Privacy Policy — 3taya365

This Privacy Policy ("Policy") is issued by 3taya365 ("3taya365," "We," "Us," or "Our") and applies to all personal data collected and processed in connection with your access to and use of the 3taya365 website, mobile application, and all associated gaming and account services (collectively, the "Platform").

This Policy applies to: (a) registered players who hold a 3taya365 Account; (b) unregistered visitors who browse the 3taya365 website; and (c) any individual who communicates with 3taya365 through support channels, email, or live chat. It does not apply to third-party websites, payment processors, game providers, or other external services that may be accessible from the Platform — those entities maintain their own privacy policies and data practices, over which 3taya365 has no control or responsibility.

By registering a 3taya365 Account, making a deposit, or continuing to use the Platform after this Policy becomes effective, you acknowledge that you have read and understood this Policy and consent to the collection, use, and processing of your personal data as described herein.

For the purposes of the Data Privacy Act of 2012, 3taya365 is the Personal Information Controller (PIC) in respect of the personal data it collects and processes through the Platform. As PIC, 3taya365 is responsible for ensuring that personal data is processed lawfully, in accordance with the general data privacy principles of transparency, legitimate purpose, and proportionality.

3taya365 has designated a Data Protection Officer (DPO) who is responsible for overseeing compliance with RA 10173 and this Policy. Contact details for the DPO are provided in Section 14 of this Policy. The DPO is registered with the National Privacy Commission in accordance with NPC Circular 16-01.

Where 3taya365 engages third-party vendors, game providers, or payment processors who access personal data on our behalf and under our instructions, those parties are classified as Personal Information Processors (PIPs) and are required to comply with data protection obligations equivalent to those observed by 3taya365.

The following categories of personal data are collected and processed by 3taya365 in the course of providing the Platform:

3taya365 does not intentionally collect sensitive personal information as defined in Section 3(l) of RA 10173 (such as racial or ethnic origin, religious beliefs, or health data) except where explicitly required by PAGCOR's responsible gaming framework (e.g., information voluntarily provided through a problem gambling self-assessment tool). Where such sensitive data is collected, heightened security measures and specific consent mechanisms are applied.

3taya365 collects personal data through the following means:

• Direct submission: Data you provide when creating a 3taya365 Account (registration form), completing KYC verification (ID upload), making deposits or withdrawals (payment details), contacting support (chat or email), or activating responsible gaming tools.
• Automated collection: Technical and usage data collected automatically when you access the Platform, including IP address, device identifiers, browser data, and session activity logs. This collection is facilitated by cookies, server logs, and similar technologies as described in Section 9.
• Third-party sources: Where permitted by law, 3taya365 may receive or verify data from third parties, including: Philippine government identity verification services used for KYC; GCash and Maya for payment confirmation; fraud prevention and AML screening providers; and PAGCOR's responsible gaming exclusion registry.

3taya365 does not purchase marketing lists or collect personal data from social media platforms without your explicit consent. We do not use facial recognition technology for routine KYC purposes — document review is conducted by trained human compliance staff or accredited third-party identity verification services.

3taya365 processes personal data for the following purposes, each supported by a lawful basis under RA 10173:

3taya365 will not process your personal data for any purpose incompatible with those listed above without first obtaining your explicit consent or where otherwise required by law.

3taya365 does not sell, rent, or trade your personal data to third parties for their own marketing purposes. Personal data is shared only in the following circumstances and only to the extent necessary for the stated purpose:

• PAGCOR: As a licensed operator, 3taya365 is obligated to provide player data to PAGCOR upon request, including for compliance audits, responsible gaming exclusion checks, and regulatory investigations.
• Anti-Money Laundering Council (AMLC): Under RA 9160 as amended, 3taya365 is required to submit suspicious transaction reports and covered transaction reports to the AMLC where applicable thresholds or indicators are met.
• National Privacy Commission (NPC): In the event of a personal data breach or upon formal NPC request, 3taya365 will provide required information in accordance with its obligations under RA 10173.
• Payment processors: GCash (GXI Corp.), Maya (Voyager Innovations), BPI, BDO, Metrobank, and other payment service providers receive transaction data strictly for the purpose of processing deposits and withdrawals on your 3taya365 Account.
• Game providers: Certified game suppliers may receive anonymised or pseudonymised session data for the purpose of game performance monitoring and dispute resolution. They do not receive your full identity or financial data.
• Identity verification services: Accredited third-party KYC verification providers receive identity documents for the purpose of verifying your age and identity as required by PAGCOR. These providers are bound by data processing agreements aligned with RA 10173.
• Legal and law enforcement: 3taya365 may disclose personal data to Philippine law enforcement, courts, or other competent authorities where required by law, court order, or lawful official request.

All third parties with whom 3taya365 shares personal data are required to maintain appropriate security standards and process data only for the specific purpose for which it was shared. 3taya365 does not authorise its service providers to use your data for their own commercial purposes.

3taya365 retains personal data for as long as is necessary to fulfil the purpose for which it was collected, subject to any longer retention period required by applicable Philippine law or PAGCOR's licensing conditions. The following general retention periods apply:

Where personal data is no longer required for any lawful retention purpose, 3taya365 will securely destroy or anonymise it in accordance with its data destruction procedures. Anonymised, aggregated data (from which no individual can be identified) may be retained indefinitely for statistical and analytical purposes.

