YOUR PRIVACY MATTERS TO xx77. This Privacy Policy ("Policy") describes how xx77 ("we," "us," "our," or "the Platform") collects, uses, stores, shares, and protects the personal data of individuals ("you," "your," or "User") who access or use the xx77 platform at xx77.lat. This Policy complies with the Philippines' Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations.
1Introduction & Scope
This Policy applies to all personal data processed by xx77 in connection with your use of the xx77 online casino and gaming platform, including but not limited to account registration, identity verification, deposits and withdrawals, gameplay, customer support interactions, and participation in promotional activities.
This Policy applies to data collected through xx77.lat and any associated mobile-optimized interfaces, progressive web applications, or other digital touchpoints operated under the xx77 brand. It does not apply to third-party platforms, payment providers, or game studios, each of which operates under its own privacy framework. Where xx77 shares your data with such third parties, we do so only to the extent described in Section 6 of this Policy.
By registering an account with xx77 or continuing to use the xx77 platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein.
2Data Controller
For the purposes of the Data Privacy Act of 2012 and all applicable data protection legislation, xx77 acts as the personal information controller in respect of all personal data collected from users of the xx77 platform. This means that xx77 determines the purposes for which and the means by which your personal data is processed.
Where xx77 engages third-party service providers to process personal data on its behalf — such as payment processors, KYC verification providers, or customer support platforms — those parties act as personal information processors under written data processing agreements that impose obligations consistent with this Policy and applicable law.
3Personal Data We Collect
xx77 collects only the personal data necessary for the purposes set out in this Policy. The categories of personal data we process are described in the table below:
| Data Category |
Specific Data Points |
When Collected |
| Identity Data |
Full legal name, date of birth, nationality, government ID type and number |
Account registration and KYC verification |
| Contact Data |
Philippine mobile number, email address, residential address (province/city) |
Account registration |
| Financial Data |
GCash/Maya account number, bank account details (if applicable), deposit and withdrawal history, wallet balances |
Payment transactions |
| Verification Documents |
Government ID images, proof of address documents, selfie photographs for liveness checks |
KYC/AML verification |
| Technical Data |
IP address, device type and OS, browser type, session tokens, login timestamps |
Each platform session |
| Usage Data |
Games played, wager amounts, win/loss history, session duration, navigation paths |
During gameplay sessions |
| Communications Data |
Support chat transcripts, email correspondence, complaint records |
Customer support interactions |
| Marketing Preferences |
Promotional opt-in/opt-out status, preferred communication channels, campaign interaction history |
Registration and account settings |
xx77 does not collect sensitive personal information (as defined under RA 10173) such as racial or ethnic origin, political opinions, religious beliefs, or health information, unless specifically required for responsible gaming compliance purposes and only with your explicit consent.
4How We Collect Your Data
xx77 collects personal data through the following channels and mechanisms:
- Direct Submission: Data you actively provide during account registration, KYC verification form submission, payment transactions, customer support contacts, or promotional participation.
- Automated Technical Collection: Data collected automatically as you interact with the xx77 platform, including IP address logging, session tracking, device fingerprinting for fraud prevention, and cookie-based analytics.
- Payment Processors: Transaction confirmation data, payment method verification status, and chargeback notifications received from GCash, Maya, and other integrated payment networks.
- KYC Verification Providers: Identity verification outcomes, document authenticity assessments, and liveness check results from licensed third-party KYC service providers engaged by xx77.
- Public Sources and Watchlists: Publicly available information used for Anti-Money Laundering (AML) screening, politically exposed person (PEP) checks, and sanctions list screening in compliance with applicable financial crime prevention obligations.
5Purposes & Legal Basis for Processing
xx77 processes your personal data only where a lawful basis exists under applicable data protection law. The table below sets out the primary purposes for which xx77 processes personal data and the corresponding legal basis:
- Contract Performance: Processing necessary to create and manage your xx77 account, facilitate deposits and withdrawals, enable access to games, and fulfill our contractual obligations to you as a registered player.
- Legal Obligation: Processing required to comply with Know Your Customer (KYC) obligations, Anti-Money Laundering (AML) regulations, responsible gaming requirements, and regulatory reporting obligations under Philippine law.
- Legitimate Interests: Fraud prevention, platform security, responsible gaming monitoring, analytics to improve the xx77 user experience, and internal audit purposes — where these interests are not overridden by your data protection rights.
- Consent: Marketing communications and promotional messages sent via SMS, email, or push notification, where you have opted in to receive such communications. You may withdraw consent at any time through your account settings.
6Sharing Your Personal Data
xx77 does not sell, rent, or otherwise commercially exploit your personal data to unaffiliated third parties. We share personal data only in the following circumstances and only to the extent strictly necessary:
- Payment Processors: GCash, Maya, BPI, BDO, Metrobank, and other integrated payment service providers, solely to process your transactions and verify payment method ownership.
- KYC and AML Providers: Licensed identity verification and financial crime screening service providers engaged by xx77 to satisfy regulatory due diligence requirements.
- Game Studios and Platform Providers: Technical data (such as session tokens and game result seeds) shared with licensed game studios for the purpose of delivering their games through the xx77 platform.
- Customer Support Platforms: Support platform operators who process communications data solely to facilitate xx77's customer support function under strict data processing agreements.
- Regulatory and Law Enforcement Authorities: Philippine government agencies, law enforcement bodies, PAGCOR, and courts, where xx77 is legally required or authorized to disclose information.
- Professional Advisers: Lawyers, auditors, and accountants engaged by xx77, subject to professional confidentiality obligations, for the purpose of obtaining professional advice or services.
All third parties who process personal data on behalf of xx77 are required by contract to maintain appropriate technical and organizational security measures and to process personal data only in accordance with xx77's documented instructions.
7Cookies & Tracking Technologies
xx77 uses cookies and similar tracking technologies to operate and improve the platform. A cookie is a small text file placed on your device when you access a website. xx77 uses the following categories of cookies:
- Strictly Necessary Cookies: Essential for the platform to function — including session management, login authentication, and security tokens. These cannot be disabled without impairing core platform functionality.
- Performance and Analytics Cookies: Used to understand how players navigate and use the xx77 platform, so we can identify areas for improvement and optimize the user experience.
- Functional Cookies: Remember your language preferences, display settings, and other personalization choices so you don't need to re-enter them each session.
- Security and Fraud Prevention Cookies: Enable device fingerprinting and session integrity monitoring for the purpose of detecting suspicious login activity and preventing unauthorized account access.
You may control cookie settings through your browser's privacy controls. Note that disabling certain cookies may affect the functionality of the xx77 platform. xx77 does not use advertising or cross-site tracking cookies for the purpose of serving third-party advertisements.
8Data Retention
xx77 retains personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. The principal retention periods applied by xx77 are as follows:
- Account and Identity Data: Retained for the duration of your active account relationship with xx77, plus a minimum of five (5) years following account closure, in compliance with AML record-keeping obligations.
- Financial Transaction Records: Retained for a minimum of five (5) years from the date of the transaction, in accordance with Philippine financial record-keeping regulations.
- KYC Verification Documents: Retained for the duration of the account relationship plus five (5) years post-closure, or such longer period as may be required by applicable law.
- Support and Communications Data: Retained for three (3) years from the date of the interaction, or longer where the communication relates to a formal complaint or legal dispute.
- Marketing Preferences and Consent Records: Retained for three (3) years following any opt-out or withdrawal of consent, as evidence of your preferences.
Upon expiry of the applicable retention period, personal data is securely deleted or anonymized in accordance with xx77's data disposal procedures.
9Data Security Measures
xx77 implements a multi-layered security framework to protect your personal data against unauthorized access, loss, alteration, or disclosure. Key security measures include:
- Encryption in Transit: All data transmitted between your device and the xx77 platform is encrypted using TLS 1.3 (256-bit encryption). The padlock icon in your browser confirms that a secure connection is active.
- Encryption at Rest: Sensitive personal data and financial information stored in xx77's systems is encrypted at rest using AES-256 encryption.
- Access Controls: Internal access to personal data is restricted on a strict need-to-know basis. Staff with access to player data undergo background checks and regular privacy training.
- Two-Factor Authentication: Available for all xx77 accounts to protect against unauthorized login even where account credentials have been compromised.
