📌 Scope: This Privacy Policy applies to all personal data collected and processed by popwin through the popwin.lat website, its related subdomains, mobile browser experience, and any customer support channels. By registering an account or using the popwin platform in any capacity, you acknowledge that you have read and understood this Policy.
1 Introduction
1.1 popwin ("we," "us," "our," or "the Platform") is an online casino and sports betting platform operated for the Philippine market at popwin.lat. We are committed to protecting the privacy and personal data of every registered player and site visitor.
1.2 This Privacy Policy describes in detail: what personal data popwin collects from you; how that data is collected; the purposes for which it is processed; the legal basis for that processing; how long we retain it; who we share it with; how it is secured; and what rights you have over your own information.
1.3 This Policy is published in compliance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173, hereafter "DPA"), its Implementing Rules and Regulations, and applicable issuances of the National Privacy Commission (NPC) of the Philippines. It also reflects the data handling standards required under PAGCOR's online gaming regulatory framework.
1.4 This Policy is to be read in conjunction with the popwin Terms & Conditions and Responsible Gaming Policy, both of which form part of the agreement between you and popwin.
2 Data Controller
2.1 For the purposes of the Data Privacy Act of 2012, popwin is the Personal Information Controller with respect to your personal data. This means popwin determines the purposes and means of processing the personal information collected through the platform.
2.2 popwin has designated a Data Protection Officer (DPO) responsible for overseeing compliance with this Policy and applicable data protection law. The DPO can be reached through the contact channels described in Section 16 of this Policy.
2.3 Third-party service providers who process personal data on behalf of popwin — including licensed game providers and payment processors — do so as Personal Information Processors under agreements that impose data protection obligations consistent with this Policy and the DPA.
3 Personal Data We Collect
3.1 The categories of personal data popwin collects are determined by what is necessary to provide, operate, and secure the popwin platform. The following table describes the categories of data collected and examples of specific data points within each category.
| Category | Data Collected |
|---|---|
| Identity Data | Full legal name, date of birth, nationality, government-issued ID type and number (PhilSys, SSS, GSIS, UMID, or Philippine Passport), and profile photograph where provided. |
| Contact Data | Registered Philippine mobile number, email address (where provided), and any correspondence submitted through Live Chat or support channels. |
| Financial Data | GCash account reference, PayMaya account reference, bank account details (BPI, BDO, Metrobank), cryptocurrency wallet address, deposit and withdrawal history, account balance records, and transaction timestamps. |
| KYC Documentation | Scanned or photographed copies of government-issued identity documents submitted for identity verification, and where required, proof of address and source of funds documentation. |
| Gameplay Data | Game session records, bet amounts and outcomes, game titles accessed, session duration, win/loss history, and bonus utilisation records. |
| Technical Data | IP address, device type and operating system, browser type and version, session tokens, login timestamps, and geolocation data at account access events. |
| Behavioural Data | Platform navigation patterns, feature usage frequency, promotional offer interactions, and responsible gaming tool usage (e.g., deposit limit settings, self-exclusion requests). |
| Communications Data | Records of all support interactions via Live Chat, content of formal complaints submitted, and any correspondence relating to disputes or account matters. |
Sensitive Personal Information: Government-issued ID numbers and financial account details are classified as sensitive personal information under the DPA. popwin treats this data with heightened security and access controls, and it is processed only by authorised personnel for the specific purposes of KYC verification and payment processing.
4 How We Collect Your Data
4.1 Directly from You. The majority of personal data popwin holds is provided directly by you — during account registration (mobile number, date of birth, password); during KYC verification (identity documents); during payment transactions (payment method account references); and through voluntary communications via Live Chat or support requests.
4.2 Automatically. Certain technical and behavioural data is collected automatically when you access and use the popwin platform. This includes IP address logging, session token generation, browser and device fingerprinting for fraud prevention purposes, and cookies as described in Section 11.
4.3 From Payment Processors. When you initiate a deposit or withdrawal via GCash, PayMaya, or a Philippine bank, popwin receives transaction confirmation data from the relevant payment processor — including transaction reference numbers, amounts, timestamps, and the status of the transaction. popwin does not receive or store full bank account numbers or GCash PINs.
