playspin Privacy Policy
This Privacy Policy explains what personal data playspin collects from you, why we collect it, how it is used and protected, who it may be shared with, and what rights you hold over your data under Philippine law.
At a Glance
How playspin Handles Your Data
Six principles that define playspin's approach to data privacy. The full legal policy is below.
Minimum Data Collection
playspin only collects the personal data that is strictly necessary for account registration, PAGCOR KYC compliance, payment processing, and gameplay.
Limited Third-Party Sharing
Your data is never sold to third parties. Sharing is limited to PAGCOR, AMLC-required disclosures, payment processors, and certified security partners.
Encrypted & Secure Storage
All personal data is stored with AES-256 encryption at rest and TLS 1.3 in transit. Payment credentials are never stored directly by playspin.
Your Rights Are Enforceable
Under the Data Privacy Act of 2012, you have the right to access, correct, delete, and object to the processing of your personal data at any time.
Defined Retention Periods
playspin retains personal data only as long as required by law or as necessary for the purpose it was collected. AMLC records are kept for 5 years.
Breach Notification
In the event of a personal data breach affecting your information, playspin will notify you and the National Privacy Commission within 72 hours of discovery.
1. Overview & Scope
This Privacy Policy is issued by playspin ("playspin", "we", "us", or "our"), the operator of the online gaming platform at playspin.org. playspin is regulated by the Philippine Amusement and Gaming Corporation (PAGCOR) and operates in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173), its implementing rules and regulations, and all guidelines issued by the National Privacy Commission (NPC) of the Philippines.
This Policy applies to all personal data processed by playspin in connection with your use of the playspin platform, including our website (playspin.org), any playspin mobile applications, live chat support, and all related services. It applies to registered players, prospective players who initiate but do not complete registration, and visitors to playspin.org.
2. Definitions
The following definitions apply throughout this Privacy Policy:
- "Personal Data" – any information from which a natural person can be identified, directly or indirectly, including but not limited to name, mobile number, email address, physical address, date of birth, government ID numbers, IP address, and financial account details.
- "Sensitive Personal Information" – as defined under RA 10173, includes government ID numbers (PhilSys, SSS, TIN, UMID), health or medical information, and financial account credentials.
- "Processing" – any operation performed on personal data, including collection, recording, storage, use, disclosure, and deletion.
- "Data Subject" – the natural person to whom the personal data relates; in the context of playspin, this means you, the player or platform user.
- "Data Controller" – playspin, the entity that determines the purposes and means of personal data processing.
- "Data Processor" – a third party that processes personal data on behalf of playspin under a data processing agreement.
- "DPO" – playspin's Data Protection Officer, the designated individual responsible for overseeing compliance with RA 10173.
- "NPC" – National Privacy Commission, the Philippine government agency responsible for overseeing the implementation of RA 10173.
- "KYC" – Know Your Customer; the identity and age verification process mandated by PAGCOR and AMLC regulations.
3. Personal Data We Collect
playspin collects personal data in several categories depending on the nature of your interaction with the Platform. The table below summarises the categories collected and their primary purpose:
| Category | Examples | Primary Purpose |
|---|---|---|
| Identity Data | Full legal name, date of birth, gender, nationality | Account registration, KYC, age verification |
| Contact Data | Email address, mobile number, residential address | Account communication, verification, support |
| Government ID Data | PhilSys ID number, UMID, passport, driver's licence number | PAGCOR-mandated KYC and AMLC compliance |
| Financial Data | GCash number, PayMaya number, bank account name (not card/account numbers) | Payment processing, withdrawal verification |
| Transaction Data | Deposit/withdrawal history, game wager history, bonus usage | Account management, AMLC reporting, dispute resolution |
| Technical Data | IP address, device type, browser, operating system, session duration | Security, fraud prevention, platform optimisation |
| Behavioural Data | Game preferences, session frequency, bonus engagement patterns | Personalisation, responsible gaming monitoring |
| Communications Data | Live chat transcripts, support email content, feedback submissions | Support quality, dispute records, training |
4. How We Collect Your Data
playspin collects personal data through the following means:
4.1 Direct Collection
Data you provide directly when you register a playspin account, complete KYC verification, make a deposit or withdrawal, contact support, respond to a survey, or otherwise interact with playspin directly. This is the primary source of identity and contact data.
4.2 Automated Collection
Data collected automatically when you use the Platform, including through cookies, web analytics tools, and server logs. Technical data such as IP addresses, device identifiers, and session data are collected through these mechanisms. See Section 9 for the full Cookies and Tracking policy.
4.3 Third-Party Sources
In limited circumstances, playspin may receive or verify data from third-party sources, including:
- Identity verification service providers used to confirm KYC document authenticity;
- Payment processors, who confirm payment method ownership and transaction status;
- PAGCOR or AMLC where disclosure is required by law;
- Social authentication providers (Google, Facebook) if you choose social login – limited to your public profile name and email address.
5. Purpose & Legal Basis for Processing
Under RA 10173, every instance of personal data processing must be grounded in a lawful basis. playspin processes your personal data under the following bases:
5.1 Performance of a Contract
The majority of playspin's data processing is necessary to perform the contract between playspin and you – the provision of online gaming services. This includes creating and managing your account, processing deposits and withdrawals, recording gameplay, awarding bonuses, and providing support. Without this processing, the Platform cannot function.
5.2 Legal Obligation
playspin processes certain data because it is required to do so by law. This includes KYC identity verification (PAGCOR requirement), transaction monitoring and suspicious activity reporting (AMLC requirement under Republic Act 9160 and its amendments), age verification to enforce the 21+ requirement, and retention of records for the periods specified by law.
5.3 Legitimate Interest
playspin processes certain technical and behavioural data based on legitimate interests, including: fraud detection and prevention, platform security, responsible gaming monitoring (identifying potentially problematic gambling patterns), and platform analytics to improve services. Where legitimate interest is the basis, playspin has conducted a balancing test confirming that these interests do not override your fundamental rights.
5.4 Consent
Where playspin processes your data for marketing communications – such as promotional email newsletters, bonus offers, and SMS notifications – we do so on the basis of your explicit consent, obtained during registration or through your Account Settings. You may withdraw marketing consent at any time via your playspin Account Settings without affecting the legality of prior processing.
6. Data Sharing & Disclosure
6.1 Regulatory Disclosures
playspin is required to disclose certain player data to PAGCOR as part of its licensing obligations, and to the Anti-Money Laundering Council (AMLC) in connection with suspicious transaction reports and covered transaction reports mandated under Republic Act 9160 (Anti-Money Laundering Act) and its amendments. These disclosures are legal obligations and playspin cannot limit them.
6.2 Payment Processors
playspin shares the minimum necessary data with payment processors to facilitate deposits and withdrawals. This includes your name, the registered GCash or PayMaya number, transaction amount, and reference numbers. Payment processors are bound by data processing agreements and applicable PCI-DSS standards.
6.3 Identity Verification Partners
To perform KYC verification, playspin works with certified identity verification service providers. Your government ID images and identity data are shared with these providers under strict data processing agreements. Verification partners are prohibited from using your data for any purpose other than the verification service.
6.4 Technology and Security Partners
playspin uses third-party services for platform hosting, cybersecurity monitoring, analytics, and fraud prevention. These partners receive only the data necessary for their function and are bound by confidentiality and data protection obligations.
6.5 Law Enforcement and Legal Process
playspin may disclose personal data to law enforcement agencies, courts, or other government authorities where required to do so by applicable Philippine law, a valid court order, or a regulatory direction. playspin will notify affected users of such disclosures where legally permitted to do so.
7. Data Security
playspin implements technical and organisational security measures designed to protect your personal data against unauthorised access, loss, alteration, or disclosure. These measures include:
- Encryption at rest: All personal data stored in playspin databases is encrypted using AES-256;
- Encryption in transit: All data transmitted between your device and playspin servers uses TLS 1.3;
- Password hashing: Account passwords are hashed using bcrypt with a per-user salt and are never stored in plain text;
- Access controls: Access to personal data is restricted to playspin staff on a strict need-to-know basis, with role-based permissions and audit logging;
- Two-factor authentication: playspin's internal systems require 2FA for all staff access to databases containing personal data;
- Penetration testing: playspin undergoes regular independent penetration testing and vulnerability assessments;
- Incident response: playspin maintains a documented data breach response plan, including the 72-hour NPC notification requirement under RA 10173.
8. Data Retention
playspin retains personal data for the period necessary to fulfil the purpose for which it was collected, and in compliance with applicable retention obligations under Philippine law. The following general retention periods apply:
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| KYC identity documents | 5 years from account closure | AMLC / PAGCOR requirement |
| Transaction and gaming history | 5 years from each transaction date | AMLC requirement (RA 9160) |
| Account registration data | Duration of account + 5 years post-closure | Contractual & legal obligation |
| Support communications | 3 years from the date of communication | Legitimate interest (dispute records) |
| Marketing consent records | Until consent is withdrawn + 1 year | Consent accountability |
| Technical logs (IP, session) | 12 months | Security & fraud prevention |
Upon expiry of the applicable retention period, personal data is either securely deleted or anonymised so that it can no longer be linked to an identifiable individual.
