penas77 Privacy Policy
This Privacy Policy explains how penas77 collects, uses, stores, shares, and protects your personal information in compliance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and PAGCOR regulatory requirements.
Table of Contents
How penas77 Protects Your Data
Six pillars of our data protection commitment to every Filipino player on the penas77 platform.
256-bit SSL Encryption
Every data transmission between your device and penas77 servers is protected by industry-standard 256-bit SSL/TLS encryption — the same security standard used by Philippine commercial banks. Your personal and payment data is never transmitted in plain text.
Minimal Data Collection
penas77 collects only the personal data that is strictly necessary for account operation, KYC compliance, payment processing, and PAGCOR regulatory reporting. We do not collect data beyond what is required for these documented purposes.
NPC & DPA Compliance
penas77 is registered with the Philippine National Privacy Commission (NPC) and operates in full compliance with the Data Privacy Act of 2012 (RA 10173) and its Implementing Rules and Regulations. A designated Data Protection Officer (DPO) oversees all data handling.
No Sale of Personal Data
penas77 does not sell, rent, or commercially trade your personal information to any third party. Data sharing is limited to regulated purposes: PAGCOR reporting, payment processing, KYC verification, and fraud prevention — all governed by data processing agreements.
Full Data Subject Rights
As a penas77 player, you have the full range of rights under RA 10173 — including the right to access your data, correct inaccuracies, object to specific processing, and request erasure subject to legal retention requirements. Requests are responded to within thirty (30) days.
Secure Data Storage
Personal data is stored on servers with restricted access, firewall protection, intrusion detection systems, and regular security audits. Access to player personal data within penas77 is strictly limited to authorized personnel on a need-to-know basis, with access logs maintained.
1 Data Controller Information
1.1 The data controller responsible for your personal data is penas77, the operator of the online casino platform accessible at penas77.vip ("penas77," "we," "us," "our").
1.2 penas77 operates under a license issued by the Philippine Amusement and Gaming Corporation (PAGCOR) and is registered with the National Privacy Commission (NPC) of the Philippines in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173).
1.3 penas77 has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with this Privacy Policy and Philippine data protection law. The DPO may be contacted at the details provided in Section 12 of this Policy.
1.4 This Policy applies to all data processing activities undertaken by penas77 in connection with the provision of its online casino services, including account registration, KYC verification, payment processing, customer support, marketing communications (where consented), and PAGCOR regulatory reporting.
2 Personal Data We Collect
2.1 Registration Data. When you create a penas77 account, we collect: full legal name; date of birth (to verify the 21+ age requirement); Philippine mobile number; email address (where provided); and a self-selected username and password (stored in hashed form — we never store plaintext passwords).
2.2 KYC Verification Data. Before processing any withdrawal, penas77 is required by PAGCOR regulations to collect: a copy of a valid Philippine government-issued photo identification document (UMID, Passport, Driver's License, SSS ID, PhilHealth ID, or Voter's ID); and a selfie or liveness verification image where required. This information is collected for identity verification and age confirmation purposes.
2.3 Payment Data. When you make deposits or withdrawals, we collect: your GCash-registered mobile number or other payment identifier; transaction amounts, dates, and references. We do not store full card numbers or full banking credentials — payment transactions are processed through certified third-party payment processors subject to their own security standards.
2.4 Transaction & Gaming Data. We maintain records of all deposits, withdrawals, game sessions, wagers placed, game outcomes, and account balance history. This data is retained for regulatory compliance purposes and to support player dispute resolution.
2.5 Technical Data. When you access penas77, we automatically collect: IP address; device type, operating system, and browser; session duration and page navigation data; and login timestamps and locations. This data is used for security monitoring, fraud detection, and platform optimization.
2.6 Communications Data. If you contact penas77 support — by live chat, email, or any other channel — we retain records of those communications, including the content of messages and any attachments you provide.
2.7 Responsible Gaming Data. Where you use responsible gaming tools (deposit limits, self-exclusion, cool-down periods), penas77 records your settings and their application. Where applicable, this data may be shared with PAGCOR's exclusion register in accordance with our regulatory obligations.
3 How We Use Your Personal Data
3.1 penas77 uses your personal data only for the purposes for which it was collected. The following table summarises the primary uses:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account creation & management | Registration data, technical data | Contract performance |
| Identity verification (KYC) | KYC verification data, registration data | Legal obligation (PAGCOR, AMLA) |
| Processing deposits & withdrawals | Payment data, KYC data | Contract performance |
| Fraud prevention & security | Technical data, payment data, gaming data | Legitimate interest / Legal obligation |
| PAGCOR regulatory reporting | Registration, KYC, gaming, payment data | Legal obligation (PAGCOR) |
| AMLA compliance reporting | Identity data, transaction data | Legal obligation (RA 9160 as amended) |
| Customer support | Communications data, account data | Contract performance / Legitimate interest |
| Responsible gaming enforcement | Responsible gaming data, registration data | Legal obligation / Legitimate interest |
| Marketing communications | Registration data, gaming data | Consent (opt-in only) |
| Platform analytics & improvement | Technical data, gaming data (aggregated/anonymised) | Legitimate interest |
3.2 Marketing Communications. penas77 will only send marketing communications (promotional offers, bonus notifications, game announcements) to players who have explicitly opted in to receive such communications. You may withdraw marketing consent at any time by contacting support or updating your account notification preferences.
4 Legal Basis for Processing
4.1 Under the Data Privacy Act of 2012 (RA 10173), penas77 processes personal data on the following legal bases:
- Consent: Where you have provided specific, informed, freely given, and unambiguous consent — principally for marketing communications and non-essential cookie placement.
- Contract Performance: Processing necessary to fulfil our contractual obligations to you under the penas77 Terms & Conditions — including account management and transaction processing.
- Legal Obligation: Processing required to comply with PAGCOR licensing conditions, the Anti-Money Laundering Act (RA 9160 as amended), and other applicable Philippine law.
- Legitimate Interest: Processing for fraud prevention, platform security, responsible gaming monitoring, and aggregate analytics — where these interests are not overridden by your data protection rights.
4.2 Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
5 Data Sharing & Third Parties
5.1 penas77 does not sell, rent, or commercially license your personal data to any third party for their own marketing or commercial purposes.
5.2 Regulated Disclosures. penas77 is required by law and by its PAGCOR license conditions to share certain data with the following:
- PAGCOR: Player registration data, gaming activity reports, and responsible gaming data as required by our operating license;
- Anti-Money Laundering Council (AMLC): Suspicious transaction reports and required transaction data under RA 9160 as amended;
- National Bureau of Investigation / Philippine National Police: In response to lawful court orders, subpoenas, or law enforcement requests;
- National Privacy Commission (NPC): Data breach notifications and compliance reporting as required by RA 10173.
5.3 Service Providers. penas77 engages third-party service providers who process personal data on our behalf under written data processing agreements that comply with RA 10173. These include: payment processors (GCash, Maya, and banking partners); KYC verification technology providers; cloud hosting and infrastructure providers; fraud detection and security service providers; and customer support platform providers. All service providers are contractually prohibited from using your data for their own purposes.
5.4 International Transfers. Where personal data is transferred outside the Philippines (e.g., to cloud service providers with infrastructure located abroad), penas77 ensures that appropriate safeguards are in place in accordance with NPC guidelines on cross-border data transfer, including contractual clauses that impose equivalent data protection standards.
6 Data Security
6.1 penas77 implements a comprehensive suite of technical and organisational security measures designed to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:
- 256-bit SSL/TLS encryption on all data transmissions;
- Bcrypt hashing of all account passwords — plaintext passwords are never stored;
- Multi-factor authentication for penas77 system administrator access;
- Role-based access controls limiting employee access to personal data on a strict need-to-know basis;
- Intrusion detection systems and 24/7 security monitoring;
- Regular third-party penetration testing and security audits;
- Encrypted database storage for sensitive personal and KYC data;
- Comprehensive access logging and audit trails for all access to player personal data.
6.2 Data Breach Response. In the event of a personal data breach that is likely to result in harm to affected individuals, penas77 will notify the National Privacy Commission (NPC) within seventy-two (72) hours of becoming aware of the breach, and will notify affected players without undue delay where the breach poses a high risk to their rights and freedoms.
7 Data Retention
7.1 penas77 retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following retention periods apply:
- Account & KYC data: Retained for the duration of your account's active status plus a minimum of five (5) years following account closure, in accordance with PAGCOR licensing requirements and AMLA record-keeping obligations;
- Transaction & gaming records: Retained for a minimum of five (5) years from the date of the transaction, as required by AMLA and PAGCOR regulations;
- Customer support communications: Retained for three (3) years from the date of the communication, or longer if relevant to an ongoing dispute or legal matter;
- Technical / access logs: Retained for twelve (12) months in active storage, then archived for a further twelve (12) months before deletion;
- Marketing consent records: Retained for the duration of active consent plus three (3) years to evidence historical consent status.
7.2 Following the expiry of applicable retention periods, personal data is securely deleted or irreversibly anonymised in accordance with NPC guidelines.
8 Cookies & Tracking Technologies
8.1 penas77 uses cookies and similar tracking technologies to provide and improve the Service. The following categories of cookies are used:
- Essential Cookies: Strictly necessary for the platform to function — including session authentication, CSRF protection, and load balancing. These cannot be disabled without breaking core platform functionality;
- Functional Cookies: Store your preferences such as language settings, game lobby filters, and session timeout preferences;
- Analytics Cookies: Collect aggregated, anonymised data about how players use the penas77 platform, used to identify and fix performance issues and improve user experience;
- Security Cookies: Used by our fraud detection systems to identify anomalous access patterns and protect your account.
8.2 Non-essential cookies (functional and analytics categories) are set only with your consent. You may manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of parts of the penas77 platform.
8.3 penas77 does not use third-party advertising cookies or tracking pixels for behavioural advertising purposes.
9 Your Data Subject Rights
9.1 Under the Data Privacy Act of 2012 (RA 10173), you have the following rights with respect to your personal data held by penas77:
| Right | What It Means | Applicable Limitations |
|---|---|---|
| Right to Access | Request a copy of the personal data penas77 holds about you | Subject to identity verification |
| Right to Rectification | Request correction of inaccurate or incomplete data | KYC data changes require re-verification |
| Right to Erasure | Request deletion of your personal data | Subject to legal retention obligations (PAGCOR, AMLA) |
| Right to Object | Object to processing based on legitimate interest, including direct marketing | Cannot override legal obligation processing |
| Right to Data Portability | Receive your data in a structured, machine-readable format | Applies to data provided by consent or contract |
| Right to Withdraw Consent | Withdraw consent for marketing or non-essential cookies at any time | Does not affect past processing |
| Right to Complain | Lodge a complaint with the National Privacy Commission (NPC) | After raising the matter with penas77's DPO first |
9.2 To exercise any of the above rights, contact penas77's Data Protection Officer using the contact information in Section 12. penas77 will respond to data subject requests within thirty (30) calendar days of receipt, or within such extended period (not exceeding sixty (60) days) as may be required for complex requests, with notification of any extension provided within the initial thirty-day period.
9.3 penas77 does not charge a fee for exercising data subject rights, unless requests are manifestly unfounded or repetitive, in which case a reasonable administrative fee may apply.
10 Children's Privacy & Age Restriction
10.1 The penas77 Service is strictly restricted to individuals aged twenty-one (21) years and above, in accordance with PAGCOR regulations and Philippine gaming law. penas77 does not knowingly collect personal data from persons under the age of 21.
10.2 If penas77 becomes aware that personal data has been collected from a person under 21, the account will be immediately suspended, the data will be reviewed by the compliance team, and appropriate action — including account closure and data deletion subject to any mandatory regulatory retention — will be taken.
10.3 If you are a parent or guardian and believe that a person under 21 in your care has created a penas77 account, please contact support immediately at the address in Section 12. penas77 will investigate and take appropriate action within forty-eight (48) hours.
11 Governing Law & Policy Updates
11.1 Governing Law. This Privacy Policy is governed by the laws of the Republic of the Philippines, including the Data Privacy Act of 2012 (RA 10173), its Implementing Rules and Regulations, and relevant NPC issuances and circulars.
11.2 Policy Updates. penas77 reserves the right to update this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or PAGCOR regulatory requirements. Material changes will be communicated to registered players via their registered contact details at least fourteen (14) days before taking effect, where practicable. The "Last Updated" date at the top of this Policy indicates when the current version became effective.
11.3 Continued Use. Your continued use of the penas77 Service following the effective date of any updated Privacy Policy constitutes your acknowledgment and acceptance of the updated terms. If you do not agree to an updated Privacy Policy, you must cease using the Service and close your account.
11.4 NPC Complaints. If you are not satisfied with how penas77 has handled your data subject rights request or a data privacy concern, you have the right to file a complaint with the National Privacy Commission of the Philippines. Details on the NPC's complaints process are available on the NPC's official website.
12 Contact — Data Protection Officer
12.1 For all data privacy inquiries, data subject rights requests, or to report a privacy concern, please contact penas77's designated Data Protection Officer:
12.2 When contacting the DPO, please include: your full registered name; your penas77 account username; a description of your request or concern; and any supporting information relevant to your request. Identity verification may be required before penas77 can fulfil certain data subject rights requests.
Explore penas77 with Confidence
Your privacy is protected by Philippine law and our commitment to transparent, secure data handling. Explore the full penas77 casino experience — PAGCOR regulated, GCash ready, Filipino built.