This Privacy Policy describes how p282 (p282.org) collects, processes, stores, and protects your personal information in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173) and all applicable Philippine data protection regulations.
This Privacy Policy ("Policy") is issued by p282, the operator of the online gaming platform accessible at p282.org ("p282", "we", "us", "our"). It applies to all personal data collected, processed, and stored in connection with your registration, use, and interaction with p282 and its services, including the casino, sportsbook, bingo, and all associated promotions and customer support channels.
p282 is registered as a personal information controller with the National Privacy Commission (NPC) of the Philippines and operates in full compliance with Republic Act No. 10173, known as the Data Privacy Act of 2012 ("DPA"), its Implementing Rules and Regulations ("IRR"), and all applicable NPC issuances. Our data processing activities are also subject to oversight by the Philippine Amusement and Gaming Corporation (PAGCOR) to the extent required under our gaming licence.
This Policy explains in plain language what personal data we collect, why we collect it, how we use and protect it, who we share it with, how long we keep it, and what rights you have as a data subject under Philippine law. We encourage every p282 player — whether you're playing from Metro Manila, Cebu City, Davao, or anywhere across the archipelago — to read this Policy in full.
The personal information controller responsible for your data is:
All requests and enquiries relating to data privacy, including requests to exercise data subject rights, should be directed to p282's Data Privacy Officer (DPO) via the contact details set out in Section 15 of this Policy.
p282 collects personal data from you directly (when you provide it during registration or use of the platform), automatically (through your interaction with the platform and its technical systems), and from authorised third parties (such as payment processors and identity verification services). The categories of personal data we collect include:
p282 processes personal data only where a valid legal basis exists under the Data Privacy Act of 2012. The primary legal bases on which p282 relies are:
| Legal Basis | Examples of Processing Activities |
|---|---|
| Contractual Necessity | Account creation, processing deposits and withdrawals, providing access to games, maintaining account records, and processing bonus claims. |
| Legal Obligation | KYC and AML compliance obligations under PAGCOR regulations and the Anti-Money Laundering Act (RA 9160); regulatory reporting to PAGCOR and AMLC; retention of transaction records as required by law. |
| Legitimate Interest | Fraud detection and prevention; platform security monitoring; responsible gaming monitoring; analytics and service improvement; internal risk management. |
| Consent | Sending marketing communications and promotional offers; placing non-essential cookies; processing of sensitive personal information where applicable. |
p282 uses the personal data it collects for the following specific purposes:
p282 does not sell, rent, or trade your personal data to any third party for their own commercial purposes. We share personal data only in the following limited circumstances:
p282 is legally required to disclose personal data and transaction records to PAGCOR as our licensing authority, to the Anti-Money Laundering Council (AMLC) where required under RA 9160, and to other government agencies and law enforcement authorities acting under valid legal authority. These disclosures are mandatory and not subject to your consent.
p282 shares personal data with authorised third-party service providers who process data on our behalf under written data processing agreements that impose confidentiality and security obligations consistent with the DPA. These providers include:
In the event of a merger, acquisition, restructuring, or sale of all or part of p282's business assets, personal data held by p282 may be transferred to the successor entity, subject to the same privacy protections described in this Policy. You will be notified of any such transfer in advance where required by law.
p282 retains personal data only for as long as necessary to fulfil the purposes for which it was collected, and in compliance with applicable legal retention obligations. The following retention periods apply:
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Account and identity records | Duration of account + 5 years post-closure | PAGCOR / AML regulations |
| Financial transaction records | 10 years from transaction date | AMLA (RA 9160) |
| KYC verification documents | Duration of account + 5 years post-closure | PAGCOR / AMLA |
| Gameplay and session records | 3 years from session date | Legitimate interest / regulatory |
| Customer support communications | 3 years from last interaction | Legitimate interest |
| Marketing consent records | Until withdrawal of consent + 1 year | Consent / DPA compliance |
| Technical/device logs | 12 months from collection | Security / legitimate interest |
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in accordance with p282's data destruction procedures. Data that has been anonymised and cannot be re-identified is not subject to this Policy.
p282 implements comprehensive technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, loss, and destruction. These measures include:
p282 uses cookies and similar tracking technologies to operate the platform, remember your preferences, maintain your login session, and analyse platform usage patterns. Cookies are small data files placed on your browser by the p282 web server.
You may manage your cookie preferences through your browser settings. Most browsers allow you to refuse new cookies, accept new cookies, disable existing cookies, and delete cookies. Note that disabling strictly necessary cookies will prevent you from using p282.
Under the Data Privacy Act of 2012 and its Implementing Rules and Regulations, you have the following rights in relation to your personal data held by p282:
You have the right to obtain a copy of the personal data p282 holds about you and to be informed of the purposes for which it is processed.
You have the right to have inaccurate or incomplete personal data corrected without undue delay. Update requests can be made via your account settings or by contacting the DPO.
You may request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations.
You have the right to object to processing based on legitimate interest, and to block processing for direct marketing purposes at any time.
Where technically feasible, you may request your personal data in a structured, commonly used, machine-readable format for transmission to another controller.
If you believe p282 has violated your data privacy rights, you may file a complaint with the National Privacy Commission of the Philippines at privacy.gov.ph.
To exercise any of the rights listed above, please submit a written request to p282's Data Privacy Officer at [email protected], with the subject line "Data Subject Rights Request". p282 will respond to all verified requests within fifteen (15) working days in accordance with NPC guidelines.
p282 applies multi-layered age verification controls during the registration process and during KYC verification. Where p282 becomes aware or has reasonable grounds to suspect that personal data has been collected from a person under the age of 21, p282 will immediately suspend the relevant account, delete the personal data collected, and report the matter to PAGCOR as required.
Parents and guardians who believe that a minor may have registered on p282 are encouraged to contact our DPO immediately at [email protected] so that appropriate action can be taken without delay.
The majority of p282's data processing activities are conducted within the Philippines. Where personal data is transferred to service providers or gaming software partners located outside the Philippines, p282 ensures that adequate data protection standards are in place before any such transfer occurs.
Transfers to third countries are conducted only where:
You may request information about the specific safeguards applied to cross-border transfers of your personal data by contacting p282's DPO.
The p282 platform may, from time to time, contain references to third-party services, payment gateways, or identity verification providers that operate under their own privacy policies. p282 has no control over and accepts no responsibility for the privacy practices, content, or security standards of any third-party services you may access in connection with your use of p282.
We encourage you to review the privacy policies of all third-party services with which you interact, particularly payment processors such as GCash and Maya, whose own privacy policies govern the data they collect and process when you conduct transactions.
p282 reserves the right to update, amend, or replace this Privacy Policy at any time in response to changes in Philippine law, NPC guidance, PAGCOR requirements, or p282's business practices. All changes will be reflected in an updated version of this Policy published at p282.org/privacy-policy, with the "Last Updated" date revised accordingly.
For material changes that significantly affect how your personal data is processed, p282 will provide advance notice via email to your registered address or via a prominent notice on the platform no less than seven (7) days before the change takes effect. Your continued use of p282 after the effective date of any amendment constitutes your acknowledgment of the updated Policy.
Where a change requires renewed consent under the DPA, p282 will seek that consent before the change takes effect.
For all matters relating to this Privacy Policy, the exercise of your data subject rights, or any privacy-related concern, please contact p282's designated Data Privacy Officer:
p282 will acknowledge data subject rights requests within 5 working days and provide a substantive response within 15 working days. Complaints regarding our data processing may also be escalated directly to the National Privacy Commission of the Philippines.
Six commitments that make p282 a platform Filipino players can trust with their personal data.
Every data transmission between your device and p282 is protected by the same 256-bit SSL/TLS encryption standard used by Philippine banks like BPI and BDO. Your data is never sent in plain text.
p282 is registered with the National Privacy Commission and processes all personal data in strict compliance with Republic Act No. 10173, the Data Privacy Act of 2012 and its IRR.
p282 does not and will never sell, rent, or commercially share your personal data with third parties for their own purposes. Your data is used exclusively to operate and improve the p282 platform for you.
p282 has a designated DPO responsible for overseeing all data protection activities. You can contact the DPO directly for any privacy concern, rights request, or complaint, with a guaranteed 15-working-day response.
p282 follows the data minimisation principle — we only collect what is strictly necessary to operate your account and meet our regulatory obligations. We don't collect data for the sake of it.
In the unlikely event of a data breach affecting your personal data, p282 is committed to notifying the NPC within 72 hours and affected players without undue delay — as required by the DPA.
Play on a PAGCOR-regulated, Data Privacy Act-compliant platform built for Filipino players. GCash-ready, mobile-first, and committed to protecting your data and your gaming experience.
PAGCOR-regulated · RA 10173 Compliant · 21+ only · Play responsibly