physical access controls;
• Regular staff training on data privacy and security best practices.

While phferry takes all reasonable precautions to protect your data, no system is completely immune to security risks. In the event of a personal data breach that poses a real risk to your rights and freedoms, phferry will notify the NPC within 72 hours of becoming aware of the breach and will inform affected users without undue delay, as required by the Data Privacy Act.

Under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data held by phferry:

• Right to be informed: The right to know what personal data phferry collects about you and how it is processed;
• Right of access: The right to obtain a copy of your personal data held by phferry;
• Right to rectification: The right to have inaccurate or incomplete personal data corrected;
• Right to erasure: The right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations;
• Right to object: The right to object to certain types of processing, including processing based on legitimate interests;
• Right to data portability: The right to receive your personal data in a structured, commonly used format;
• Right to lodge a complaint: The right to file a complaint with the National Privacy Commission if you believe your data privacy rights have been violated.

To exercise any of these rights, please contact our Data Protection Officer using the details in Section 15. phferry will respond to all verified data subject requests within thirty (30) days, as required by the DPA. We may request proof of identity before processing your request.

phferry is strictly an adult gaming platform. We do not knowingly collect personal data from individuals under the age of 21. Our registration process includes mandatory age verification, and we conduct KYC checks to confirm that all users meet the minimum age requirement of 21 years as mandated by PAGCOR regulations and Philippine law.

If phferry becomes aware that personal data has been collected from a person under the age of 21, we will immediately suspend the relevant account, delete the associated personal data, and report the matter to the appropriate authorities where required. If you believe a minor has registered on phferry, please contact us immediately at the details provided in Section 15.

phferry primarily stores and processes personal data within the Philippines. In limited circumstances, personal data may be transferred to or accessed from outside the Philippines — for example, where phferry uses cloud infrastructure or third-party service providers with operations in other countries.

Any cross-border transfer of personal data is conducted only where necessary and is subject to appropriate safeguards, including contractual data protection clauses consistent with NPC guidelines and the Data Privacy Act. phferry ensures that recipient countries or organizations provide an adequate level of protection for your personal data before any transfer takes place.

phferry reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or regulatory requirements. When material changes are made, phferry will notify registered users via email or a prominent notice on the platform at least seven (7) days before the changes take effect.

The "Last Updated" date at the top of this page indicates when the Policy was most recently revised. We encourage you to review this Policy periodically. Your continued use of the phferry platform after the effective date of any revised Policy constitutes your acceptance of the updated terms.

For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact phferry's Data Protection Officer: