Privacy Policy

1. Introduction

This Privacy Policy ("Policy") is issued by earnph2 ("earnph2," "we," "us," "our"), the operator of the online gaming platform accessible at earnph2.club ("Platform"). This Policy applies to all personal data processed by earnph2 in connection with the registration, operation, and administration of player accounts and the delivery of gaming services.

earnph2 is committed to protecting the privacy and personal data of all users of the Platform in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines ("DPA"), its Implementing Rules and Regulations ("IRR"), and the applicable issuances of the National Privacy Commission ("NPC").

This Policy should be read together with the earnph2 Terms & Conditions and Responsible Gaming Policy, which form part of your agreement with earnph2.

2. Data Controller

For the purposes of the Data Privacy Act of 2012 and its IRR, earnph2 acts as the Personal Information Controller ("PIC") with respect to the personal data of users collected through and processed via the earnph2 Platform.

earnph2 has designated a Data Protection Officer ("DPO") responsible for overseeing compliance with applicable data protection laws and this Policy. You may contact the earnph2 DPO at the contact details set out in Section 14 of this Policy.

3. Categories of Personal Data We Collect

earnph2 collects and processes the following categories of personal data about you:

• Identity Data: Full legal name, date of birth, gender, nationality, and copies of government-issued identification documents (e.g., Philippine passport, driver's license, SSS card, UMID, PhilSys National ID).
• Contact Data: Residential address, email address, and mobile telephone number.
• Account Data: Username, encrypted password, account preferences, communication preferences, and responsible gaming settings.
• Financial Data: GCash account number or alias, PayMaya account details, bank account name and number (BPI, BDO, Metrobank, or other supported banks), transaction history, deposit and withdrawal records, and balance information.
• KYC & AML Verification Data: Copies of proof of identity, proof of address, source of funds declarations, and politically exposed person ("PEP") screening results as required under Philippine AML legislation.
• Technical Data: IP address, device identifiers, browser type and version, operating system, referring URLs, session duration, and login timestamps.
• Usage Data: Game participation history, wagering activity, bonus usage, sports betting selections, and platform navigation data.
• Communication Data: Records of live chat conversations, support ticket exchanges, and any other communications you have with the earnph2 support team.

4. How We Collect Personal Data

earnph2 collects personal data through the following means:

• Direct Collection: Information you provide during account registration, KYC verification submission, deposit and withdrawal requests, contact with support, or completion of responsible gaming assessments.
• Automated Collection: Technical data collected automatically when you access the Platform, including through cookies, server logs, and similar tracking technologies (see Section 9).
• Third-Party Sources: Identity verification data from KYC service providers; payment processing data from GCash, PayMaya, or banking partners; fraud prevention and AML screening data from compliance service providers; and, where applicable, PAGCOR-mandated player protection databases.

5. Purpose and Legal Basis for Processing

earnph2 processes your personal data for the following purposes, each of which has a corresponding legal basis under the Data Privacy Act of 2012:

• Account Registration and Management: To create, maintain, and administer your earnph2 account — necessary for the performance of our contract with you.
• Identity Verification (KYC): To verify your identity and age eligibility (21+) and comply with PAGCOR licensing requirements — necessary for compliance with a legal obligation.
• Anti-Money Laundering (AML) Compliance: To monitor transactions, conduct PEP screening, and report suspicious activity to the Anti-Money Laundering Council (AMLC) — necessary for compliance with a legal obligation under Republic Act No. 9160, as amended.
• Financial Transactions: To process deposits, withdrawals, and bonus payments — necessary for the performance of our contract with you.
• Responsible Gaming: To administer deposit limits, loss limits, self-exclusion, and player protection tools — necessary for compliance with PAGCOR responsible gaming requirements and our legitimate interests in player welfare.
• Customer Support: To respond to your support enquiries and resolve disputes — necessary for the performance of our contract and our legitimate interests.
• Security and Fraud Prevention: To detect, investigate, and prevent fraudulent activity, account breaches, and prohibited conduct — necessary for our legitimate interests in platform security and player protection.
• Marketing Communications: To send you promotional offers, bonus notifications, and platform updates — based on your consent, which you may withdraw at any time via your earnph2 account settings.
• Platform Analytics and Improvement: To analyse usage patterns and improve the earnph2 Platform — based on our legitimate interests in product development, provided such interests are not overridden by your rights and freedoms.

6. Sharing of Personal Data

earnph2 does not sell, rent, or trade your personal data to third parties for their own marketing purposes. earnph2 may share your personal data with the following categories of recipients, strictly as necessary for the purposes identified in Section 5:

• Identity Verification Providers: Third-party KYC and age verification service providers engaged by earnph2 to conduct identity checks on new and existing account holders.
• Payment Processors: GCash (Mynt – Globe Fintech Innovations, Inc.), PayMaya (Maya Bank, Inc.), and Philippine banking partners (BPI, BDO, Metrobank) for the processing of deposits and withdrawals.
• AML and Compliance Service Providers: Entities engaged to conduct PEP screening, sanctions list checks, and transaction monitoring in compliance with Philippine AML legislation.
• Game Software Providers: Licensed game suppliers whose games are hosted on or integrated into the earnph2 Platform may receive technical data necessary for game delivery and dispute resolution.
• Regulatory Authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other competent Philippine government authorities, where disclosure is required by law or regulatory obligation.
• IT and Platform Service Providers: Cloud hosting, cybersecurity, and technical infrastructure providers engaged by earnph2 to operate and maintain the Platform.

