masaya365 Privacy Policy

masaya365 ("masaya365," "we," "us," or "our") is committed to protecting the privacy and personal data of all users ("you," "your," or "Player") who access or use the masaya365 online gaming platform available at https://masaya365.app (the "Platform"). This Privacy Policy describes how masaya365 collects, uses, stores, shares, and protects your personal data in connection with your use of the Platform and its associated services.

This Privacy Policy is issued in compliance with Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission (NPC) of the Philippines. Where applicable, this Policy also reflects internationally recognized data protection principles.

By registering an account on masaya365 or continuing to use the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein. This Privacy Policy should be read together with our Terms & Conditions and Responsible Gaming Policy.

For the purposes of the Data Privacy Act of 2012 and this Privacy Policy, masaya365 acts as the Personal Information Controller (PIC) in respect of the personal data it collects and processes in connection with the Platform.

masaya365 determines the purposes and means of processing your personal data and is responsible for ensuring that such processing is carried out in accordance with applicable Philippine data protection law and this Privacy Policy.

Where masaya365 engages third-party service providers to process personal data on its behalf (for example, payment processors, identity verification providers, or cloud hosting services), those providers act as Personal Information Processors (PIPs) and are contractually bound to process your data only on masaya365's instructions and in accordance with applicable law.

For all data privacy inquiries, requests, and concerns, please contact our Data Protection Officer (DPO) using the details provided in Section 14 of this Policy.

masaya365 collects personal data that is necessary, adequate, and not excessive in relation to the purposes for which it is collected. The categories of personal data we collect include:

3.1 Registration & Account Data

• Full legal name, date of birth, and gender
• Residential address (including city, province, and postal code)
• Email address and mobile number
• Username and encrypted password
• Preferred language and currency settings

3.2 Identity Verification (KYC) Data

• Government-issued photo identification (e.g., Philippine passport, PhilSys National ID, SSS ID, UMID, driver's license, or voter's ID)
• Proof of residential address (e.g., utility bill, bank statement, or barangay certificate)
• Selfie or live photo for facial verification purposes
• Proof of payment method ownership where required

3.3 Financial & Transaction Data

• Deposit and withdrawal amounts, dates, and payment methods (GCash, PayMaya, BPI, BDO, Metrobank)
• Transaction reference numbers and payment processor identifiers
• Account balance history and bonus transaction records

3.4 Gaming Activity Data

• Games played, bet amounts, win/loss records, and session durations
• Bonus usage, wagering progress, and promotional participation history
• Responsible gaming settings (deposit limits, session limits, self-exclusion status)

3.5 Technical & Device Data

• IP address, device type, operating system, and browser type
• Geolocation data (country and region level, derived from IP address)
• Session logs, login timestamps, and access records
• Cookie identifiers and similar tracking technologies (see Section 7)

3.6 Communications Data

• Records of live chat, email, and support ticket interactions with masaya365
• Survey responses, feedback submissions, and promotional opt-in preferences

masaya365 uses your personal data only for the purposes for which it was collected, or for compatible purposes that you would reasonably expect. The primary purposes for which we process your personal data are:

• Account Management: To create, maintain, and manage your masaya365 player account, including authentication and account security.
• Identity Verification: To verify your identity and age (21+) in compliance with Philippine gaming regulations and anti-money laundering requirements.
• Payment Processing: To process deposits and withdrawals via GCash, PayMaya, BPI, BDO, Metrobank, and other supported payment methods.
• Service Delivery: To provide access to masaya365's gaming products, including slots, bingo, fishing games, and live dealer tables.
• Regulatory Compliance: To comply with obligations under Philippine law, including the Anti-Money Laundering Act (AMLA), the Data Privacy Act, and applicable PAGCOR regulations.
• Fraud Prevention & Security: To detect, investigate, and prevent fraudulent activity, unauthorized account access, and other security threats.
• Responsible Gaming: To monitor gaming behavior, enforce responsible gaming limits, and identify players who may be at risk of problem gambling.
• Customer Support: To respond to your inquiries, resolve disputes, and provide technical assistance.
• Marketing Communications: To send you promotional offers, bonuses, and platform updates where you have provided consent or where permitted by applicable law. You may opt out at any time.
• Platform Improvement: To analyze usage patterns, conduct research, and improve the masaya365 Platform's features, performance, and user experience.