3taya365 implements appropriate technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, and destruction. These measures include, but are not limited to:

• Encryption in transit: All data transmitted between your device and the 3taya365 Platform is encrypted using Transport Layer Security (TLS 1.2 or higher) / 256-bit SSL.
• Encryption at rest: Personal data and financial records stored in 3taya365 databases are encrypted using AES-256 encryption or equivalent standards.
• Access controls: Access to personal data within 3taya365 is restricted on a need-to-know basis. All staff with access to personal data undergo background screening and regular data privacy training.
• Two-factor authentication: 3taya365 requires OTP-based two-factor authentication for all administrative system access and makes it available to Players for their own Accounts.
• Penetration testing and vulnerability assessments: The Platform undergoes regular independent security testing to identify and remediate vulnerabilities before they can be exploited.
• Incident response: 3taya365 maintains a documented personal data breach response procedure. In the event of a breach that creates a real risk of serious harm, the NPC will be notified within 72 hours and affected individuals will be informed as required by RA 10173.

While 3taya365 takes all reasonable precautions to protect your data, no internet-based system is entirely impenetrable. You are responsible for maintaining the security of your 3taya365 Account credentials and for notifying us immediately if you believe your Account has been compromised.

3taya365 uses cookies and similar tracking technologies to operate the Platform, remember your preferences, maintain your session state, and analyse Platform usage. The following cookie categories are used:

• Strictly Necessary Cookies: Required for the Platform to function. These include session authentication cookies, security tokens, and load-balancing cookies. These cannot be disabled without breaking core Platform functionality.
• Functional Cookies: Store your preferences, such as your preferred language, currency display (PHP), and responsible gaming settings, so they persist across sessions.
• Analytics Cookies: Used to collect aggregated, anonymised data about how visitors use the Platform — which pages are visited most, how long sessions last, and where users encounter errors. This data is used to improve the Platform.
• Fraud Prevention & Security Cookies: Help 3taya365 detect unusual or suspicious login behaviour, protect against CSRF attacks, and verify that interactions with the Platform are from legitimate human users rather than automated bots.

3taya365 does not use third-party advertising or retargeting cookies. We do not allow third-party advertisers to place cookies on the Platform. You may manage cookie preferences through your browser settings; however, disabling strictly necessary cookies will prevent you from logging in to your 3taya365 Account.

As a data subject under RA 10173, you have the following rights in relation to the personal data 3taya365 holds about you:

The 3taya365 Platform is intended exclusively for individuals who are 21 years of age or older, as required by PAGCOR for all licensed Philippine gaming operators. 3taya365 does not knowingly collect personal data from individuals below the age of 21.

As part of the KYC verification process, every registered Player must provide a valid Philippine government-issued ID confirming their date of birth. Accounts belonging to individuals who are found to be under the age of 21 will be immediately suspended, all associated balances and winnings will be void and forfeited, and the matter may be referred to PAGCOR. Any personal data collected from an underage individual will be deleted promptly following account closure, except where retention is required for regulatory reporting purposes.

If you believe that 3taya365 has inadvertently collected data from a person under the age of 21, please contact our DPO immediately using the contact details in Section 14.

Some of 3taya365's third-party service providers — including certain game certification laboratories, fraud screening providers, and cloud infrastructure partners — may process personal data in jurisdictions outside the Philippines. Where such transfers occur, 3taya365 ensures that appropriate safeguards are in place, consistent with Section 21 of RA 10173 and applicable NPC guidelines, including:

• Data processing agreements containing standard contractual clauses equivalent to those prescribed by the NPC
• Assessment that the recipient jurisdiction provides an adequate level of personal data protection, or that binding corporate rules, codes of conduct, or other approved mechanisms provide equivalent protection
• Specific contractual obligations that restrict the recipient's use of transferred data to the defined processing purpose

3taya365 does not transfer personal data to offshore processing entities for the purpose of evading Philippine data protection requirements. The primary operational infrastructure for 3taya365 is located in the Philippines or in jurisdictions with comparable data protection frameworks.

3taya365 reserves the right to update this Privacy Policy at any time to reflect changes in applicable law, PAGCOR licensing conditions, NPC guidance, or our data processing practices. Where changes are material — meaning they significantly affect the way your personal data is collected, used, or your rights as a data subject — we will provide at least 14 days' advance notice to all registered Players via the email address on file and by posting a prominent notice on the Platform.

Non-material updates — such as typographical corrections, clarifications of existing practices, or administrative changes — may be published without advance notice. The "Effective Date" at the top of this Policy reflects the date the current version came into force. We recommend reviewing this Policy periodically to stay informed of any changes.

Your continued use of the 3taya365 Platform after the effective date of any revised Policy constitutes your acceptance of the updated terms. If you do not agree with material changes to this Policy, you have the right to close your Account before those changes take effect.

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, you may contact 3taya365's Data Protection Officer through the following channels:

3taya365 aims to acknowledge all privacy-related requests within 5 business days and to provide a substantive response within 15 business days, in line with NPC guidelines. Complex requests involving large volumes of data or legal analysis may take longer; in such cases, you will be notified of the extended timeline and the reason for the delay.