This Privacy Policy ("Policy") sets out how phbest ("we," "us," "the Platform") handles the personal data of registered players and website visitors ("you," "User"). It should be read alongside the Terms & Conditions and Responsible Gaming Policy, which together form the complete regulatory framework governing your relationship with phbest.
Overview and Scope
This Policy applies to all personal data processed by phbest in connection with the operation of the phbest online gaming platform accessible at phbest.co. It covers data collected from individuals who visit the phbest website, create a member account, engage in gameplay, make financial transactions, or contact phbest customer support — regardless of the device or method of access used.
phbest is committed to handling personal data with the care, transparency, and accountability required under the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and all implementing regulations issued by the National Privacy Commission (NPC). Where phbest processes data relating to non-Philippine residents, applicable international data protection frameworks may also apply.
This Policy does not apply to third-party websites, services, or applications that may be linked from phbest promotional materials or support communications. phbest encourages Users to review the privacy policies of any third-party services independently.
Data Controller
For the purposes of the Philippine Data Privacy Act of 2012, phbest acts as the Personal Information Controller (PIC) with respect to personal data collected from Users of the phbest platform. phbest determines the purposes and means by which your personal data is processed and is responsible for ensuring that all processing activities comply with applicable Philippine data protection law.
phbest has appointed a Data Protection Officer (DPO) responsible for overseeing this Policy and ensuring compliance with RA 10173. Privacy-related requests and concerns may be directed to the DPO via [email protected] with the subject line "Data Privacy Request."
Personal Data We Collect
phbest collects only the personal data that is necessary for the lawful operation of the platform, fulfilment of regulatory obligations, and delivery of services to you. The categories of personal data we collect include:
| Category | Data Elements | When Collected |
|---|---|---|
| Identity Data | Full legal name, date of birth, nationality, government-issued ID type and number | Registration and KYC verification |
| Contact Data | Email address, Philippine mobile number (+63), residential address | Account registration |
| Financial Data | GCash / PayMaya account reference, bank account name and partial number, transaction history | Deposit and withdrawal processing |
| KYC Documents | Scanned or photographed government-issued ID (PhilSys, UMID, Driver's License, Passport, Voter's ID, etc.) | Identity verification prior to first withdrawal |
| Platform Activity | Login timestamps, game session records, wagering history, bonus activity, self-exclusion status | Ongoing platform use |
| Technical Data | IP address, device type, browser type and version, operating system, session identifiers | Automatic collection during platform access |
| Support Data | Chat transcripts, email correspondence, complaint records | Customer support interactions |
phbest applies the principle of data minimization: we collect only the data necessary for the specific purpose for which it is collected. We do not collect sensitive personal data categories such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, or genetic data.
How We Collect Your Data
phbest collects personal data through the following channels:
4.1 Direct Collection
Data you provide directly when registering an account, completing KYC verification, making a deposit or withdrawal request, contacting customer support, or responding to phbest communications.
4.2 Automated Collection
Technical data collected automatically when you access phbest.co, including your IP address, browser type, device identifiers, session duration, and pages visited. This data is collected through server logs, cookies, and similar tracking technologies as described in Section 10.
4.3 Third-Party Sources
phbest may receive data from third-party payment processors (e.g., GCash partner systems), identity verification service providers, and fraud detection platforms in connection with processing your transactions and verifying your identity. Such data is handled in accordance with this Policy and applicable agreements with those providers.
Purpose of Data Processing
phbest processes your personal data for the following specific and legitimate purposes:
- Account Management: Creating, maintaining, and securing your phbest account, processing login sessions, and managing account settings and preferences.
- Identity Verification (KYC): Verifying that you are who you say you are, that you meet the 21+ age requirement, and that your identity documents are valid — as required by Philippine anti-money laundering regulations.
- Transaction Processing: Receiving deposits and processing withdrawals to your GCash, PayMaya, BPI, BDO, Metrobank, Visa, or Mastercard accounts accurately and securely.
- Regulatory Compliance: Meeting phbest's obligations under Philippine anti-money laundering (AML) law, PAGCOR-aligned requirements, and the Philippine Data Privacy Act.
- Fraud Prevention and Security: Detecting, investigating, and preventing fraudulent activity, multiple accounts, bonus abuse, unauthorized access, and any other activity that breaches phbest's Terms and Conditions.
- Customer Support: Responding to your queries, resolving disputes, and maintaining records of support interactions for quality and accountability purposes.
- Responsible Gaming: Monitoring platform usage patterns in order to identify signs of problem gambling and to enforce self-exclusion, deposit limit, and session timer settings you have activated.
- Platform Improvement: Analyzing aggregate, anonymized usage data to improve platform features, game performance, and user experience.
- Legal Obligations: Retaining records as required by law and responding to lawful requests from PAGCOR, the Anti-Money Laundering Council (AMLC), the NPC, or any court of competent jurisdiction in the Philippines.
phbest does not sell, rent, or trade your personal data to third-party advertisers or data brokers. Your data is not used to build advertising profiles or for programmatic marketing outside of phbest's own platform. We do not use your personal data for purposes incompatible with those disclosed in this Policy.
Legal Basis for Processing
Under the Philippine Data Privacy Act of 2012, phbest processes your personal data on one or more of the following lawful criteria:
- Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party — specifically, your phbest account registration and the Terms and Conditions you accepted. Without this processing, phbest cannot provide the platform services you have requested.
- Legitimate Interests: Processing is necessary for the legitimate interests pursued by phbest, including fraud prevention, platform security, and responsible gaming monitoring, where these interests are not overridden by your data protection rights.
- Legal Obligation: Processing is required to comply with a legal obligation applicable to phbest, including anti-money laundering regulations, KYC requirements, and tax reporting obligations under Philippine law.
- Consent: Where phbest relies on your consent as a basis for processing (e.g., optional marketing communications), you have the right to withdraw consent at any time by contacting [email protected]. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
Data Sharing and Disclosure
phbest does not disclose your personal data to third parties except in the following limited and controlled circumstances:
7.1 Payment Processors
phbest shares the minimum necessary financial and identity data with licensed Philippine payment processors (including GCash, PayMaya, and partner banks) solely for the purpose of processing your deposits and withdrawals. These processors are bound by their own privacy obligations under Philippine law.
7.2 Identity Verification Providers
phbest may engage accredited third-party KYC and identity verification services to assist with verifying government-issued Philippine ID documents. These providers act as Personal Information Processors (PIPs) under phbest's instruction and are contractually bound to process data only for verification purposes.
7.3 Regulatory Authorities
phbest is required by Philippine law to disclose personal data to regulatory bodies including PAGCOR, the Anti-Money Laundering Council (AMLC), the Bureau of Internal Revenue (BIR), and the National Privacy Commission (NPC) upon lawful request or as mandated by applicable legislation.
7.4 Law Enforcement
phbest will disclose personal data to Philippine law enforcement agencies or courts where required by a valid court order, subpoena, or other lawful process. phbest will, where legally permissible, notify you of such disclosure requests.
7.5 Fraud Prevention Networks
phbest may share limited data (such as flagged account identifiers) with recognized Philippine gaming industry fraud prevention networks to protect the integrity of the platform and to identify individuals circumventing self-exclusion or multi-account policies.
Data Retention
phbest retains your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable Philippine law, whichever is longer. The following retention schedule applies:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration and identity data | Duration of account + 5 years after closure | AML compliance, RA 9160 |
| KYC documents (government ID copies) | Duration of account + 5 years after closure | AMLC requirements |
| Financial transaction records | 5 years from transaction date | RA 9160, BIR requirements |
| Platform activity and game logs | 3 years from activity date | Dispute resolution, platform integrity |
| Customer support communications | 3 years from last interaction | Quality assurance, dispute resolution |
| Self-exclusion and RG tool records | Duration of exclusion + 5 years | Responsible gaming enforcement |
| Technical and access logs | 12 months | Security monitoring |
Upon expiry of the applicable retention period, phbest will securely destroy or anonymize your personal data in a manner that prevents reconstruction or identification.
Data Security
phbest implements a comprehensive set of technical and organizational security measures to protect your personal data from unauthorized access, accidental loss, destruction, alteration, or disclosure. These measures include:
- TLS Encryption: All data transmitted between your device and phbest servers is encrypted using industry-standard Transport Layer Security (TLS). The padlock indicator in your browser confirms the secure connection when accessing phbest.co.
- Data-at-Rest Encryption: Personal data stored in phbest databases — including KYC documents and financial records — is encrypted at rest using AES-256 or equivalent standards.
- Access Controls: Access to personal data within phbest is restricted on a strict need-to-know basis. Employee access is role-based, logged, and subject to regular review. No employee has unrestricted access to the full dataset.
- Multi-Factor Authentication: phbest's internal systems require multi-factor authentication for all staff accessing production data environments.
- Regular Security Audits: phbest conducts periodic vulnerability assessments and internal security reviews of its data infrastructure.
- Incident Response: In the event of a personal data breach that poses a risk to your rights and freedoms, phbest will notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach and will notify affected Users without undue delay, as required by RA 10173.