9. Cookies & Tracking Technologies
playspin uses cookies and similar tracking technologies on playspin.org. Cookies are small data files stored on your device that help the Platform function correctly, remember your preferences, and enable analytics.
9.1 Types of Cookies Used
- Strictly Necessary Cookies: Required for the Platform to function. These include session authentication tokens, security cookies, and load-balancing cookies. These cannot be disabled without rendering the Platform unusable.
- Functional Cookies: Remember your preferences such as language settings, game lobby filters, and preferred payment method display. These improve your experience but are not essential.
- Analytics Cookies: Used by playspin's internal analytics tools to measure Platform performance, page load times, and feature engagement. Data is aggregated and does not identify individual users.
- Security Cookies: Used to detect suspicious login patterns, brute-force attempts, and device fingerprinting for fraud prevention. These are necessary for account security.
9.2 Managing Cookies
You may manage cookie preferences through your browser settings. Note that disabling strictly necessary cookies will prevent you from logging into your playspin account. Disabling analytics or functional cookies will not prevent you from using core gaming features.
10. Your Privacy Rights
Under the Data Privacy Act of 2012 (RA 10173) and its implementing rules, you hold the following rights in relation to your personal data processed by playspin. These rights are exercisable by contacting playspin's Data Protection Officer at the details provided in Section 14.
Right to Access
Request a copy of the personal data playspin holds about you and information about how it is processed.
Right to Rectification
Request correction of inaccurate or incomplete personal data. Some corrections require KYC re-verification.
Right to Erasure
Request deletion of your personal data where it is no longer necessary or where consent is withdrawn. Legal retention obligations may limit this right.
Right to Object
Object to processing based on legitimate interests, including profiling and marketing communications.
Right to Portability
Receive your personal data in a structured, machine-readable format and transmit it to another controller.
Right to Restrict Processing
Request that playspin limit the processing of your personal data while a correction or objection request is being assessed.
playspin will respond to valid rights requests within thirty (30) calendar days. Where a request is complex or playspin receives multiple requests simultaneously, the response period may be extended by a further thirty (30) days with notification. If your request is denied, playspin will provide written reasons. You have the right to lodge a complaint with the National Privacy Commission if you believe your rights have been violated.
11. Minors & Age Policy
Age verification is enforced during the KYC process through government ID document review. Accounts where the date of birth on the government ID indicates the holder is under 21 years of age will be immediately closed and the matter reported to PAGCOR as required.
12. Cross-Border Data Transfers
playspin's primary data infrastructure is located within the Philippines. However, certain data processors used by playspin (such as global cloud infrastructure providers and identity verification partners) may process data in other countries. Any cross-border transfer of Philippine personal data is conducted in accordance with the NPC's guidelines on cross-border data flows, including:
- Transfers only to countries or organisations providing adequate data protection;
- Execution of appropriate data transfer agreements incorporating NPC-approved clauses;
- Restrictions on onward transfers by the receiving entity;
- Maintenance of data subject rights regardless of transfer destination.
playspin maintains a record of all cross-border data transfers and the safeguards applied. This record is available to the NPC upon request.
13. Changes to This Privacy Policy
playspin may update this Privacy Policy from time to time to reflect changes in our data processing practices, changes in applicable law, or improvements to our platform. The version number and effective date at the top of this document indicate the currently applicable version.
Where changes are material – for example, changes to the categories of data we collect, new sharing arrangements, or changes to your rights – playspin will notify you via email to your registered address and via a prominent notice on the Platform at least fourteen (14) calendar days before the changes take effect.
Your continued use of the Platform after the effective date of a revised Privacy Policy constitutes your acknowledgement of the updated policy. If you do not agree to material changes, you may request voluntary account closure before the effective date of the change.
14. Contact & Data Protection Officer
playspin has appointed a Data Protection Officer (DPO) as required by RA 10173. The DPO is responsible for overseeing playspin's compliance with this policy and applicable data privacy law. You may contact the playspin DPO to exercise your rights, raise a privacy concern, or request information about data processing.
- Email (General Support): [email protected]
- Email (DPO / Privacy Requests): [email protected]
- Live Chat: 24/7 inside your playspin account dashboard
- Correspondence Address: Available upon written request for formal legal notices
If you are not satisfied with playspin's response to a privacy request or complaint, you have the right to file a complaint with the National Privacy Commission of the Philippines. Information on the NPC complaint process is available through the NPC's official government channels.
Your Data Is Safe With Us
Play at playspin With Confidence
playspin is built on transparency and trust. Your personal data is protected by RA 10173, secured with industry-standard encryption, and never sold to third parties. Sign in and enjoy hundreds of PAGCOR-regulated games.