jilace Casino
Privacy Policy

1 Introduction and Scope

1.1 This Privacy Policy applies to all personal data processed by jilace in connection with the operation of the jilace Casino platform, including data collected through the website at jilace.app, the mobile web interface, customer support channels, payment processing, and marketing communications.

1.2 This Policy applies to all registered account holders, prospective registrants who have submitted personal data during an incomplete registration, and visitors to the jilace platform whose data is collected through automated means such as cookies and analytics tools.

1.3 This Policy does not apply to third-party platforms, game providers, or payment processors accessed through the jilace platform. Those entities operate under their own privacy policies. jilace is not responsible for the data practices of third parties.

1.4 jilace processes personal data in its capacity as both a personal information controller (PIC) and, in limited circumstances, as a personal information processor (PIP) on behalf of regulatory authorities such as PAGCOR and the Anti-Money Laundering Council (AMLC).

2 Definitions

In this Privacy Policy, the following terms carry the meanings ascribed to them in the Data Privacy Act of 2012 and its IRR:

• "Personal Data" means any information from which the identity of a natural person can be reasonably and directly ascertained, or when combined with other information, would directly and certainly identify a natural person.
• "Sensitive Personal Information" means personal data about an individual's race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; about health, education, genetic or sexual life; or any proceeding or offense, including arrest record.
• "Processing" means any operation or set of operations performed upon personal data, whether automated or manual, including collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction.
• "Data Subject" means a natural person whose personal data is processed.
• "Personal Information Controller" (PIC) means a natural or juridical person that controls the collection, holding, processing, or use of personal data.
• "Data Processing Agreement" (DPA) means a contract between jilace and a third-party personal information processor governing the terms of personal data processing on jilace's behalf.

3 Data Controller Identity

3.1 The personal information controller for data processed through the jilace platform is jilace Casino, operator of jilace.app, a gaming platform licensed and regulated by the Philippine Amusement and Gaming Corporation (PAGCOR).

3.2 jilace has designated a Data Protection Officer (DPO) responsible for overseeing compliance with this Privacy Policy and the Data Privacy Act of 2012. The DPO may be contacted at the details set out in Section 16 of this Policy.

3.3 jilace is registered with the National Privacy Commission of the Philippines in accordance with NPC registration requirements applicable to personal information controllers processing personal data of more than one thousand (1,000) individuals.

4 Categories of Personal Data We Collect

4.1 Registration and Identity Data

When you register an account with jilace, we collect: full legal name; date of birth; nationality; Philippine mobile number; email address; residential address; and username or account identifier. This data is required to create and maintain your account and to fulfill KYC obligations under PAGCOR regulations.

4.2 Identity Verification (KYC) Data

As required by PAGCOR and anti-money laundering regulations, we collect copies of government-issued identification documents, which may constitute sensitive personal information under the DPA. Accepted documents include: PhilSys National ID, Philippine passport, driver's license, UMID card, SSS or GSIS card, voter's ID, and postal ID. We may also collect selfie photographs for liveness verification.

4.3 Financial and Transaction Data

We collect data related to your financial activity on the jilace platform, including: GCash and Maya account identifiers (tokenized, not full account credentials); bank account numbers used for withdrawals; deposit and withdrawal transaction records; gaming activity records including bets placed, game outcomes, and account balance history; and bonus and promotion redemption records. This data is retained as required by PAGCOR and AMLC regulations.

4.4 Device and Technical Data

We automatically collect technical data when you access the jilace platform: IP address; device type, model, and operating system; browser type and version; screen resolution; session timestamps; referring URL; and mobile network operator. This data is used for security, fraud detection, and platform optimization purposes.

4.5 Communications Data

We retain records of communications between you and jilace's customer support team, including live chat transcripts, Messenger and Viber message records, and email correspondence. These records are maintained for quality assurance, dispute resolution, and regulatory compliance purposes.

4.6 Responsible Gaming Data

If you use jilace's responsible gaming tools — such as setting deposit limits, session time limits, or initiating self-exclusion — we record and retain the details of those settings and changes. This data is treated with heightened care and is not used for marketing purposes.

5 How We Collect Personal Data

jilace collects personal data through the following means:

• Direct submission: Data you provide during account registration, KYC verification, deposit and withdrawal processes, support interactions, and promotional claim forms.
• Automated collection: Data collected automatically through cookies, web beacons, server logs, and analytics tools when you use the jilace platform. See Section 11 for details on cookies.
• Third-party sources: Identity verification data from document verification service providers used for KYC; fraud signals from payment processors; device reputation data from fraud detection services. All third-party data sources are bound by Data Processing Agreements with jilace.
• Regulatory reporting: In certain circumstances, jilace may receive data from PAGCOR or AMLC in connection with regulatory inquiries or investigations.

