pn365 Privacy Policy — Your Data, Protected

The data controller responsible for the personal data collected through the pn365 platform (accessible at pn365.club) is the operator of pn365, a company incorporated and operating in the Philippines under PAGCOR licensing authority.

As the data controller, pn365 determines the purposes and means of processing personal data collected from users of the Platform. pn365 has appointed a Data Protection Officer (DPO) as required under the Philippine Data Privacy Act of 2012. Contact details for the DPO are provided in Section 15 of this policy.

pn365 collects personal data that is necessary for the operation of a licensed online gambling platform in the Philippines. The categories of personal data we collect include:

pn365 does not intentionally collect sensitive personal information as defined by the Data Privacy Act unless it is necessary for compliance (e.g., government ID for age and identity verification). Where such information is collected, additional protections apply as described in Section 9.

pn365 collects personal data through the following mechanisms:

• Direct Collection: Data you actively provide when registering an account, completing KYC verification, making deposits or withdrawal requests, contacting support, or participating in promotions.
• Automated Collection: Technical and usage data collected automatically when you access the Platform through cookies, server logs, session tokens, and similar technologies. See Section 7 for full details on cookies and tracking.
• Third-Party Sources: Where permitted by law, pn365 may receive data from identity verification service providers, payment processors (including GCash and bank partners), fraud detection services, and PAGCOR-mandated databases for age and self-exclusion verification.
• KYC Providers: For identity verification, pn365 may use third-party KYC service providers who process identity documents on our behalf. These providers operate under data processing agreements with pn365 and are bound by the Data Privacy Act.

Under the Philippine Data Privacy Act, pn365's processing of personal data is grounded in one or more of the following lawful bases:

• Contractual Necessity: Processing required to perform the contract between pn365 and you as a registered player — including account management, processing deposits and withdrawals, facilitating game play, and providing customer support.
• Legal Obligation: Processing required for compliance with applicable Philippine laws including PAGCOR licensing requirements, the Anti-Money Laundering Act (AMLA), the Data Privacy Act itself, and any directive issued by a competent regulatory authority.
• Legitimate Interests: Processing for purposes of fraud prevention, platform security, responsible gaming monitoring, and service improvement — where these interests are not overridden by your fundamental rights and freedoms.
• Consent: Where pn365 relies on consent as the basis for processing (primarily for optional marketing communications), you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.

pn365 uses your personal data for the following specific purposes:

1. Account Management: Creating and maintaining your pn365 Account, processing your registration, verifying your identity and age (21+), and managing your login credentials and security settings.
2. Financial Transactions: Processing deposits and withdrawals via GCash, bank transfer, and cryptocurrency; reconciling transactions; managing your Wallet balance; and complying with financial record-keeping obligations.
3. Game Operation: Facilitating your access to casino games, sports betting, bingo, and other Platform features; recording game results and bet outcomes; calculating and crediting winnings.
4. PAGCOR Compliance: Providing transaction records, player activity data, and identity verification results to PAGCOR as required under pn365's operating license and Philippine gambling regulations.
5. Anti-Money Laundering: Monitoring transactions for patterns consistent with money laundering, terrorist financing, or fraud under the Anti-Money Laundering Act (Republic Act No. 9160 as amended) and PAGCOR AML guidelines. Reporting suspicious activity to the Anti-Money Laundering Council (AMLC) where required by law.
6. Responsible Gaming: Monitoring player activity to identify potential problem gambling patterns; implementing self-exclusion and deposit limit requests; maintaining records of responsible gaming tool activations; complying with PAGCOR's responsible gaming framework.
7. Customer Support: Responding to inquiries, resolving disputes, processing complaints, and maintaining support records.
8. Security and Fraud Prevention: Detecting and preventing unauthorized access, fraud, bonus abuse, collusion, and other prohibited activities; maintaining platform integrity.
9. Marketing (with consent): Sending promotional offers, bonus notifications, and gaming updates where you have opted in to marketing communications. You may opt out at any time.
10. Platform Improvement: Analysing usage patterns to improve platform performance, user experience, game library curation, and feature development.

pn365 shares personal data with third parties only where necessary for the purposes described in this policy and only under appropriate data protection safeguards. Categories of third parties who may receive your data include:

