This Privacy Policy explains how 36php collects, uses, discloses, stores, and protects the personal information of players and visitors in compliance with Republic Act No. 10173 (Data Privacy Act of 2012) and applicable PAGCOR data governance requirements. Your privacy matters to us — this document tells you exactly what we do with your data and why.
These cards summarise the core points of our Privacy Policy. They do not replace the full Policy below, which is the binding legal document.
36php does not sell, rent, or trade your personal information to any third party for commercial purposes. Your data is used solely to operate your account, process transactions, comply with regulatory obligations, and improve the Platform. This is a firm commitment, not a conditional policy statement.
All data transmitted between your device and 36php servers is protected by 256-bit SSL encryption — the same standard used by Philippine banks. Your login credentials, payment details, and personal information are never transmitted in plain text under any circumstances.
36php is fully compliant with the Philippines' Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations. We have appointed a Data Protection Officer (DPO) and maintain a Personal Information Inventory as required by the National Privacy Commission.
36php retains personal data only for as long as necessary to fulfil the purposes for which it was collected, plus the period required by law. Transaction and account records are retained for a minimum of five years as required by PAGCOR regulations and the Anti-Money Laundering Act.
Under the Data Privacy Act of 2012, you have rights to access, rectify, erase, object to processing, and receive a portable copy of your personal data. You may exercise these rights at any time by contacting 36php's Data Protection Officer through the support channels described in this Policy.
In the unlikely event of a personal data breach that poses a real risk of harm to you, 36php will notify the National Privacy Commission within 72 hours of discovery and will directly notify affected individuals as required by the NPC's breach notification guidelines and applicable regulations.
This Privacy Policy ("Policy") applies to all personal information collected, processed, and stored by 36php ("36php," "we," "us," "our") in connection with the online gaming platform available at 36php.org and all related sub-pages, services, and digital touchpoints (collectively, the "Platform"). This Policy covers data collected from registered players, prospective players, visitors to the Platform, and individuals who contact 36php by any means.
36php is the Personal Information Controller (PIC) as defined under Republic Act No. 10173 (Data Privacy Act of 2012) for all personal data collected through the Platform. 36php has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with the Data Privacy Act, its Implementing Rules and Regulations (IRR), and applicable issuances of the National Privacy Commission (NPC). Contact details for the DPO are provided in Section 15 of this Policy.
Scope of application: This Policy applies to personal data collected digitally through the Platform and, where applicable, physical documentation submitted during the KYC process. It does not apply to the data practices of third-party services, payment providers, or external websites that may be accessible through links on the Platform.
By registering an account, accessing the Platform, or submitting any personal information to 36php, you acknowledge that you have read and understood this Policy and consent to the processing of your personal data as described herein. Where processing is based on consent, you may withdraw your consent at any time as described in Section 9, subject to applicable legal and regulatory retention obligations.
36php collects personal data that is necessary, adequate, and not excessive relative to the purposes for which it is processed. The following categories of personal data may be collected:
36php collects personal data through the following channels and methods:
36php processes your personal data for specific, legitimate purposes. The table below outlines the primary processing activities, their purposes, and the applicable legal basis under the Data Privacy Act of 2012:
| Processing Activity | Purpose | Legal Basis (DPA 2012) |
|---|---|---|
| Account registration | Create and manage your 36php player account | Contract performance; consent |
| KYC / age verification | Verify identity, confirm 21+ age requirement, prevent underage gambling | Legal obligation (PAGCOR); legitimate interest |
| Payment processing | Process deposits and withdrawals via GCash, PayMaya, banks, crypto | Contract performance |
| AML / fraud screening | Comply with Anti-Money Laundering Act (RA 9160) and detect fraud | Legal obligation; legitimate interest |
| Game operation & integrity | Deliver games, resolve disputes, audit game outcomes | Contract performance; legitimate interest |
| Responsible gaming | Monitor problem gambling indicators, enforce self-exclusion and limits | Legal obligation (PAGCOR RG framework); legitimate interest |
| Customer support | Respond to enquiries, resolve complaints | Contract performance; legitimate interest |
| Marketing communications | Send promotional offers, bonus notifications (opt-in only) | Consent |
| Platform analytics | Improve user experience, identify technical issues | Legitimate interest |
| Regulatory reporting | Submit required reports to PAGCOR, AMLC, NPC, BIR | Legal obligation |
36php does not sell, rent, or trade your personal data. We share personal information only in the limited circumstances described below, and only to the extent necessary for the specified purpose:
36php is required by law to share certain player data with Philippine government agencies including: the Philippine Amusement and Gaming Corporation (PAGCOR), the Anti-Money Laundering Council (AMLC), the Bureau of Internal Revenue (BIR), and the National Privacy Commission (NPC). Such disclosures are mandatory and do not require your prior consent.
To process deposits and withdrawals, 36php shares necessary transaction data with payment service providers including GCash (G-Xchange Inc.), PayMaya Philippines Inc., and partner banks (BPI, BDO, Metrobank). These providers receive only the data necessary to process the transaction and are bound by their own privacy policies and applicable Philippine financial regulations.
36php engages third-party identity verification and AML screening service providers to assist with the KYC process. These providers access your identity documents and personal details solely for the purpose of verification and are contractually bound to maintain confidentiality and process data only on 36php's documented instructions.
36php uses cloud hosting, database management, and cybersecurity service providers to operate the Platform. These providers may process personal data as part of their service delivery and are engaged under Data Processing Agreements that impose obligations consistent with the Data Privacy Act of 2012.
Where required by a lawful court order, subpoena, or other legal process in the Philippines, 36php will disclose personal data to the extent legally required. 36php will, where legally permitted, notify the affected individual of such a requirement before disclosing their data.
