At p282, protecting the personal information of every Filipino player is a legal obligation and a genuine commitment. This Privacy Policy explains what data p282 collects, why it is collected, how it is used and protected, who it is shared with, and what rights you hold as a data subject under Philippine law.
Six core principles that govern how p282 handles your personal data
p282 collects only the personal information strictly necessary to provide services, comply with PAGCOR regulations, and meet Anti-Money Laundering Act obligations. We do not gather data beyond what is needed for a defined, legitimate purpose.
All personal data transmitted between your device and p282 servers is protected by SSL/TLS 256-bit encryption — the same standard used by major Philippine banks and BSP-regulated digital payment providers including GCash and Maya.
p282 does not sell, rent, or trade your personal information to third-party advertisers, data brokers, or marketing companies. Sharing with third parties is restricted to service delivery, regulatory compliance, and fraud prevention purposes explicitly described in this Policy.
p282 operates in full compliance with the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, as administered by the National Privacy Commission (NPC), alongside PAGCOR data protection directives applicable to online gaming operators.
Data collection that relies on consent is obtained explicitly, in plain language, and before the relevant data processing activity begins. You may withdraw consent for non-mandatory processing at any time through your account settings or by contacting the p282 Data Protection Officer.
Under the Data Privacy Act of 2012, you have the right to access, correct, object to, erase, and port your personal data. p282 maintains a Data Protection Officer and a formal data subject rights request process to ensure these rights are exercised effectively and promptly.
This Privacy Policy applies to all personal information processed by p282 in connection with the online gaming platform accessible at p282.club ("the Platform"), including all game categories, the player account system, payment processing interfaces, customer support communications, and marketing communications.
For the purposes of the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, p282 is the Personal Information Controller responsible for the personal data of players and other individuals who interact with the Platform.
By creating a p282 account, using any Platform service, or providing personal information to p282 through any channel, you acknowledge that you have read and understood this Privacy Policy. This Policy is incorporated by reference into p282's Terms & Conditions.
p282 collects personal data in three ways: directly from you when you provide it, automatically through your use of the Platform, and from regulated third-party sources where permitted by law. The following table summarizes the categories of data collected and the context in which they arise.
| Data Category | Examples | Collection Context |
|---|---|---|
| Identity Data | Full legal name, date of birth, gender, nationality | Registration & KYC verification |
| Contact Data | Mobile number, email address, home address | Registration, KYC, support |
| Identity Documents | Government ID images, selfie photos for liveness checks | KYC verification (mandatory for withdrawals) |
| Financial Data | GCash number, Maya account, bank account name & details (masked) | Deposits, withdrawals, payment verification |
| Gaming Activity Data | Game sessions, wager amounts, win/loss records, bonus usage | Automated Platform logging |
| Technical Data | IP address, device identifiers, browser type, OS, session tokens | Automated logging, security monitoring |
| Communications Data | Live chat transcripts, support emails, complaint records | Support interactions |
| Marketing Preferences | Opted-in channels, promotion interaction history | Account settings, marketing consent |
p282 processes your personal data for the following specific purposes:
To create, maintain, and operate your p282 account; process deposits and withdrawals via GCash, Maya, BPI, BDO, and other approved Philippine payment channels; administer your participation in games, promotions, and the VIP program; and provide customer support when you contact p282 through any channel.
To fulfill mandatory legal obligations under PAGCOR regulations, the Anti-Money Laundering Act (Republic Act No. 9160, as amended), the Data Privacy Act of 2012, the Cybercrime Prevention Act, and other applicable Philippine legislation. This includes conducting KYC verification, submitting required transaction reports, and cooperating with lawful government inquiries.
To monitor gaming activity for signs of problem gambling behavior, enforce self-imposed player limits and self-exclusion elections, prevent access by persons under 21 years of age, and comply with PAGCOR's player protection mandates. Responsible gaming data processing is conducted in the interests of player welfare and PAGCOR compliance.
To detect, investigate, and prevent fraudulent activity, account abuse, bonus exploitation, money laundering, and unauthorized access. Security monitoring includes analysis of login patterns, transaction behavior, and game activity. Automated security systems may flag accounts for manual review by the p282 compliance team.
Where you have provided explicit consent, p282 may use your contact information and Platform interaction history to send you information about relevant promotions, new game announcements, VIP program updates, and personalized offers. You may withdraw marketing consent at any time through your account settings.
Aggregated and anonymized Platform usage data is analyzed to improve game performance, optimize the user interface for Philippine mobile networks, and develop new features that better serve Filipino players. Improvement analytics do not involve individual identification.
p282 processes personal data only where a valid legal basis exists under the Data Privacy Act of 2012. The applicable legal bases for p282's processing activities are:
p282 does not sell, rent, or otherwise trade personal data for commercial purposes. Disclosure of personal data to third parties is limited to the following categories of recipients, each bound by data processing agreements or legal obligations equivalent to or exceeding the protections in this Policy:
Given the central role of GCash and Maya in how Filipino players interact with the p282 Platform, this section specifically addresses the handling of payment account data.
When you link a GCash or Maya wallet to your p282 account, p282 stores a tokenized reference to that wallet — not your full GCash PIN, Maya password, or any credential that could be used to access your e-wallet independently. The actual authentication and authorization of GCash and Maya transactions occurs within those platforms' own secure environments.
Bank account details submitted for BPI, BDO, Metrobank, or other bank transfers are stored in masked form for withdrawal identity matching purposes. Full account numbers are not retained in p282's operational systems following the verification process.
p282 uses cookies and similar tracking technologies on the Platform to support the following functions:
p282 does not use third-party advertising cookies or behavioral tracking pixels for cross-site advertising purposes. Cookie preferences for non-essential cookies may be managed through your browser settings. Disabling essential cookies will prevent Platform login and cannot be accommodated.
p282 retains personal data for as long as necessary to fulfill the purposes for which it was collected, subject to mandatory retention periods imposed by Philippine law. The following retention schedule applies:
Following the expiry of the applicable retention period, personal data is securely destroyed through certified data deletion processes. Where legal proceedings or regulatory investigations are ongoing at the time of scheduled deletion, data is retained until the matter is fully resolved.
p282 implements a comprehensive information security framework to protect personal data against unauthorized access, disclosure, alteration, or destruction. Security measures in place include:
The p282 Platform is strictly intended for individuals who are at least twenty-one (21) years of age, in accordance with PAGCOR's mandatory age restrictions for casino-format online gaming in the Philippines. p282 does not knowingly collect personal data from persons under 21 years of age.
Age verification is conducted as a mandatory step of the registration and KYC process. Any account for which the account holder cannot verify their age as 21 or above will be immediately closed, all pending transactions will be voided, and any deposited funds will be returned to the originating payment method following identity confirmation.
If p282 discovers or is notified that personal data has been collected from a person under 21 years of age, that data will be permanently deleted from all p282 systems within seventy-two (72) hours of discovery, and the relevant competent authority will be notified where legally required.
Under the Data Privacy Act of 2012 and its Implementing Rules and Regulations, you have the following rights with respect to your personal data held by p282:
The Data Privacy Act of 2012 gives you these rights over your personal data held by p282
Request a copy of the personal data p282 holds about you and information on how it is being processed.
Request correction of any inaccurate or incomplete personal data in your p282 account records.
Object to processing of your personal data based on legitimate interests or direct marketing, including profiling for such purposes.
Request deletion of personal data where processing is no longer necessary, consent has been withdrawn, or data was unlawfully processed. Subject to mandatory retention obligations.
Request suspension or limitation of processing where accuracy is contested, processing is unlawful but erasure is opposed, or data is no longer needed but retention is required for legal claims.
Receive your personal data in a structured, machine-readable format and have it transmitted to another controller where technically feasible.
Withdraw consent for consent-based processing (marketing, optional personalization) at any time without affecting the lawfulness of prior processing.
Lodge a complaint with the National Privacy Commission (NPC) if you believe p282's processing of your personal data violates the Data Privacy Act of 2012.
In the event of a personal data breach affecting p282 systems that poses a real risk of harm to affected data subjects, p282 will:
p282 maintains a formal incident response plan and a dedicated breach response team. All security events are logged and assessed for potential personal data impact. Where a breach is identified, containment, investigation, and remediation activities commence immediately.
Certain service providers engaged by p282 — including game content providers and security infrastructure vendors — may be located or operate infrastructure outside the Republic of the Philippines. Where personal data is transferred to entities in other countries in connection with Platform operations, p282 ensures adequate protection through:
p282 may update this Privacy Policy from time to time to reflect changes in legal obligations, Platform services, or data processing practices. The effective date at the top of this page is updated with each revision.
Material changes to this Privacy Policy — particularly those that affect the purposes for which personal data is processed, the categories of third parties with whom data is shared, or the rights available to data subjects — will be communicated to registered account holders via email or in-Platform notification at least fourteen (14) days before taking effect.
Continued use of the p282 Platform following the effective date of any revised Privacy Policy constitutes acceptance of the updated Policy. If you do not accept the revised Policy, you should request account closure prior to the effective date.
For all privacy-related inquiries, data subject rights requests, or concerns about p282's processing of your personal data, contact the designated Data Protection Officer through the following channels:
If you are not satisfied with p282's response to your data subject rights request or privacy complaint, you have the right to escalate your complaint directly to the National Privacy Commission (NPC) of the Philippines, which is the competent supervisory authority for data protection matters under Philippine law.
p282 is built on trust — transparent data practices, PAGCOR regulatory accountability, and full compliance with the Data Privacy Act of 2012. When you play at p282, you play on a platform that takes your personal information as seriously as you do.
For players 21 years and above only. Governed by PAGCOR and the Data Privacy Act of 2012 (RA 10173).