• PAGCOR and Regulatory Authorities: As a licensed operator, pn365 is required to submit player data, transaction records, and compliance reports to PAGCOR on a scheduled and on-demand basis. We may also share data with the Anti-Money Laundering Council (AMLC) or other competent Philippine authorities where required by law.
• Payment Processors: GCash (Mynt/Globe), PayMaya (Voyager Innovations), and partner Philippine banks (BDO, BPI, Metrobank, UnionBank) receive your financial data necessary to process deposits and withdrawals. Each processor operates under its own privacy policy and applicable BSP regulations.
• Cryptocurrency Processors: Where cryptocurrency transactions are processed through a third-party crypto payment gateway, that provider receives the wallet address and transaction amount necessary to confirm the transaction on-chain.
• Identity Verification (KYC) Providers: Third-party KYC service providers may process your identity documents for verification purposes. These providers act as data processors under written agreements with pn365 and are bound by the Data Privacy Act.
• Game Providers: Casino game software providers (such as PG Soft, Pragmatic Play, and Jili) may receive a player identifier (not your full identity) for the purpose of game session management and results certification. They do not receive your full personal profile.
• IT and Security Service Providers: Cloud hosting providers, cybersecurity firms, and fraud detection services who process data on pn365's behalf under data processing agreements with security obligations equivalent to those in this policy.
• Legal and Professional Advisors: Lawyers, accountants, and auditors retained by pn365 who may need access to player data in connection with a specific legal matter, dispute, or compliance review, subject to professional confidentiality obligations.

pn365 requires all third-party data processors to implement appropriate technical and organisational security measures and to process personal data only for the specified purpose for which it was shared.

pn365 uses cookies and similar tracking technologies on the Platform for the following purposes:

You may manage cookie preferences through your browser settings. Note that disabling essential or security cookies will impair Platform functionality. pn365 does not use cross-site tracking cookies to follow your activity on third-party websites.

pn365 retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or for such longer period as is required by applicable law. Key retention periods are as follows:

• Account and Identity Data: Retained for the duration of your Account plus 5 years following Account closure, as required by PAGCOR licensing conditions and AMLA record-keeping obligations.
• Financial Transaction Records: Retained for 7 years from the date of the transaction in accordance with Philippine AMLA requirements and standard accounting obligations.
• Bet and Game Records: Retained for 5 years from the date of the transaction, or longer if required by an active PAGCOR investigation or dispute.
• Customer Support Records: Retained for 3 years from the resolution of the relevant matter.
• Marketing Data: Retained until you opt out of marketing communications, at which point marketing-specific data is deleted within 30 days.
• Technical and Usage Data: Anonymised after 12 months; individual session logs retained for 90 days for security purposes.
• Self-Exclusion Records: Retained indefinitely to ensure pn365 can honour self-exclusion commitments even if you later request Account re-opening.

Upon expiry of applicable retention periods, pn365 will securely delete or anonymise your personal data. You may request early deletion in accordance with your rights under Section 10, subject to overriding legal retention obligations.

pn365 implements technical and organisational security measures appropriate to the risk level of the data processed. These measures include:

• Encryption in Transit: All data transmitted between your device and pn365 servers is encrypted using TLS 1.2 or higher (256-bit SSL). This applies to login, financial transactions, and all API communications.
• Encryption at Rest: Personal data stored on pn365 servers is encrypted at rest using AES-256. Financial data and identity documents receive additional layered encryption.
• Access Controls: Access to personal data is restricted to authorised pn365 personnel and service providers on a strict need-to-know basis. Multi-factor authentication is required for all administrative access.
• Security Audits: pn365 conducts regular security assessments and vulnerability testing of its systems. Critical vulnerabilities are remediated within defined SLA timelines.
• Two-Factor Authentication: pn365 offers and encourages two-factor authentication (OTP via SMS) for all player accounts as an additional layer of protection.
• Data Breach Response: In the event of a personal data breach, pn365 will notify affected data subjects and the National Privacy Commission within 72 hours of becoming aware of the breach, as required by NPC Circular No. 16-03.