All third-party processors engaged by earnph2 are subject to contractual data processing agreements requiring them to process personal data only in accordance with earnph2's instructions and applicable Philippine data protection law.

7. International Data Transfers

Certain earnph2 service providers — including game software suppliers and cloud infrastructure providers — may be located outside the Philippines. Where personal data is transferred to recipients in countries that do not provide an equivalent level of data protection to that guaranteed under Philippine law, earnph2 implements appropriate safeguards, including contractual clauses that impose data protection obligations consistent with those applicable in the Philippines, as required by the NPC.

8. Data Retention

earnph2 retains your personal data for as long as your account is active and for such further period as is required by applicable law or regulatory obligation. The following minimum retention periods apply:

• Account and Identity Data: Retained for a minimum of five (5) years from the date of account closure, in accordance with PAGCOR licensing requirements and Philippine AML legislation.
• Financial Transaction Records: Retained for a minimum of five (5) years from the date of each transaction, in accordance with Republic Act No. 9160 (AMLA), as amended.
• Communication Records: Retained for a minimum of two (2) years from the date of the communication, or longer where relevant to an ongoing dispute or regulatory investigation.
• Technical and Usage Data: Retained for a maximum of thirteen (13) months from collection, unless longer retention is required for security investigation purposes.

Upon expiry of the applicable retention period, personal data is securely destroyed or anonymised in accordance with earnph2's data disposal procedures.

9. Cookies and Tracking Technologies

The earnph2 Platform uses cookies and similar tracking technologies to facilitate platform functionality, analyse usage, and personalise your experience. The following categories of cookies are used:

• Strictly Necessary Cookies: Essential for the operation of the Platform, including session management, login authentication, and security. These cannot be disabled.
• Functional Cookies: Remember your preferences (e.g., language, game lobby layout) to improve your earnph2 experience across sessions.
• Analytics Cookies: Collect anonymised data on how users navigate the Platform to help earnph2 improve functionality and content. Used only with your consent.
• Marketing Cookies: Track your activity to deliver relevant promotional content within the earnph2 Platform. Used only with your consent.

You may manage your cookie preferences through your browser settings. Disabling certain cookie categories may affect Platform functionality. Note that earnph2 does not use any third-party advertising cookies or permit external ad networks to track users on the earnph2 Platform.

10. Your Data Subject Rights

Under the Data Privacy Act of 2012 and its IRR, you have the following rights with respect to your personal data held by earnph2:

• Right to Be Informed: The right to be notified of how your personal data is collected, used, and processed — as set out in this Policy.
• Right of Access: The right to obtain a copy of the personal data earnph2 holds about you, subject to verification of your identity.
• Right to Rectification: The right to have inaccurate or incomplete personal data corrected.
• Right to Erasure (Right to Be Forgotten): The right to request deletion of your personal data, subject to our retention obligations under applicable law and regulatory requirements.
• Right to Object: The right to object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interests.
• Right to Data Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Lodge a Complaint: The right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines if you believe your data protection rights have been violated.

11. Security Measures

earnph2 implements appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, alteration, or disclosure. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and the earnph2 Platform
• Bcrypt hashing for all account password storage — passwords are never stored in readable form
• Two-factor authentication (2FA) available on all earnph2 accounts
• Role-based access controls limiting internal access to personal data on a need-to-know basis
• Regular penetration testing and security audits conducted by independent cybersecurity providers
• Automatic session timeout after periods of account inactivity
• Login anomaly detection with immediate account lock and registered contact notification

In the event of a personal data breach that is reasonably likely to result in serious harm to any affected individual, earnph2 will notify the National Privacy Commission and affected data subjects within seventy-two (72) hours of becoming aware of the breach, in accordance with NPC requirements.

12. Minors

The earnph2 Platform is strictly intended for individuals aged twenty-one (21) years and above, in accordance with PAGCOR regulations governing casino-style online gaming in the Philippines. earnph2 does not knowingly collect personal data from individuals under 21 years of age.

13. Changes to This Privacy Policy

earnph2 reserves the right to update or amend this Privacy Policy at any time. When material changes are made, earnph2 will notify registered account holders via the email address or mobile number on record, or through a prominent notice on the Platform, with a minimum of seven (7) days' notice prior to the amended Policy taking effect.

The "Last Updated" date at the top of this Policy reflects the date of the most recent revision. Your continued use of the earnph2 Platform following notification of an amended Policy constitutes your acknowledgement of the updated terms.

14. Contact & Data Protection Officer

For all privacy-related enquiries, data subject right requests, complaints, or to contact the earnph2 Data Protection Officer, please use the following channels:

• Live Chat: Available 24/7 via the earnph2 Platform — identify your enquiry as a "Privacy / DPO Request" when initiating the chat session
• Email: [email protected] with subject line "Privacy Policy / Data Request"
• Response Time: Acknowledgement within 3 business days; resolution within 30 calendar days

You also have the right to lodge a complaint directly with the National Privacy Commission of the Philippines (NPC) if you are not satisfied with earnph2's response to your privacy concern.