6 Purposes of Processing and Legal Bases

jilace processes personal data for the following purposes, each grounded in a lawful basis under the Data Privacy Act of 2012:

• Account creation and management — necessary for the performance of the contract between jilace and the Player (Section 13(b), DPA).
• Identity and age verification (KYC) — compliance with a legal obligation under PAGCOR regulations and the Anti-Money Laundering Act (Section 13(c), DPA).
• Payment processing and fraud prevention — necessary for the performance of the contract and legitimate interests in maintaining platform security (Section 13(b) and (f), DPA).
• Regulatory reporting to PAGCOR and AMLC — compliance with legal obligations under Philippine gaming and anti-money laundering law (Section 13(c), DPA).
• Customer support — legitimate interest in providing the contracted service and resolving Player disputes (Section 13(f), DPA).
• Marketing and promotional communications — with your consent, to send you relevant jilace promotions and offers (Section 13(a), DPA). Consent may be withdrawn at any time as described in Section 12.
• Platform analytics and improvement — legitimate interest in understanding how the platform is used and improving performance and user experience (Section 13(f), DPA).
• Responsible gaming monitoring — legal obligation and legitimate interest in protecting the well-being of Players.

7 Data Sharing and Disclosure

7.1 jilace shares personal data with third parties only where necessary and under appropriate safeguards. Categories of recipients include:

• Game providers (e.g., Pragmatic Play, PG Soft, Jili Games): Minimum data required to authenticate game sessions and record bet and outcome data is shared with certified game providers integrated into the jilace platform. All game providers are bound by Data Processing Agreements.
• Payment processors (GCash, Maya, bank payment gateways): Transaction data necessary to process deposits and withdrawals is shared with payment partners under contractual data protection obligations.
• KYC and identity verification providers: Document images and biometric data submitted for KYC are processed by accredited identity verification services under Data Processing Agreements with jilace.
• Fraud detection and cybersecurity services: Device and session data may be shared with fraud prevention technology providers to protect the integrity of the platform.
• PAGCOR: jilace is required to submit transaction reports, player records, and other data to PAGCOR in accordance with its operating license conditions.
• Anti-Money Laundering Council (AMLC): jilace is required by the Anti-Money Laundering Act (Republic Act No. 9160, as amended) to report covered transactions and suspicious transactions to AMLC.
• Law enforcement and courts: jilace will disclose personal data to Philippine law enforcement agencies, courts, or other government bodies where required by a valid legal order, warrant, or subpoena.

7.2 jilace does not share personal data with other online gaming operators or marketing data brokers.

8 International Data Transfers

8.1 Some of jilace's third-party service providers — including cloud infrastructure providers, game providers, and analytics tools — may process personal data on servers located outside the Philippines.

8.2 jilace ensures that all international transfers of personal data are made in compliance with the cross-border transfer provisions of the Data Privacy Act of 2012 and applicable NPC regulations. Transfers are conducted only to recipients in countries with adequate data protection standards or under standard contractual clauses that provide equivalent protection to that afforded under Philippine law.

8.3 By accepting this Privacy Policy and using the jilace platform, you consent to the transfer of your personal data outside the Philippines under the safeguards described above.

9 Data Retention

9.1 jilace retains personal data only for as long as necessary to fulfill the purposes for which it was collected, subject to the following retention periods:

• Account and identity data: Retained for the duration of the account relationship and for a minimum of five (5) years following account closure, as required by PAGCOR regulations and anti-money laundering law.
• KYC documents: Retained for a minimum of five (5) years after the transaction or business relationship to which they relate, in accordance with AMLC requirements.
• Transaction and gaming records: Retained for five (5) years in compliance with PAGCOR reporting obligations and tax law.
• Customer support communications: Retained for three (3) years for dispute resolution and quality assurance purposes.
• Marketing consent records: Retained until withdrawal of consent plus one (1) year to document the lawfulness of past communications.
• Technical and device data: Retained for ninety (90) days for security and fraud monitoring purposes, unless specific records are required for longer retention in connection with an ongoing investigation or legal proceeding.

9.2 Upon expiry of the applicable retention period, jilace will securely dispose of personal data through appropriate means including secure deletion, anonymization, or physical destruction of paper records.

10 Security Measures

10.1 jilace implements the following technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, and destruction:

• Encryption in transit: All data transmitted between users and the jilace platform is encrypted using TLS 1.2 or higher.
• Encryption at rest: Sensitive personal data stored in jilace's databases is encrypted at rest using AES-256 or equivalent standards.
• Access controls: Access to personal data is restricted to jilace personnel with a legitimate need to access it in connection with their job responsibilities. Role-based access controls and privileged access management are in place.
• Two-factor authentication: Internal systems holding personal data require multi-factor authentication for staff access.
• Security monitoring: jilace employs continuous monitoring, intrusion detection, and anomaly detection tools to identify and respond to security threats.
• Penetration testing: Regular third-party security assessments are conducted to identify and remediate vulnerabilities.
• Staff training: All jilace personnel with access to personal data receive mandatory data privacy and security training.