No security system is impenetrable without your cooperation. phbest strongly encourages you to use a unique, strong password for your phbest account, enable two-factor authentication (2FA) via SMS in your account settings, and never share your login credentials with anyone — including persons claiming to represent phbest support.
Cookies and Tracking Technologies
phbest uses cookies and similar tracking technologies on phbest.co to enable core platform functionality, improve the user experience, and support security measures. A cookie is a small text file stored on your device by your web browser when you visit a website.
phbest uses the following categories of cookies:
- Strictly Necessary Cookies: Required for the phbest platform to function correctly, including session authentication, login state maintenance, and security tokens. These cannot be disabled without impacting platform access.
- Functional Cookies: Used to remember your preferences such as language settings, preferred payment method, and game lobby view. These enhance your experience but are not strictly required.
- Analytics Cookies: Used to collect anonymized, aggregated data about how visitors interact with phbest.co — such as page visit duration and navigation paths — to help phbest improve platform content and performance. No personally identifiable information is included in analytics data.
- Security Cookies: Used to detect fraudulent logins, unusual account activity, and potential bot behavior by analyzing session patterns.
phbest does not use advertising cookies or cross-site tracking cookies. You may configure your browser to block or delete cookies, noting that disabling strictly necessary cookies will impair your ability to log in and use phbest.
Your Data Privacy Rights
Under the Philippine Data Privacy Act of 2012 (RA 10173), you have the following rights with respect to your personal data held by phbest. To exercise any of these rights, contact phbest at [email protected] with the subject line "Data Privacy Request." phbest will acknowledge your request within 5 business days and respond substantively within 30 days.
Right to Access
Request a copy of the personal data phbest holds about you, including a description of the purposes for which it is being processed.
Right to Rectification
Request correction of any inaccurate or incomplete personal data held about you, including contact details, date of birth, or residential address.
Right to Erasure
Request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to phbest's legal retention obligations.
Right to Object
Object to the processing of your personal data for purposes not strictly required by contract or law, including any optional analytics or profiling activity.
Right to Block or Suspend
Request that phbest suspend processing of your data pending resolution of a complaint, correction of inaccuracies, or legal review of processing grounds.
Right to Complain
Lodge a complaint with the National Privacy Commission (NPC) if you believe phbest has breached your rights under RA 10173. Contact details for the NPC are available at privacy.gov.ph.
phbest is required by Philippine AML law (RA 9160) and PAGCOR-aligned compliance obligations to retain certain personal data — including KYC documents and financial transaction records — for a minimum of five years after account closure, regardless of erasure requests. phbest will inform you where a retention obligation prevents fulfilment of an erasure request.
Children and Minors
phbest does not knowingly collect personal data from individuals under the age of 21 years. The phbest platform is intended exclusively for adults meeting the PAGCOR minimum age requirement, and registration is prohibited for anyone under 21.
Where phbest becomes aware — through KYC verification, regulatory inquiry, or any other means — that a registered account belongs to a person under 21, the account will be closed immediately, all wagering activity voided, and deposited funds (excluding any winnings derived from play) returned to the originating payment method.
If you are a parent or guardian and believe your child has registered at phbest, please contact us immediately at [email protected] with the subject line "Minor Account Report." phbest will act swiftly to investigate and resolve the matter.
Amendments to This Policy
phbest reserves the right to update or amend this Privacy Policy at any time to reflect changes in Philippine data protection law, NPC guidance, platform functionality, or internal data practices. Material amendments — those that meaningfully affect how your personal data is processed — will be communicated to registered Users by email to the registered account address, with at least 14 days' advance notice before taking effect.
Non-material amendments (clarifications, formatting corrections, or minor administrative updates) may take effect upon publication to phbest.co/privacy-policy. The "Last Reviewed" date at the top of this document is updated with each revision. Your continued use of phbest following publication of an amended Policy constitutes acceptance of the revised terms.
Contact and Complaints
For all privacy-related enquiries, data subject rights requests, or complaints about phbest's handling of your personal data, please contact the phbest Data Protection Officer using the details below. phbest takes all privacy concerns seriously and will respond within the timeframes required by RA 10173.
Role:
Data Protection Officer, phbest
Email:
[email protected]
(subject: "Data Privacy Request")
Live Chat:
24/7 via member dashboard after phbest login
Response Time:
Acknowledgement within 5 business days; full response within 30 days
If you are not satisfied with phbest's response to your privacy complaint, you have the right to escalate the matter directly to the National Privacy Commission of the Philippines (NPC). The NPC is the independent government body responsible for administering and implementing RA 10173.
This Privacy Policy was last reviewed and updated on 1 January 2026.