Under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data held by pn365. These rights are legally enforceable and pn365 will respond to all valid requests within 30 days:

To exercise any of the above rights, contact pn365's Data Protection Officer at the contact details in Section 15. pn365 may require identity verification before processing a data rights request to prevent unauthorised access to your personal information.

The pn365 Platform is strictly intended for individuals who are at least 21 years of age, as required under PAGCOR regulations for all licensed Philippine online gambling operators. pn365 does not knowingly collect personal data from individuals under the age of 21.

Age verification is conducted during the registration process. Where pn365 discovers that personal data has been collected from an individual under the age of 21, the following actions will be taken:

• The Account will be immediately closed and access to the Platform suspended.
• Any deposits made by the underage individual will be returned in full to the original payment method after identity verification.
• All personal data associated with the underage account will be deleted, subject to minimum retention required for regulatory reporting of the incident to PAGCOR.
• The incident will be reported to PAGCOR as required under underage gambling reporting obligations.

If you have reason to believe that an individual under 21 has registered on pn365, contact our DPO or support team immediately at [email protected].

pn365 primarily processes and stores personal data within the Philippines. In certain circumstances, personal data may be transferred to or accessible by entities located outside the Philippines — for example, where international game providers or cloud service providers are used that operate from other jurisdictions.

Any such cross-border transfer of personal data is conducted in compliance with Section 21 of the Philippine Data Privacy Act, which requires that:

• The receiving country offers a level of data protection substantially equivalent to the standards under Philippine law, or
• The transfer is pursuant to a binding data sharing agreement with the receiving entity that imposes equivalent data protection obligations, or
• The transfer is necessary for the performance of your contract with pn365 (e.g., a game provider outside the Philippines must process a session identifier to operate a game).

pn365 maintains a register of international data transfers and requires all international recipients to maintain appropriate security measures. You may request information about specific cross-border transfers by contacting the DPO.

The pn365 Platform may reference or interact with third-party services — including payment platforms like GCash and PayMaya, and game software provided by third-party studios. These services operate under their own privacy policies which are independent of this pn365 Privacy Policy.

pn365 is not responsible for the privacy practices of third-party services accessed through or in connection with the Platform. We encourage you to review the privacy policies of any third-party services you use in connection with your pn365 account, particularly GCash and your banking application.

pn365 reserves the right to update or amend this Privacy Policy from time to time to reflect changes in our data practices, regulatory requirements, or operational needs. When material changes are made to this policy, pn365 will:

• Update the "Last Updated" date at the top of this policy;
• Notify registered players via email to the address on file or via a prominent notice on the Platform at least 14 days before the amendment takes effect, where the changes materially affect how your personal data is processed;
• Maintain an archived version of the prior policy available on request for 12 months following any amendment.

For minor, non-material changes (such as clarifications of existing practices or corrections of typographical errors), pn365 may update the policy without separate notification beyond the revised "Last Updated" date. We recommend checking this page periodically to stay informed of the current policy.

Your continued use of the pn365 Platform following the effective date of amended Terms constitutes acceptance of the revised Privacy Policy. If you do not accept the amended policy, you must stop using the Platform and request Account closure.

pn365 has appointed a Data Protection Officer (DPO) as required by the Philippine Data Privacy Act of 2012. The DPO is responsible for overseeing pn365's data protection strategy and compliance, and serves as the primary point of contact for data privacy inquiries, rights requests, and complaints.

To exercise your data rights, submit a privacy complaint, request information about data processing, or contact pn365 on any privacy-related matter, use the following channels:

• DPO Email: [email protected] (Subject line: "Data Privacy Request" or "DPO Inquiry")
• General Support: 24/7 live chat available on the pn365 Platform for general data inquiries. Complex DPA rights requests should be directed to the DPO email for proper handling.
• Response Time: pn365 will acknowledge your privacy request within 5 business days and respond substantively within 30 days, unless the complexity of the request requires a reasonable extension (which will be communicated to you).

If you are not satisfied with pn365's response to your privacy inquiry, you have the right to lodge a complaint with the Philippine National Privacy Commission (NPC), which has jurisdiction over personal data processing activities in the Philippines. The NPC's official website and complaint procedures are publicly available through the Philippine government's official online resources.