10.2 Personal Data Breach Notification. In the event of a personal data breach that is likely to result in a real risk of serious harm to affected Data Subjects, jilace will notify the NPC within seventy-two (72) hours of becoming aware of the breach and will notify affected individuals without undue delay, in accordance with Section 20(f) of the Data Privacy Act of 2012.

11 Cookies and Tracking Technologies

11.1 The jilace platform uses cookies and similar tracking technologies to operate and improve the platform. The categories of cookies used are:

• Strictly necessary cookies: Required for the platform to function. These include session authentication cookies, CSRF protection tokens, and load-balancing cookies. These cannot be disabled without preventing use of the platform.
• Functional cookies: Remember your preferences such as language settings, game lobby view preferences, and last-used payment method. Disabling these cookies will not prevent platform access but may reduce convenience.
• Analytics cookies: Used to understand how the jilace platform is used — which pages are visited, how long sessions last, and where users encounter difficulty. Analytics data is aggregated and pseudonymized.
• Security and fraud prevention cookies: Used to identify suspicious session behavior and protect against account takeover and payment fraud.

11.2 jilace does not use third-party advertising cookies or permit advertising networks to set cookies on the jilace domain for the purpose of tracking users across other websites.

11.3 You may manage cookie preferences through your browser settings. Note that disabling strictly necessary cookies will prevent you from logging in or using jilace platform features.

12 Your Data Privacy Rights

Under the Data Privacy Act of 2012, you have the following rights with respect to your personal data held by jilace:

• Right to be informed: The right to be told what personal data jilace holds about you, the purposes for which it is processed, and your rights under the DPA. This Privacy Policy fulfills this obligation.
• Right of access: The right to request a copy of the personal data jilace holds about you and information about how it is processed.
• Right to rectification: The right to have inaccurate or incomplete personal data corrected. You may update most account data directly through your jilace account settings.
• Right to erasure or blocking: The right to request deletion or blocking of personal data where it is no longer necessary for the purposes for which it was collected, subject to jilace's legal retention obligations under PAGCOR and anti-money laundering regulations.
• Right to data portability: The right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to object: The right to object to the processing of your personal data, in particular where processing is based on legitimate interests or is used for direct marketing. Objecting to processing for direct marketing will result in immediate cessation of marketing communications.
• Right to withdraw consent: Where processing is based on your consent (e.g., marketing communications), you have the right to withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. To withdraw consent, update your communication preferences in your account settings or contact the DPO.
• Right to file a complaint: You have the right to file a complaint with the National Privacy Commission of the Philippines if you believe jilace has violated your data privacy rights.

13 Children's Privacy

13.1 The jilace platform is strictly for individuals aged twenty-one (21) years and older. jilace does not knowingly collect personal data from individuals under 21 years of age. The 21-year minimum age is verified through the KYC process prior to the processing of any withdrawal.

13.2 If jilace becomes aware that it has inadvertently collected personal data from a person under 21 years of age, it will immediately suspend the associated account, block access to the platform, and securely delete the personal data collected from that individual, subject to any overriding legal retention obligations.

13.3 If you are a parent or guardian and have reason to believe that a minor in your household has created a jilace account, please contact [email protected] immediately.

14 Third-Party Links and Embedded Content

14.1 The jilace platform may contain links to third-party websites or services, including game providers and payment processors. jilace is not responsible for the privacy practices of third-party platforms. When you follow a link to a third-party site, that site's own privacy policy governs the collection and use of your personal data.

14.2 Game content on the jilace platform is streamed or delivered by third-party providers. These providers may collect limited session and gameplay data in accordance with their own privacy policies and data processing agreements with jilace.

15 Amendments to This Privacy Policy

15.1 jilace reserves the right to amend this Privacy Policy at any time to reflect changes in Philippine data privacy law, NPC issuances, PAGCOR requirements, or jilace's data processing practices. The updated effective date will be reflected at the top of this document.

15.2 For material changes to this Policy that adversely affect the rights of registered users, jilace will provide at least seven (7) days' advance notice via the email address registered to your account.

15.3 Your continued use of the jilace platform after the effective date of any amendment constitutes your acknowledgment of and agreement to the revised Privacy Policy.

16 Contact Information and Data Protection Officer

16.1 For all data privacy enquiries, access requests, corrections, erasure requests, and complaints, contact the jilace Data Protection Officer:

• Email: [email protected] (subject line: "Data Privacy Request")
• Response time: Acknowledgment within 3 business days; substantive response within 15 business days
• Languages: English and Filipino (Tagalog)
• Hours: 24 hours a day, 7 days a week via email; business hours for formal DPO correspondence

16.2 If your concern is not resolved satisfactorily by jilace's DPO, you may escalate your complaint to the National Privacy Commission of the Philippines at privacy.gov.ph.

16.3 For general platform support unrelated to data privacy, contact jilace support via live chat on the platform, Facebook Messenger, or Viber — available 24/7 in English and Tagalog.