No international data transfers without safeguards: 36php does not transfer your personal data to data processors in jurisdictions outside the Philippines unless adequate data protection safeguards are in place and such transfer is compliant with the requirements of the Data Privacy Act and NPC regulations on cross-border data flows. See Section 12 for details.
36php uses cookies and similar tracking technologies (including pixel tags and session tokens) to operate and improve the Platform. The following categories of cookies are used:
You may control non-essential cookies through your browser settings. Most major browsers allow you to view, block, or delete cookies. Note that disabling certain cookies may affect the functionality of the 36php Platform, including your ability to remain logged in across sessions. Essential security and authentication cookies cannot be disabled while using the Platform.
36php retains personal data for no longer than is necessary to fulfil the purposes for which it was collected, taking into account legal, regulatory, accounting, and reporting obligations. The following retention periods apply:
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in accordance with NPC-recognised data disposal standards. Where data is anonymised, the resulting anonymised dataset is no longer considered personal data under the Data Privacy Act.
36php implements technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, loss, and destruction. These measures include, but are not limited to:
Your responsibility: While 36php implements strong security measures, no online platform is completely immune to security risk. You are responsible for maintaining the confidentiality of your own login credentials. Do not share your 36php password with anyone, including individuals claiming to be 36php support staff.
As a data subject under Republic Act No. 10173, you have the following rights with respect to your personal data held by 36php. These rights are subject to applicable legal and regulatory limitations:
To exercise any of the above rights, contact 36php's Data Protection Officer as described in Section 15. We will respond to verified data subject requests within fifteen (15) business days of receipt, in accordance with NPC guidelines. Identity verification will be required before processing any data subject request.
The 36php Platform is strictly intended for individuals aged twenty-one (21) years and above, in compliance with PAGCOR regulations governing online gaming in the Philippines. 36php does not knowingly collect personal data from individuals under 21 years of age.
If 36php discovers or is notified that an account has been registered by a person under the age of 21, the account will be immediately suspended, all personal data associated with the account will be reviewed, and any funds in the account will be handled in accordance with PAGCOR regulations for underage accounts. The minor's personal data will be deleted to the extent permitted by applicable legal retention requirements.
If you are a parent or guardian and believe your minor child has accessed or registered on 36php, please contact our Data Protection Officer immediately using the details in Section 15. We will investigate and take prompt remedial action.
36php sends promotional and marketing communications — including bonus offers, new game announcements, and VIP programme updates — only to players who have opted in to receive such communications. Your marketing consent preference is recorded at the time of registration and can be updated at any time through your 36php account settings or by contacting support.
You may withdraw your consent to receive marketing communications at any time by: (a) updating your communication preferences in your 36php account settings; (b) using the unsubscribe link included in any marketing email; or (c) contacting 36php's support team or DPO directly. Withdrawal of marketing consent does not affect the lawfulness of processing carried out prior to withdrawal, and does not affect your ability to use the Platform or receive transactional communications (such as deposit confirmations and security alerts).
All marketing and promotional communications from 36php include responsible gaming reminders in compliance with PAGCOR's responsible gaming framework. These reminders are not optional — they are included in all promotional material regardless of your marketing communication preferences.
36php primarily processes personal data of Filipino players within the Philippines. Where operational requirements necessitate the transfer of personal data to service providers or infrastructure located outside the Philippines (for example, cloud hosting providers or game software providers with servers in other jurisdictions), 36php ensures the following safeguards are in place:
You may request information about the specific safeguards in place for any cross-border transfer involving your personal data by contacting the Data Protection Officer.
The 36php Platform may contain links to third-party websites or references to third-party services (for example, payment service providers' own portals). This Privacy Policy applies only to data processed by 36php. When you click a link to a third-party site or use a third-party payment service, you leave the 36php Platform and the third party's own privacy policy governs the collection and use of your data from that point.
36php is not responsible for the privacy practices of third-party sites or services. We encourage you to read the privacy policy of any third-party service you use in connection with your 36php account, particularly those of your chosen payment provider (GCash, PayMaya, your bank).
36php reserves the right to update or amend this Privacy Policy at any time to reflect changes in our processing activities, legal obligations, or NPC guidance. Material changes to this Policy — particularly any change that materially affects your rights or the purposes for which we process your data — will be communicated to registered players via email to their registered address and/or via a prominent notice on the Platform prior to the change taking effect.
Where a change is mandated by law, NPC issuance, or PAGCOR regulation, the change may take effect immediately without advance notice. The "Effective Date" displayed at the top of this page reflects the date of the most recent revision. The current version of this Policy is always available at 36php.org/privacy-policy. Your continued use of the Platform following notification of changes constitutes your acceptance of the revised Policy.
For any questions, concerns, or formal requests relating to this Privacy Policy or the processing of your personal data by 36php — including the exercise of your rights under the Data Privacy Act of 2012 — please contact the 36php Data Protection Officer through the following channels:
Data Protection Officer — 36php
Email: [email protected]
Please use subject line: "Data Privacy Request — [nature of request]" for priority routing to the DPO team.
Live Chat: 24/7 live chat available within the 36php Platform. Request to be connected with the Data Protection team.
We will acknowledge all data subject requests within three (3) business days and provide a substantive response within fifteen (15) business days, or such extended period as permitted by NPC guidelines for complex requests.
If you are dissatisfied with 36php's response to your privacy concern, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines. The NPC's contact details and complaints procedure are published on the official NPC website.
PAGCOR-regulated, DPA 2012 compliant, GCash-ready, and built for Filipino players. One account gives you access to 200+ games with the peace of mind that your personal data is genuinely protected. 21+ only. Play responsibly.
Explore the 36php Casino or log in to your account. Read our Terms & Conditions and Responsible Gaming policy.