4.4 From Game Providers. popwin's licensed game providers — including JILI, PG Soft, Evolution Gaming, and others — transmit game outcome and session data to popwin's platform systems in real time to enable balance crediting, wagering requirement tracking, and dispute resolution.
4.5 From Third-Party Verification Services. Where popwin uses third-party identity verification or AML screening services to supplement KYC, those services may provide verification status results and risk indicators associated with the data you have submitted.
5 Why We Use Your Personal Data
5.1 popwin processes your personal data for the following specific purposes:
- Account Registration and Management: To create, maintain, authenticate, and where necessary suspend or terminate your popwin account.
- Identity Verification (KYC): To verify that you are who you claim to be, that you meet the minimum age requirement of 21 years, and that your account is not being used for fraudulent or money laundering purposes.
- Payment Processing: To process deposits from and withdrawals to your registered Philippine payment methods (GCash, PayMaya, BPI, BDO, Metrobank, cryptocurrency).
- Game Delivery: To provide access to the popwin game library and to record and reconcile all gameplay sessions and their financial outcomes.
- Regulatory Compliance: To meet popwin's obligations under PAGCOR's online gaming regulatory framework, including AML reporting requirements and player verification mandates.
- Responsible Gaming: To monitor gameplay patterns for indicators of problem gambling and to give effect to responsible gaming tools including deposit limits, session limits, and self-exclusion requests.
- Customer Support: To respond to your enquiries, resolve disputes, and process formal complaints.
- Security and Fraud Prevention: To detect and prevent unauthorised account access, fraudulent transactions, bonus abuse, and other security threats.
- Platform Improvement: To analyse aggregated usage data to improve the performance, design, and features of the popwin platform.
- Marketing Communications: To send you promotional offers, bonus notifications, and popwin news — subject to your communication preferences and your right to opt out at any time.
6 Legal Basis for Processing
6.1 Under the Data Privacy Act of 2012, processing of personal data must be based on at least one lawful criterion. The following table outlines the legal bases on which popwin relies for each processing purpose:
| Processing Purpose | Legal Basis (RA 10173) |
|---|---|
| Account registration & management | Performance of a contract to which you are a party |
| KYC identity verification | Legal obligation; compliance with PAGCOR regulations |
| Payment processing | Performance of a contract; legal obligation (AML) |
| Game delivery & gameplay records | Performance of a contract |
| Fraud prevention & security | Legitimate interests of popwin and the wider player community |
| Responsible gaming monitoring | Legal obligation; legitimate interest; your vital interests |
| Regulatory & AML compliance | Legal obligation under Philippine law and PAGCOR requirements |
| Marketing communications | Consent (you may withdraw consent at any time) |
| Platform analytics & improvement | Legitimate interests (aggregated, non-identifiable data) |
7 Data Sharing & Disclosure
7.1 popwin does not sell, rent, or otherwise transfer your personal data to third parties for their own marketing or commercial purposes. Data is shared with the following categories of recipients only to the extent necessary for the stated purpose:
- Licensed Game Providers (e.g., JILI, PG Soft, Evolution Gaming, Pragmatic Play): Receive session identifiers and wager data necessary to deliver gameplay. They do not receive your full identity data or payment details.
- Payment Processors (GCash / GXI, Inc.; PayMaya / Maya Bank; BPI; BDO; Metrobank; cryptocurrency networks): Receive only the transaction-specific data required to execute your deposit or withdrawal instruction.
- Identity Verification & AML Screening Services: Receive identity data for the sole purpose of verifying your identity and screening against sanctions and financial crime databases as required by applicable law.
- Regulatory Authorities: Including PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and any other Philippine government authority with lawful authority to request the data.
- Law Enforcement: In response to a lawful court order, warrant, or other compulsory legal process issued by a Philippine court or authority.
- IT and Security Service Providers: Cloud infrastructure providers and cybersecurity services that host or protect popwin's platform, under contractual data processing agreements requiring them to maintain equivalent data protection standards.
⚠️ Third-Party Processors: All third-party entities that process personal data on popwin's behalf are bound by data processing agreements that prohibit them from using your data for any purpose other than the specific service they provide to popwin. popwin remains the Personal Information Controller responsible for ensuring these agreements are upheld.
8 Data Retention
8.1 popwin retains your personal data for as long as necessary to fulfil the purposes for which it was collected, and thereafter for as long as required by applicable law or regulatory obligation. The following retention guidelines apply:
| Data Category | Retention Period |
|---|---|
| Account registration data | Duration of account plus 5 years after account closure |
| KYC identity documents | Duration of account plus 5 years (AMLC / PAGCOR requirement) |
| Transaction records | Duration of account plus 5 years (AML retention requirement) |
| Gameplay session logs | Duration of account plus 2 years |
| Support communications | 3 years from the date of the interaction |
| Technical / security logs | 12 months rolling |
| Marketing preference records | Until consent is withdrawn, plus 12 months |
8.2 Upon expiry of the applicable retention period, personal data is either securely deleted from popwin's systems or anonymised such that it can no longer be attributed to any individual. Data subject to an active legal hold (e.g., pending litigation or regulatory investigation) is retained for the duration of that hold.
9 Data Security
9.1 popwin implements a layered set of technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, and destruction. These include:
- Transport Encryption: All data transmitted between your device and popwin's servers is encrypted using 256-bit TLS (Transport Layer Security).
- Data at Rest Encryption: Sensitive data stored in popwin's databases — including KYC documents and payment account references — is encrypted at rest.
- Access Controls: Personal data is accessible only to popwin personnel whose job functions require it, under a strict role-based access control framework. All data access is logged.
- Password Hashing: Account passwords are stored as one-way cryptographic hashes. popwin does not store or have access to plaintext passwords.
- Two-Factor Authentication: OTP-based two-factor authentication is available for all player accounts and is mandatory for certain high-risk actions including withdrawal requests.
- Fraud Monitoring: popwin employs automated anomaly detection systems that flag unusual login patterns, IP address changes, and suspicious transaction sequences for manual review.
- Data Breach Response: In the event of a personal data breach that poses a real risk to your rights, popwin will notify the NPC within 72 hours of discovery and will notify affected data subjects without undue delay, in accordance with the DPA and NPC Circular No. 2016-03.
Your Role in Security: The security measures described above protect data on popwin's side. Your responsibility is to keep your account credentials confidential, enable two-factor authentication, and promptly notify popwin if you suspect unauthorised access to your account.
10 Your Privacy Rights Under RA 10173
10.1 The Data Privacy Act of 2012 grants you the following rights with respect to your personal data held by popwin. You may exercise any of these rights by contacting popwin's support team as described in Section 16.
📂 Right to Access
You have the right to request a copy of the personal data popwin holds about you, including information on the purposes for which it is processed and the categories of data involved.
✏️ Right to Rectification
You have the right to request correction of any inaccurate or incomplete personal data popwin holds about you. Corrections to registered identity data may require re-submission of supporting KYC documents.
🗑️ Right to Erasure
You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where consent has been withdrawn, or where processing is unlawful. This right is subject to retention obligations under the DPA and AML law.
🚫 Right to Object
You have the right to object to the processing of your personal data where that processing is based on popwin's legitimate interests or for direct marketing purposes. Marketing communications can be opted out of at any time through your account settings.
🔒 Right to Data Portability
You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format, and to request that popwin transmit that data to another Personal Information Controller where technically feasible.
⚠️ Right to File a Complaint
If you believe that popwin has violated your rights under the DPA, you have the right to file a complaint with the National Privacy Commission (NPC) of the Philippines. Contact details for the NPC are available on the NPC's official government website.
10.2 popwin will respond to all valid privacy rights requests within 15 days of receipt, or within such extended period as permitted by the DPA where the request is complex or numerous. We may request proof of identity before processing your request to protect against unauthorized access to your data.
11 Cookies & Tracking Technologies
11.1 popwin uses cookies and similar session technologies on popwin.lat. The following categories of cookies are in use:
| Cookie Type | Purpose |
|---|---|
| Strictly Necessary | Essential to platform operation — maintaining your login session, remembering your account state between page loads, and enabling the secure payment flow. Cannot be disabled without breaking core platform functionality. |
| Functional | Remembering your preferences such as language settings, last-played game categories, and responsible gaming tool configurations between sessions. |
| Analytics | Collecting aggregated, anonymised data about platform usage — page load times, error rates, feature engagement — to improve platform performance and user experience. |
| Security | Fraud detection and bot prevention — session integrity tokens, device fingerprint components, and anomaly detection signals used to protect accounts from unauthorised access. |
11.2 popwin does not use third-party advertising cookies or social media tracking pixels. No cookies on popwin.lat serve advertising networks or share browsing behaviour with external marketing platforms.
11.3 You can manage cookie preferences through your browser's settings. Disabling strictly necessary cookies will impair your ability to log in and use the popwin platform. All other cookie categories can be disabled without affecting core functionality, though some features may behave differently.
12 Minors & Age Restriction
12.1 The popwin platform is strictly intended for adults aged 21 years and above. popwin does not knowingly collect personal data from individuals under the age of 21. This minimum age requirement is enforced through mandatory KYC verification on all accounts prior to withdrawal processing.
12.2 If popwin discovers or has reasonable grounds to believe that personal data of a person under 21 years of age has been submitted in connection with a popwin account, that account will be immediately suspended, all associated data will be flagged for review, and the matter will be escalated to popwin's compliance team.
🔞 Parental Responsibility: If you believe a minor in your household has accessed the popwin platform or submitted personal data, please contact popwin's 24/7 support immediately. popwin will act promptly to investigate and secure any data involved. We encourage parents and guardians to use parental control tools to restrict access to gambling websites on shared devices.
13 Cross-Border Data Transfers
13.1 Some of popwin's game providers and technical service providers operate infrastructure located outside the Philippines. Where your personal data is transmitted to these providers — for example, game session data transmitted to a game provider's servers — this constitutes a cross-border personal data transfer as defined under the DPA.
13.2 All cross-border transfers of personal data by popwin are conducted under one of the following safeguards:
- The recipient country has been assessed as providing adequate data protection standards comparable to RA 10173;
- The transfer is governed by a contractual data processing agreement that includes data protection clauses equivalent to NPC-prescribed standards; or
- The transfer is necessary for the performance of your contract with popwin (e.g., gameplay delivery by a licensed overseas game provider).
13.3 popwin does not transfer KYC identity documents or Philippine financial account details outside the Philippines unless required for regulatory compliance purposes and subject to the safeguards described in 13.2.
14 Third-Party Links & Services
14.1 The popwin platform may contain references to, or functionality provided by, third-party game providers whose services are integrated into the popwin lobby. These providers operate under their own privacy practices in addition to the contractual obligations they have with popwin.
14.2 popwin is not responsible for the privacy practices of any third party that is not acting as a Personal Information Processor under a data processing agreement with popwin. Players are encouraged to review the privacy policies of any service they interact with independently of the popwin platform.
15 Changes to This Privacy Policy
15.1 popwin may update this Privacy Policy from time to time to reflect changes in our data processing practices, new legal or regulatory requirements, or improvements to our platform. The "Last Updated" date at the top of this page reflects the date of the most recent revision.
15.2 Where changes to this Policy are material — meaning they affect your rights or the manner in which your personal data is processed in a way that could disadvantage you — popwin will notify registered players via their registered Philippine mobile number at least 14 days before the change takes effect.
15.3 Minor updates — including clarifications of existing provisions, corrections of typographical errors, or changes required to reflect updated regulatory guidance — may be published with immediate effect. Continued use of the popwin platform following any update constitutes acceptance of the revised Policy.
16 Contact & Privacy Complaints
16.1 If you wish to exercise any of your privacy rights described in Section 10, have a question about this Policy, or wish to raise a concern about how popwin handles your personal data, please contact us through the following channels:
- Live Chat: Available 24 hours a day, 7 days a week, directly from the popwin website — the fastest way to reach our team.
- Email: [email protected] (plain text — not a clickable link). For privacy-related requests, please include "Privacy Request" in your subject line.
- Data Protection Officer: Formal privacy requests addressed to popwin's DPO can be submitted through the Live Chat function with the subject line "DPO Request."
16.2 popwin aims to respond to all privacy requests within 15 days. Where requests are complex or require retrieval of data from archival systems, we will acknowledge receipt within 5 days and provide a final response within 30 days.
16.3 If you are not satisfied with popwin's response to your privacy complaint, you have the right to escalate your complaint to the National Privacy Commission of the Philippines. The NPC is the independent government authority responsible for enforcing the Data Privacy Act of 2012.
✅ Effective Date: This Privacy Policy is effective as of 1 January 2026. By using the popwin platform after this date, you confirm your acknowledgment of this Policy and the data practices it describes.