- Penetration Testing and Security Audits: Regular independent security assessments of the xx77 platform infrastructure.
- Incident Response: In the event of a personal data breach that poses a risk to your rights, xx77 will notify affected users and, where required, the National Privacy Commission within the timeframes prescribed by RA 10173.
While xx77 takes comprehensive steps to protect your data, no internet-based system is completely immune to security risks. You also have a role to play — use a strong, unique password for your xx77 account and enable two-factor authentication through your account security settings.
10Your Data Rights
Under the Data Privacy Act of 2012 (RA 10173), you have the following rights in relation to your personal data held by xx77. These rights may be exercised by contacting xx77's data protection team at the details provided in Section 14:
- Right to be Informed: You have the right to be informed of the personal data xx77 holds about you, the purposes for which it is processed, and the parties to whom it is disclosed.
- Right of Access: You may request a copy of the personal data xx77 holds about you, together with information about how it is processed.
- Right to Rectification: You may request correction of inaccurate or incomplete personal data held by xx77. Some corrections (e.g., legal name changes) may require submission of supporting documentation.
- Right to Erasure: You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to xx77's legal obligations to retain certain records.
- Right to Object: You may object to the processing of your personal data where xx77 relies on legitimate interests as the legal basis, and where your individual circumstances justify such objection.
- Right to Data Portability: You may request that xx77 provide your personal data in a structured, commonly used format so that it may be transferred to another service provider.
- Right to Withdraw Consent: Where processing is based on your consent (e.g., marketing communications), you may withdraw that consent at any time through your account settings or by contacting support.
xx77 will respond to verified data rights requests within thirty (30) calendar days of receipt. Complex or high-volume requests may require up to ninety (90) days, in which case we will notify you of the extended timeline within the initial 30-day window.
11Minors & Age Policy
The xx77 platform is strictly intended for individuals who are 21 years of age or older. xx77 does not knowingly collect personal data from persons under the age of 21. Age is verified during the KYC onboarding process, and accounts found to belong to individuals under the minimum age threshold are immediately suspended.
21+ Only. If xx77 discovers that personal data has been collected from a person under 21 years of age, such data will be permanently deleted without delay, and the associated account will be closed. Any deposited funds will be returned to the original payment source subject to verification and applicable legal requirements.
If you are a parent or guardian and believe that a person under 21 has created an xx77 account using their data, please contact xx77's support team immediately at the email address listed in Section 14 so we can investigate and take appropriate action.
12Third-Party Links
The xx77 platform does not contain links to third-party websites or external services for commercial or advertising purposes. Any third-party services integrated into xx77 — such as game studios and payment gateways — operate within technically controlled environments and are governed by the data processing agreements described in Section 6.
xx77 is not responsible for the privacy practices of any third-party operators whose services may be accessed in connection with your use of the xx77 platform. We encourage you to review the privacy policies of any third-party service with which you share personal data independently of xx77.
13Policy Updates
xx77 reserves the right to update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable law, or regulatory requirements. When material changes are made, xx77 will notify registered users via their registered email address or through a prominent notice on the xx77 platform prior to the changes taking effect.
The "Last Updated" date displayed at the top of this Policy indicates when the current version took effect. Your continued use of the xx77 platform following the effective date of any updated Privacy Policy constitutes your acceptance of the changes. We recommend reviewing this Policy periodically to stay informed about how your data is protected.
14Contact & Complaints
For any questions, concerns, or requests relating to this Privacy Policy or xx77's data processing practices — including the exercise of your data rights under RA 10173 — please contact the xx77 Data Protection Team through any of the following channels:
Live Chat: Available 24/7 via the chat widget on the xx77 platform. Select "Privacy & Data" as the inquiry category for priority routing to our data protection team.
Email: [email protected] — subject line: "Privacy Request"
Response Time: Privacy-related email requests are responded to within 5 business days; formal data rights requests within 30 calendar days.
If you believe xx77 has breached your data protection rights and your concern has not been satisfactorily addressed through our internal channels, you have the right to lodge a complaint with the National Privacy Commission of the Philippines (NPC), the competent data protection supervisory authority for Filipino data subjects.