Privacy Policy – How perawin Protects Your Data

1. Data Controller

For the purposes of the Philippine Data Privacy Act of 2012 (RA 10173) and its Implementing Rules and Regulations, the data controller responsible for your personal data is perawin, operator of the online gaming platform accessible at perawin.co ("Platform").

perawin has designated a Data Protection Officer (DPO) responsible for overseeing compliance with this Policy and applicable data protection legislation. You may contact the DPO at the address provided in Section 14 of this Policy.

2. Personal Data We Collect

perawin collects the following categories of personal data in connection with your use of the Platform:

2.1 Identity & Contact Data

• Full legal name as appearing on your government-issued ID
• Date of birth (to verify the 21+ age requirement)
• Philippine mobile number (primary contact and OTP delivery)
• Email address
• Residential address (for KYC and AML purposes)
• Nationality and country of residence

2.2 Identity Verification (KYC) Data

• Copies of government-issued photo ID (PhilSys, UMID, passport, LTO driver's license, or PRC ID)
• Selfie or live photo for facial verification where required
• Source of funds documentation where required for AML compliance

2.3 Financial Data

• GCash account number or mobile number used for transactions
• Maya (PayMaya) account identifier
• Bank account details (BPI, BDO, Metrobank) for bank transfer transactions
• Transaction history including deposits, withdrawals, and bonus redemptions
• Credit/debit card details (partial — we do not store full card numbers)

2.4 Gaming & Usage Data

• Game session history, bet amounts, win/loss records
• Wagering patterns and product usage behavior
• Login timestamps, session durations, and logout records
• Responsible gaming settings you have configured (e.g., deposit limits, self-exclusion)

2.5 Technical & Device Data

• IP address and geolocation data (country/region level)
• Device type, operating system, and browser type
• Unique device identifiers
• Cookie and session token data (see Section 9)

2.6 Communication Data

• Records of your communications with perawin customer support (live chat transcripts, email correspondence)
• Feedback, complaints, and dispute records

3. How We Collect Your Data

perawin collects personal data through the following means:

• Direct submission: Data you provide when registering an account, completing KYC verification, making deposits or withdrawals, contacting support, or filling in any forms on the Platform.
• Automated collection: Technical data collected automatically when you access the Platform, including IP addresses, device identifiers, and cookie data.
• Third-party sources: Identity verification data from KYC/AML service providers; payment transaction data from payment processors including GCash, Maya, BPI, BDO, and Metrobank; and fraud prevention data from third-party screening services.
• Regulatory sources: Information provided by or shared with the Anti-Money Laundering Council (AMLC) or other Philippine regulatory bodies as required by law.

4. How We Use Your Personal Data

perawin uses your personal data for the following purposes:

• Account creation and management: To register your account, verify your identity, and maintain your player profile on the Platform.
• Age verification: To confirm that you meet the mandatory 21+ minimum age requirement under Philippine gaming regulations.
• KYC and AML compliance: To fulfil our obligations under the Philippine Anti-Money Laundering Act (AMLA, RA 9160 as amended) and applicable gaming regulations, including filing Suspicious Transaction Reports (STRs) with the AMLC where required.
• Payment processing: To process your deposits and withdrawal requests via GCash, Maya, BPI, BDO, Metrobank, and other supported payment methods.
• Platform operation and security: To provide, operate, and secure the perawin Platform, detect and prevent fraud, investigate suspected prohibited conduct, and enforce our Terms and Conditions.
• Customer support: To respond to your queries, process complaints, and resolve disputes.
• Responsible gaming: To monitor gaming behavior for indicators of problem gambling and to administer any responsible gaming tools or restrictions you have requested or that we are required to apply.
• Marketing communications: Where you have given your consent, to send you promotional offers, bonus notifications, and platform updates. You may withdraw this consent at any time through your account settings.
• Legal compliance and regulatory reporting: To comply with applicable Philippine laws and regulations, respond to lawful requests from government authorities, and fulfil our reporting obligations to PAGCOR, AMLC, and the NPC.
• Platform improvement: To analyse aggregated, anonymised usage data to improve the perawin Platform, game selection, and user experience.

5. Legal Basis for Processing

Under the Philippine Data Privacy Act, perawin processes your personal data on the following legal bases:

• Contract performance: Processing necessary to establish and manage your perawin account, process transactions, and deliver the services you have requested.
• Legal obligation: Processing required to comply with Philippine law, including KYC/AML obligations under AMLA, age verification requirements, and regulatory reporting.
• Legitimate interests: Processing for fraud prevention, platform security, responsible gaming monitoring, and improving Platform services, where these interests are not overridden by your rights.
• Consent: Processing for direct marketing communications, where you have provided explicit consent. This consent may be withdrawn at any time without affecting the lawfulness of prior processing.

6. Sharing Your Personal Data

perawin does not sell your personal data. We share personal data only in the following circumstances:

• Payment processors: GCash (Mynt), Maya (PayMaya), BPI, BDO, Metrobank, and other payment service providers strictly for the purpose of processing your transactions. These providers are contractually bound to process your data only as instructed by perawin.
• KYC/AML service providers: Third-party identity verification and screening services used to fulfil our regulatory obligations. These providers act as data processors under written data processing agreements.
• Game providers: Game studios (e.g., JILI, Pragmatic Play, Evolution Gaming) receive limited technical session data necessary to deliver gameplay. They do not receive your full personal profile.
• Regulatory authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other Philippine government agencies, where required by law or in response to lawful requests.
• Law enforcement: Where disclosure is required by a court order, warrant, or other binding legal process issued by a Philippine court or authority.
• Corporate transactions: In the event of a merger, acquisition, or sale of all or part of perawin's business, your data may be transferred to the successor entity, subject to equivalent privacy protections.

7. International Data Transfers

Some perawin service providers, including certain game studios and technology vendors, may be located outside the Philippines. Where personal data is transferred internationally, perawin ensures that appropriate safeguards are in place consistent with the requirements of the Philippine Data Privacy Act, including contractual data protection clauses that obligate overseas processors to maintain standards equivalent to those required under Philippine law.

perawin will not transfer your personal data to any jurisdiction that does not provide an adequate level of data protection without implementing appropriate safeguards and, where required, obtaining NPC approval.

8. Data Retention

perawin retains personal data for as long as necessary to fulfil the purposes for which it was collected, subject to the following minimum retention periods:

• Account and KYC data: Retained for a minimum of five (5) years from account closure, as required by Philippine AMLA regulations.
• Transaction records: Retained for a minimum of five (5) years, consistent with AMLA record-keeping requirements.
• Gaming session data: Retained for a minimum of three (3) years for responsible gaming monitoring and dispute resolution purposes.
• Support correspondence: Retained for three (3) years from the date of the last interaction.
• Marketing consent records: Retained until consent is withdrawn, and for a reasonable period thereafter to evidence the withdrawal.

At the end of the applicable retention period, personal data is securely deleted or anonymised in accordance with perawin's data disposal procedures.

9. Cookies & Tracking Technologies

The perawin Platform uses cookies and similar tracking technologies to operate the Platform, maintain your login session, remember your preferences, and analyse Platform usage. The categories of cookies used are:

• Essential cookies: Required for the Platform to function. These include session authentication cookies and security tokens. You cannot opt out of essential cookies while using the Platform.
• Functional cookies: Remember your language preferences and responsible gaming settings.
• Analytics cookies: Collect anonymised data about how Players use the Platform to help us improve the user experience. Data from analytics cookies does not identify you personally.

You can control cookies through your browser settings. Disabling non-essential cookies will not prevent you from using the perawin Platform, but may affect certain personalisation features.

10. Data Security

perawin implements a comprehensive set of technical and organisational security measures to protect your personal data, including:

• TLS 1.3 / 256-bit SSL encryption for all data in transit between your device and perawin servers
• Encryption of sensitive data at rest, including financial account details and government ID copies
• Strict access controls ensuring that personal data is accessible only to authorised perawin personnel who have a legitimate need to process it
• Two-factor authentication (OTP) for Player account access and for internal administrative systems
• Regular independent security audits and penetration testing
• Incident response procedures to detect, investigate, and notify the NPC and affected Players in the event of a personal data breach, within the timeframes required under RA 10173

While perawin takes all reasonable precautions, no online platform can guarantee absolute security. You are responsible for maintaining the security of your own account credentials.

11. Your Data Subject Rights

Under the Philippine Data Privacy Act, you have the following rights in respect of your personal data held by perawin:

To exercise any of these rights, please contact perawin's Data Protection Officer at [email protected]. We will respond to all valid requests within fifteen (15) working days, as required under RA 10173. We may require you to verify your identity before processing your request.

12. Minors

The perawin Platform is strictly for persons aged 21 years and above. perawin does not knowingly collect personal data from persons under 21 years of age. If we become aware that personal data has been provided by a person under the minimum age, we will immediately suspend the associated account and delete the personal data, consistent with our obligations under applicable gaming regulations and the PDPA.

If you are a parent or guardian and believe that a person under 21 has created a perawin account or provided personal data to perawin, please contact us immediately at [email protected].

13. Changes to This Privacy Policy

perawin reserves the right to update or modify this Privacy Policy at any time to reflect changes in applicable law, regulatory guidance, or our data processing practices. Material changes will be communicated to Players via email or a prominent notice on the Platform at least fourteen (14) days before the changes take effect. The "Last Updated" date at the top of this Policy will reflect the most recent revision.

Continued use of the perawin Platform after the effective date of any revision constitutes your acceptance of the revised Privacy Policy. If you do not accept the revised Policy, you should stop using the Platform and close your account.

14. Contact & Complaints

For questions, concerns, or to exercise any of your data subject rights under the Philippine Data Privacy Act, please contact: