bit365 Privacy Policy

For the purposes of the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, bit365 — operating the platform accessible at bit365.asia — is the Personal Information Controller (PIC) with respect to all personal data collected from players and users of the platform.

As Personal Information Controller, bit365 determines the purposes and means of processing your personal data, is responsible for ensuring that processing is conducted lawfully, fairly, and transparently, and is your primary point of contact for all data privacy-related requests and enquiries.

bit365 has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with this Privacy Policy and applicable Philippine data privacy law. Contact details for the DPO are set out in Section 14 of this Policy.

bit365 collects the following categories of personal data in the course of providing its platform and services to Filipino players:

2.1 Identity and Registration Data

• Full legal name (as appearing on a valid Philippine government-issued ID)
• Date of birth (for mandatory 21+ age verification)
• Gender (where provided voluntarily)
• Government-issued ID type and number (UMID, passport, driver's licence, or similar)
• Profile username

2.2 Contact Data

• Email address (registered and verified)
• Philippine mobile phone number
• Residential address (for KYC verification and regulatory purposes)

2.3 Financial and Transaction Data

• GCash mobile number or PayMaya account reference linked to your bit365 account
• Philippine bank account details (BPI, BDO, Metrobank, or others) where provided for withdrawals
• Visa/Mastercard card details (processed securely by PCI DSS-compliant payment processors — card numbers are never stored by bit365)
• Full deposit and withdrawal transaction history, including amounts, timestamps, and payment method used
• Account wallet balance history

2.4 Gaming Activity Data

• Complete game play history including game type, bets placed, outcomes, wins, and losses
• Sports wager history including markets, selections, odds, and settlement outcomes
• Session durations, login timestamps, and logout timestamps
• Responsible gaming settings configured on your account (deposit limits, self-exclusion status, etc.)

2.5 Technical and Device Data

• IP address at time of login and gameplay
• Device type, model, and operating system
• Browser type and version
• Mobile network operator (where applicable)
• Platform interaction logs and error reports

2.6 Communications Data

• Content of support chat transcripts and email correspondence
• Promotional communication preferences (opt-in/opt-out status)
• Survey or feedback responses (where provided voluntarily)

bit365 collects personal data through the following means:

• Direct collection at registration: Information you provide when creating a bit365 account, including name, date of birth, email, and Philippine mobile number.
• KYC verification submission: Identity documents and proof of address submitted during account verification.
• Payment processing: Financial information provided when you make deposits or request withdrawals via GCash, PayMaya, or Philippine bank transfers.
• Automated platform activity: Technical data, game history, and session data automatically recorded as you use the bit365 platform.
• Cookies and tracking technologies: Data collected through cookies, web beacons, and similar technologies as described in Section 9 of this Policy.
• Customer support interactions: Information you provide when contacting bit365 support via live chat or email.
• Third-party verification services: Identity verification data obtained from authorised third-party KYC service providers during account verification, where you have consented to such verification.

bit365 uses the personal data it collects for the following specific purposes:

bit365 will not use your personal data for any purpose that is incompatible with the purposes listed above without obtaining your prior consent or establishing a lawful basis for the new processing purpose.

Under the Philippine Data Privacy Act of 2012 (RA 10173), bit365 processes your personal data on the following lawful bases:

• Contractual necessity: Processing required to perform the contract we have with you when you register a bit365 account — including account management, payment processing, and the provision of gaming services.
• Legal obligation: Processing required to comply with applicable Philippine law, including the Anti-Money Laundering Act (RA 9160 as amended), PAGCOR regulatory requirements, mandatory age verification under Philippine gaming law, and tax reporting obligations.
• Legitimate interests: Processing necessary for bit365's legitimate business interests, including fraud prevention, platform security, responsible gaming monitoring, and platform analytics — where these interests are not overridden by your fundamental rights and freedoms.
• Consent: Processing based on your freely given, specific, and informed consent — including for direct marketing communications where you have opted in to receive such communications. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

bit365 does not sell, rent, or trade your personal data to any third party for commercial purposes. We share personal data only in the following limited circumstances:

