winph 2 is committed to protecting the personal data of every Filipino player on the platform. This Privacy Policy explains exactly what data we collect, why we collect it, how we use it, and the rights you hold under Philippine law.
This Privacy Policy ("Policy") describes how winph 2 ("winph 2," "Platform," "We," "Us," "Our") collects, uses, stores, protects, and shares the personal data of individuals ("You," "Player," "User") who access or use the winph 2 website located at winph2.co and all associated gaming services.
winph 2 is a PAGCOR-regulated online gaming platform operating under Philippine law. The collection and processing of personal data on winph 2 is governed by the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission (NPC) of the Philippines. winph 2 is a registered Personal Information Controller with the NPC.
This Policy applies to all personal data collected through the winph 2 website, live chat support interactions, email correspondence, payment processing interfaces, and all other touchpoints through which winph 2 interacts with Players. It applies regardless of whether you are browsing the platform without an account, registered but not yet verified, or a fully active verified player.
This Privacy Policy should be read alongside the winph 2 Terms & Conditions and Responsible Gaming Policy, both of which are related to how winph 2 operates and protects players.
For the purposes of the Data Privacy Act of 2012, winph 2 acts as the Personal Information Controller (PIC) in respect of all personal data processed on the Platform. As PIC, winph 2 determines the purposes and means of processing your personal data and is responsible for ensuring that processing is conducted lawfully, fairly, and transparently in accordance with the DPA and NPC regulations.
winph 2 has appointed a designated Data Protection Officer (DPO) who is responsible for overseeing data protection practices, handling data subject rights requests, and serving as the primary point of contact for the NPC in matters relating to data privacy compliance. The DPO's contact details are set out in Section 16 of this Policy.
winph 2 collects only the personal data that is necessary and proportionate to deliver its services, comply with PAGCOR licensing conditions, and meet its legal obligations under Philippine law. The categories of personal data collected include:
winph 2 collects personal data through the following means:
Under the Data Privacy Act of 2012, winph 2 may only process your personal data where a lawful basis applies. The legal bases on which winph 2 relies are as follows:
| Processing Purpose | Legal Basis (DPA 2012) |
|---|---|
| Account registration and management | Contractual necessity — performance of the agreement between you and winph 2 |
| Age and identity verification (KYC) | Legal obligation — PAGCOR licensing conditions and AMLA compliance |
| Processing deposits and withdrawals | Contractual necessity |
| Anti-money laundering monitoring | Legal obligation — RA 9160 (AMLA) and PAGCOR regulations |
| Responsible gaming monitoring | Legal obligation — PAGCOR responsible gaming framework; Legitimate interest (player welfare) |
| Customer support communications | Contractual necessity; Legitimate interest |
| Platform security and fraud prevention | Legitimate interest; Legal obligation |
| Marketing communications (opt-in only) | Consent — you may withdraw consent at any time via account settings |
| Analytics and platform improvement | Legitimate interest (aggregated, de-identified data where possible) |
winph 2 uses the personal data it collects for the following purposes, each of which is limited to what is necessary and proportionate to the stated purpose:
winph 2 does not sell, rent, or trade your personal data to any third party for commercial purposes. Your data is shared only in the circumstances described below, each of which is subject to appropriate data protection safeguards:
winph 2 is required by Philippine law to disclose personal data and transaction records to regulatory authorities including PAGCOR, the Anti-Money Laundering Council (AMLC), and law enforcement agencies where required by a valid legal order, subpoena, or regulatory direction. winph 2 will notify affected players of such disclosures to the extent permitted by law.
Processing your deposits and withdrawals requires sharing necessary transaction data with Philippine payment service providers including GCash, Maya, InstaPay network participants, BPI, BDO, Metrobank, and 7-Eleven CLiQQ. Data shared is limited to what is strictly necessary to complete the transaction. Each provider is subject to its own privacy policy and BSP (Bangko Sentral ng Pilipinas) data protection obligations.
Where winph 2 uses a third-party KYC/identity verification service to assist with document verification, your identification documents and verification data may be processed by that provider acting as a Personal Information Processor (PIP) under a data processing agreement with winph 2. The provider may only process your data on winph 2's instructions and for no other purpose.
Game software providers whose titles are available on winph 2 receive only the minimum technical data necessary to operate the game session (such as session tokens and bet/result data). They do not receive your name, contact details, or financial information.
In the event of a merger, acquisition, or sale of substantially all of winph 2's assets, your personal data may be transferred to the acquiring entity. winph 2 will provide notice of such a transfer and the identity of the new data controller before the transfer takes effect, and will ensure the receiving entity assumes equivalent data protection obligations.
winph 2 uses cookies and similar tracking technologies to operate the Platform, maintain session security, and understand how players use the site. The categories of cookies used are as follows:
You may manage cookie preferences through your browser settings. Disabling strictly necessary cookies will impair Platform functionality and may prevent you from logging in to your account.
winph 2 implements appropriate technical and organisational security measures to protect your personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These measures include:
No data security system is completely impenetrable. While winph 2 takes all reasonable precautions, it cannot guarantee absolute security. Players should also take responsibility for their own account security by using strong passwords and enabling two-factor authentication.
winph 2 retains personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable Philippine law and PAGCOR licensing conditions. The following retention periods apply:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | PAGCOR data retention requirement |
| KYC identity documents | 5 years after account closure | AMLA record-keeping obligation (RA 9160) |
| Financial transaction records | 5 years from date of transaction | AMLA & PAGCOR regulatory requirement |
| Game session logs | 5 years from session date | PAGCOR audit and dispute resolution requirement |
| Support communications | 3 years from last interaction | Legitimate interest (dispute resolution) |
| Marketing consent records | Until consent withdrawn + 1 year | NPC consent documentation requirement |
| Analytics data (aggregated) | Up to 2 years (de-identified) | Platform improvement; no personal data retained |
Upon expiry of the applicable retention period, personal data will be securely deleted or irreversibly anonymised in accordance with NPC-approved disposal methods.
winph 2 operates primarily within the Philippines and stores personal data on servers located in the Philippines. In limited circumstances — such as where winph 2 uses game software providers or technology vendors based outside the Philippines — personal data may be transferred to or processed in other countries.
Where such transfers occur, winph 2 ensures appropriate safeguards are in place in accordance with NPC requirements, including:
winph 2 does not transfer your financial data, KYC documents, or full identity information outside the Philippines except where compelled by a valid legal obligation.
As a data subject under the Philippine Data Privacy Act of 2012, you have the following rights in respect of the personal data winph 2 holds about you. All rights requests should be submitted in writing to the winph 2 Data Protection Officer (see Section 16) and will be responded to within fifteen (15) working days of receipt.
Request a copy of the personal data winph 2 holds about you, information about how it is used, and with whom it has been shared.
Request correction of inaccurate or incomplete personal data. Most account data can be updated directly in your winph 2 account settings.
Request deletion of your personal data where it is no longer necessary, unlawfully processed, or where you withdraw consent. Note: erasure requests cannot override statutory retention obligations under AMLA and PAGCOR regulations.
Object to processing based on legitimate interest, including direct marketing. Where you object to marketing, winph 2 will stop processing your data for that purpose immediately.
Receive a copy of personal data you have provided to winph 2 in a structured, commonly used, machine-readable format (e.g., CSV) where technically feasible.
Withdraw consent for processing based on consent (e.g., marketing emails) at any time via Account Settings. Withdrawal does not affect the lawfulness of prior processing.
Request human review of any automated decision that significantly affects you (e.g., account suspension triggered automatically). winph 2 will provide an explanation and conduct a manual review on request.
If you believe winph 2 has not handled your personal data in accordance with the DPA 2012, you have the right to lodge a complaint with the National Privacy Commission of the Philippines.
winph 2 does not knowingly collect personal data from any person under the age of 21 years. Access to real-money gaming services is strictly limited to adults aged 21 and over in compliance with PAGCOR regulations.
Where winph 2 becomes aware or has reasonable grounds to suspect that personal data has been collected from a person under 21, that data will be deleted immediately, the associated account will be permanently closed, and all funds associated with the account will be handled in accordance with PAGCOR's underage gaming policy.
Parents or guardians who believe that a minor may have registered a winph 2 account should contact the winph 2 Data Protection Officer immediately at the contact details provided in Section 16.
The winph 2 Platform may contain references to third-party services — including payment processors, game software providers, and support tools — whose own privacy policies govern the personal data they collect directly from you through their interfaces. winph 2 is not responsible for the privacy practices of third parties and recommends that you review the privacy policies of any third-party services you interact with.
winph 2 exercises due diligence in selecting third-party service providers and requires by contract that they implement data protection standards consistent with the DPA 2012 when processing personal data on winph 2's behalf. However, once data is collected directly by a third-party provider (such as when you authenticate with GCash), that provider's terms apply.
winph 2 may update this Privacy Policy from time to time to reflect changes in its data processing practices, updates to Philippine data privacy law, NPC guidance, or changes to the Platform's services. All updates will be reflected in a revised "Effective Date" at the top of this Policy.
Where changes are material — meaning they meaningfully affect how winph 2 processes your personal data or reduce your rights — winph 2 will notify you by:
Continued use of the winph 2 Platform after the effective date of a revised Privacy Policy constitutes your acknowledgement of the updated practices. If you do not agree with the updated Policy, you may close your account as described in the winph 2 Terms & Conditions.
For all matters relating to this Privacy Policy, the exercise of your rights under the DPA 2012, or any data privacy concerns regarding winph 2, please contact the winph 2 Data Protection Officer:
This Privacy Policy is effective as of 1 January 2026 and supersedes all prior versions. The previous version remains available upon written request to the DPO.
Six concrete commitments winph 2 makes to every Filipino player about how personal data is handled on the Platform.
winph 2 is a registered Personal Information Controller with the National Privacy Commission of the Philippines. Compliance with RA 10173 is an active, ongoing operational commitment — not a page on a website that nobody reads. Our DPO reviews all new data processing activities before they go live.
Every connection to winph 2 is protected with 256-bit TLS/SSL encryption. Your personal data is encrypted at rest in winph 2 databases. KYC documents are held in access-controlled encrypted vaults. Security is tested regularly by independent professionals — not only at PAGCOR audit time.
winph 2 does not sell, rent, or trade personal data to data brokers, advertising networks, or any other commercial third party. Your gambling history is never shared with insurers or employers. Your contact details are never used by partner marketers without your explicit opt-in consent.
Accessing, correcting, or requesting deletion of your personal data at winph 2 doesn't require a lawyer or a formal legal letter. Contact our DPO via live chat or email and we'll handle your request within the 15-working-day NPC-mandated timeframe. Most account data updates can be made directly through your account settings.
winph 2 publishes its data retention periods (see Section 10) and sticks to them. When the retention period for a category of data expires, it is securely deleted using NPC-approved disposal methods. You won't find decade-old personal data sitting in a neglected database because nobody got around to deleting it.
In the unlikely event of a data security incident, winph 2 follows a documented breach response procedure consistent with NPC Circular 16-03. Affected players are notified promptly. The NPC is notified within 72 hours of breach discovery where required. You're not left in the dark while winph 2 figures out its PR response.
PAGCOR-regulated, DPA 2012 compliant, 256-bit encrypted, and transparent about every data practice. Play 500+ games knowing your personal and financial information is protected to the highest standards applicable under Philippine law.
21+ only | PAGCOR Regulated | Philippines | Play Responsibly