masaya365 processes your personal data on the following legal bases as recognized under the Data Privacy Act of 2012 and its Implementing Rules and Regulations:

• Contractual Necessity: Processing is necessary for the performance of the contract between you and masaya365 (i.e., the Terms & Conditions), including account management, payment processing, and service delivery.
• Legal Obligation: Processing is required to comply with masaya365's legal obligations under Philippine law, including anti-money laundering regulations, tax reporting requirements, and PAGCOR regulatory obligations.
• Legitimate Interests: Processing is necessary for masaya365's legitimate interests, including fraud prevention, platform security, and improving our services, provided that such interests are not overridden by your rights and freedoms.
• Consent: For certain processing activities, such as sending marketing communications or processing sensitive personal information, masaya365 relies on your freely given, specific, informed, and unambiguous consent. You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

masaya365 does not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may share your personal data with the following categories of recipients, strictly on a need-to-know basis and subject to appropriate data protection safeguards:

• Payment Processors: GCash, PayMaya, BPI, BDO, Metrobank, and other payment service providers, to process your deposits and withdrawals.
• Identity Verification Providers: Third-party KYC and age verification service providers engaged to verify your identity and comply with regulatory requirements.
• Game Providers: Software providers whose games are available on the masaya365 Platform, to the extent necessary to deliver gaming services.
• Cloud & Infrastructure Providers: Hosting, storage, and technology service providers who process data on masaya365's behalf under strict data processing agreements.
• Regulatory Authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other Philippine government agencies, where required by law or regulatory obligation.
• Law Enforcement: Philippine law enforcement agencies, courts, or other public authorities, where masaya365 is legally required or permitted to disclose personal data.
• Professional Advisors: Legal counsel, auditors, and other professional advisors engaged by masaya365, subject to professional confidentiality obligations.

masaya365 uses cookies and similar tracking technologies to operate the Platform, enhance your user experience, and analyze Platform usage. The types of cookies we use include:

• Strictly Necessary Cookies: Essential for the Platform to function correctly, including session management, authentication, and security features. These cookies cannot be disabled without affecting Platform functionality.
• Functional Cookies: Used to remember your preferences, such as language settings and responsible gaming limits, to provide a more personalized experience.
• Analytics Cookies: Used to collect aggregated, anonymized data about how players use the Platform, helping masaya365 identify areas for improvement. This data does not identify individual users.
• Marketing Cookies: Used to deliver relevant promotional content and measure the effectiveness of masaya365's marketing campaigns. These cookies are only placed with your consent.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the masaya365 Platform. For more information on managing cookies in popular browsers used in the Philippines, refer to your browser's help documentation.

masaya365 retains your personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable Philippine law. The following general retention periods apply:

• Account Data: Retained for the duration of your active account relationship with masaya365, plus a minimum of five (5) years following account closure, in accordance with Philippine record-keeping requirements.
• KYC & Identity Verification Data: Retained for a minimum of five (5) years following the end of the business relationship, as required by the Anti-Money Laundering Act and PAGCOR regulations.
• Financial Transaction Records: Retained for a minimum of five (5) years from the date of the transaction, in compliance with Philippine tax and anti-money laundering laws.
• Gaming Activity Data: Retained for a minimum of three (3) years from the date of the relevant gaming session.
• Customer Support Records: Retained for a minimum of two (2) years from the date of the last interaction.
• Marketing Consent Records: Retained for the duration of the consent period and for a reasonable period thereafter to demonstrate compliance.

Upon expiry of the applicable retention period, masaya365 will securely delete or anonymize your personal data in accordance with its data disposal procedures. Where data is anonymized, it may be retained indefinitely for analytical purposes as it can no longer be linked to an identifiable individual.