• Payment processors: GCash (operated by Mynt / Globe Telecom), PayMaya (Voyager Innovations), BancNet, Visa, Mastercard, and Philippine banks as necessary to process your deposits and withdrawals. These processors handle your financial data under their own privacy policies and are bound by PCI DSS and Philippine financial data protection requirements.
• Identity verification providers: Authorised third-party KYC service providers engaged by bit365 to assist with identity document verification and fraud detection during account onboarding and ongoing compliance monitoring.
• Game content providers: Third-party game providers whose games are accessible through the bit365 platform may receive certain session-level technical data necessary to operate their games. These providers are contractually prohibited from using such data for independent marketing or profiling purposes.
• Regulatory and law enforcement authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), the Bureau of Internal Revenue (BIR), Philippine courts, and law enforcement agencies — where disclosure is required by applicable Philippine law, court order, or regulatory directive.
• Professional advisors: Legal counsel, auditors, and accountants engaged by bit365, under binding confidentiality obligations.
• Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of bit365's business assets, your personal data may be transferred to the acquiring entity. You will be notified of any such transfer via registered email prior to its completion.

bit365 retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable Philippine law. The following retention periods apply:

• Account and identity data: Retained for the duration of your active account and for a minimum of five (5) years following account closure, consistent with PAGCOR's record-keeping requirements and RA 9160 (AMLA) obligations.
• Financial transaction records: Retained for a minimum of five (5) years from the date of each transaction, in compliance with AMLA and BIR requirements applicable to gaming operators.
• Gaming activity history: Retained for a minimum of three (3) years from the date of activity, for responsible gaming monitoring and dispute resolution purposes.
• KYC documents: Retained for a minimum of five (5) years from the date of verification or account closure, whichever is later.
• Customer support communications: Retained for a minimum of two (2) years from the date of last communication.
• Marketing consent records: Retained until you withdraw consent, plus a reasonable period thereafter as evidence of prior consent.

Upon expiry of applicable retention periods, personal data is securely deleted or anonymised in a manner that prevents reconstruction of the original data.

bit365 implements comprehensive technical, physical, and organisational security measures to protect your personal data against unauthorised access, accidental loss, alteration, disclosure, or destruction. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and the bit365 platform.
• AES-256 encryption at rest for all personal and financial data stored on bit365 servers.
• Access controls and role-based permissions limiting staff access to personal data on a strict need-to-know basis.
• Multi-factor authentication required for all internal systems accessing personal data.
• Regular penetration testing and vulnerability assessments conducted by independent security specialists.
• Security monitoring and intrusion detection systems operating continuously across all platform infrastructure.
• Data breach response procedures consistent with the NPC's breach notification requirements under RA 10173.

While bit365 employs best-practice security measures, no method of electronic transmission or storage is entirely without risk. You are responsible for maintaining the security of your own account credentials and for notifying bit365 immediately of any suspected unauthorised access to your account.

bit365 uses cookies and similar tracking technologies on the platform to support its operation, enhance your experience, and collect analytics data. The following categories of cookies are used:

• Strictly necessary cookies: Essential for the operation of the platform, including maintaining your login session, remembering your security token, and ensuring secure navigation between pages. These cookies cannot be disabled without disabling core platform functionality.
• Functional cookies: Remember your preferences such as language settings, display preferences, and responsible gaming settings so you do not need to reconfigure them on each visit.
• Analytics cookies: Collect aggregated, anonymised data about how players use the bit365 platform — including which pages are visited most frequently, session duration, and game category engagement. This data is used solely to improve the platform and is not used to identify individual players.
• Security cookies: Used to identify and prevent fraudulent activity, including session hijacking and bot activity, by tracking login patterns and device fingerprinting at a platform security level.

You can manage cookie preferences through your browser settings. Disabling strictly necessary cookies will impair your ability to use the bit365 platform. Disabling analytics or functional cookies will reduce the quality of your experience but will not prevent access to core platform features.

bit365 does not use third-party advertising cookies or behavioural tracking cookies that share your data with external advertising networks.

Under the Philippine Data Privacy Act of 2012 (RA 10173), you have the following rights with respect to your personal data held by bit365. All rights are exercisable by submitting a verified written request to the bit365 Data Protection Officer at the contact details set out in Section 14:

bit365 will respond to verified data subject requests within thirty (30) calendar days of receipt. Where the complexity or volume of requests requires additional time, we will notify you within the initial thirty-day period and provide an estimated completion date, which shall not exceed a total of sixty (60) days from the date of receipt.

bit365 will not charge a fee for exercising data subject rights under normal circumstances. Where requests are manifestly unfounded, excessive, or repetitive, bit365 may charge a reasonable administrative fee or decline to act on the request, and will notify you accordingly with reasons.

bit365 is strictly an adult gambling platform. Access to and use of the bit365 platform is prohibited for any individual under the age of twenty-one (21) years. This restriction reflects the minimum age for lawful participation in casino-style gambling in the Philippines as established by PAGCOR.

bit365 does not knowingly collect, use, or retain personal data from individuals under the age of 21. All account registrations require age verification against a valid Philippine government-issued ID as part of the mandatory KYC process. Any account found to be held by an individual under 21 will be immediately closed and all funds returned.

Certain service providers engaged by bit365 — including game content providers, cloud infrastructure providers, and KYC verification services — may be located outside the Philippines. Where personal data is transferred to a country or territory that has not been deemed by the National Privacy Commission to provide an adequate level of data protection, bit365 will implement appropriate safeguards, which may include:

• Contractual data processing agreements incorporating the NPC's standard contractual clauses for cross-border data transfers, as applicable.
• Binding corporate rules where transfers are made within a corporate group.
• Explicit consent from the data subject for the specific transfer, where no other appropriate safeguard is available.

By registering a bit365 account and accepting these Terms, you acknowledge that your personal data may be transferred, stored, and processed in jurisdictions outside the Philippines. bit365 will at all times ensure that such transfers are conducted in compliance with RA 10173 and subject to appropriate safeguards.

bit365 reserves the right to update, amend, or replace this Privacy Policy at any time to reflect changes in our data processing practices, applicable Philippine law, PAGCOR regulatory requirements, or NPC guidance.

Where we make material changes to this Policy — particularly changes that affect your rights or the way we use your personal data — we will notify you by sending an email to your registered address or by displaying a prominent notice on the bit365 platform prior to the changes taking effect. Non-material clarifications may be implemented without prior notification.

The effective date of the current version of this Privacy Policy is always stated at the top of this document. We recommend that you review this Policy periodically. The most current version is permanently accessible at bit365.asia/privacy-policy.

Your continued use of the bit365 platform following notification of a material change to this Privacy Policy constitutes your acknowledgement of the updated Policy. If you do not agree with any updated Policy terms, you must cease using the platform and may request account closure as described in our Terms & Conditions.

If you have any questions, concerns, or requests relating to this Privacy Policy or to the processing of your personal data by bit365, please contact our Data Protection Officer (DPO) through the following channels:

DPO Email: [email protected] (plain text — not a clickable link)

Subject Line: Please mark data privacy requests clearly with the subject "DATA PRIVACY REQUEST — [your full name]" to ensure routing to the DPO team without delay.

Platform Live Chat: Available 24/7 to all registered bit365 players. Live chat agents can assist with general privacy questions and will escalate formal data subject requests to the DPO team.

Languages: The bit365 DPO team handles enquiries in English and Filipino (Tagalog), serving players across Metro Manila, Cebu, Davao, and all regions of the Philippines.

National Privacy Commission: If you are not satisfied with bit365's response to a data privacy concern, you have the right to lodge a complaint with the National Privacy Commission of the Philippines (NPC). Information about the NPC and its complaint process is available on the NPC's official government website.