Under the Data Privacy Act of 2012, you have the following rights in relation to your personal data held by masaya365:

• Right to Be Informed: The right to be informed of how your personal data is being collected and processed, as set out in this Privacy Policy.
• Right of Access: The right to request a copy of the personal data masaya365 holds about you, along with information about how it is being processed.
• Right to Rectification: The right to request correction of any inaccurate, incomplete, or outdated personal data masaya365 holds about you.
• Right to Erasure or Blocking: The right to request deletion or blocking of your personal data where it is no longer necessary for the purposes for which it was collected, subject to masaya365's legal retention obligations.
• Right to Object: The right to object to the processing of your personal data for direct marketing purposes or on grounds relating to your particular situation where processing is based on legitimate interests.
• Right to Data Portability: The right to receive a copy of your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.
• Right to Lodge a Complaint: The right to lodge a complaint with the National Privacy Commission (NPC) if you believe masaya365 has processed your personal data in violation of the Data Privacy Act.

The masaya365 Platform is strictly intended for individuals who are 21 years of age or older, in accordance with Philippine gambling regulations. masaya365 does not knowingly collect, process, or store personal data from individuals under the age of 21.

If masaya365 discovers or is notified that it has inadvertently collected personal data from a person under the age of 21, it will immediately suspend the relevant account, delete the personal data in question, and take appropriate steps to prevent recurrence.

If you are a parent or guardian and believe that your child under the age of 21 has provided personal data to masaya365, please contact our Data Protection Officer immediately using the details in Section 14 so that we can take prompt action.

masaya365 encourages parents and guardians to use parental control tools and to monitor their children's online activity to prevent underage access to gambling platforms.

masaya365 implements a comprehensive set of technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, loss, or destruction. These measures include:

• 256-bit SSL/TLS Encryption: All data transmitted between your device and the masaya365 Platform is encrypted using industry-standard SSL/TLS protocols.
• Two-Factor Authentication (2FA): masaya365 offers two-factor authentication for player accounts to provide an additional layer of login security.
• Access Controls: Strict role-based access controls ensure that only authorized masaya365 personnel with a legitimate business need can access player personal data. All access is logged and subject to regular audit.
• Data Encryption at Rest: Sensitive personal data, including KYC documents and financial records, is encrypted when stored on masaya365's servers.
• Regular Security Audits: masaya365 conducts regular internal and third-party security assessments, penetration testing, and vulnerability scans to identify and remediate security risks.
• Incident Response Plan: masaya365 maintains a documented data breach response plan to ensure rapid detection, containment, and notification in the event of a security incident.

The masaya365 Platform may contain references to or integrations with third-party services, such as payment gateways (GCash, PayMaya, BPI, BDO, Metrobank) and game software providers. These third parties operate under their own privacy policies and data protection practices, which are independent of masaya365.

masaya365 is not responsible for the privacy practices or content of third-party services. When you interact with a third-party service in connection with the masaya365 Platform (for example, completing a GCash payment), you are subject to that third party's privacy policy in addition to this Privacy Policy.

masaya365 recommends that you review the privacy policies of any third-party services you use in connection with the Platform to understand how they collect and process your personal data.

masaya365 reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, applicable Philippine law, or regulatory requirements. The "Last Updated" date at the top of this page indicates when the most recent revision was made.

When material changes are made to this Privacy Policy, masaya365 will notify registered players via email or a prominent notice on the Platform at least seven (7) days before the changes take effect, where reasonably practicable. For non-material changes, the updated Privacy Policy will be posted on this page with an updated effective date.

Your continued use of the masaya365 Platform after the effective date of any amendment constitutes your acknowledgment of the updated Privacy Policy. If you do not agree to the amended Privacy Policy, you must stop using the Platform and close your account.

masaya365 encourages you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

masaya365 has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with the Data Privacy Act of 2012 and this Privacy Policy. If you have any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact our DPO through the following channels:

• Email: [email protected]
• General Support Email: [email protected]
• Live Chat: Available 24/7 directly on the masaya365 Platform

masaya365 will acknowledge all data privacy requests within three (3) business days and will endeavor to resolve all requests within fifteen (15) business days, in accordance with NPC guidelines. Complex requests may require additional time, in which case masaya365 will notify you of the expected resolution timeline.

If you are not satisfied with masaya365's response to your data privacy concern, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines.