Last updated: 1 January 2026 · Effective immediately upon account registration or continued use of the Platform
This Privacy Policy ("Policy") describes how pilwin ("pilwin," "we," "us," or "our"), the operator of the online gaming platform accessible at pilwin.co (the "Platform"), collects, uses, stores, discloses, and protects personal data relating to registered players and visitors to the Platform ("you" or "Data Subject").
pilwin is committed to protecting the privacy and security of your personal data in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 ("DPA"), its Implementing Rules and Regulations ("IRR"), and all applicable issuances of the National Privacy Commission ("NPC") of the Philippines. This Policy also reflects pilwin's obligations under PAGCOR regulations governing the collection and processing of player data by authorized online gaming operators.
Your consent matters. By registering an account on pilwin, accessing the Platform, or continuing to use the Platform after any update to this Policy, you acknowledge that you have read, understood, and consented to the collection and processing of your personal data as described in this Policy. If you do not agree, please discontinue use of the Platform and contact us to request account closure.
This Policy applies to all personal data collected by pilwin through the Platform, live chat, customer support channels, payment processing, and any other interaction you have with pilwin as a registered player or site visitor. It should be read together with the pilwin Terms & Conditions.
For the purposes of the Data Privacy Act of 2012 and its IRR, pilwin acts as the Personal Information Controller (PIC) in respect of personal data collected through the Platform. This means pilwin determines the purposes for which, and the manner in which, any personal data is processed.
Where pilwin engages third-party service providers to process personal data on its behalf (for example, payment processors, game providers, fraud detection services, and cloud hosting providers), those third parties act as Personal Information Processors (PIPs) and are bound by data processing agreements that require them to process data only in accordance with pilwin's instructions and in compliance with the DPA.
pilwin has designated a Data Protection Officer (DPO) in compliance with Section 21 of the Data Privacy Act. The DPO oversees pilwin's data protection compliance program and is the primary point of contact for all data privacy matters. Contact information for the DPO is provided in Section 15 of this Policy.
pilwin collects personal data in the following categories, depending on your level of interaction with the Platform:
Collected when you create a pilwin account:
Collected as required by PAGCOR regulations and Philippine Anti-Money Laundering laws:
pilwin processes your personal data on the following lawful grounds as provided under the Data Privacy Act of 2012:
| Processing Activity | Lawful Basis (DPA Section) |
|---|---|
| Account registration and management | Performance of a contract to which the data subject is a party (Sec. 12[b]) |
| Payment processing and transaction records | Performance of a contract; compliance with a legal obligation (Sec. 12[b], [c]) |
| KYC identity verification | Compliance with a legal obligation under PAGCOR and AMLA regulations (Sec. 12[c]) |
| Fraud prevention and AML monitoring | Legitimate interests pursued by pilwin; compliance with legal obligations (Sec. 12[c], [f]) |
| Responsible gaming monitoring and interventions | Compliance with PAGCOR responsible gaming requirements (Sec. 12[c]) |
| Customer support and dispute resolution | Performance of a contract; legitimate interests (Sec. 12[b], [f]) |
| Marketing communications (where consented) | Consent of the data subject (Sec. 12[a]) |
| Platform analytics and improvement | Legitimate interests of pilwin, balanced against data subject rights (Sec. 12[f]) |
pilwin uses the personal data it collects for the following purposes:
To create and maintain your pilwin account; to authenticate your identity at login; to process deposits to and withdrawals from your pilwin wallet; to deliver game results and settle bets; to apply bonuses and promotions to your account; to communicate account-related notifications via SMS or in-platform messaging.
To verify your identity and age (21+ as required by PAGCOR) through the KYC process; to comply with the Anti-Money Laundering Act of 2001 (Republic Act No. 9160) and its amendments, including transaction monitoring and suspicious transaction reporting to the Anti-Money Laundering Council (AMLC); to comply with PAGCOR reporting requirements; to retain transaction records as required by applicable law.
To detect, investigate, and prevent fraudulent, abusive, or prohibited activity on the Platform; to enforce the single-account policy; to identify multi-accounting, bonus abuse, collusion, and other violations of the pilwin Terms and Conditions; to maintain the security and integrity of the Platform.
To monitor gaming patterns for indicators of problem gambling behavior as required by PAGCOR responsible gaming standards; to administer and enforce player-imposed responsible gaming limits and self-exclusion requests; to provide players with account-based gaming history and activity summaries.
To respond to account inquiries, technical issues, withdrawal queries, and dispute submissions; to maintain records of customer support interactions for quality assurance and dispute resolution purposes.
Where you have provided consent, to send you information about pilwin promotions, bonuses, new game releases, and special offers via SMS. You may withdraw your marketing consent at any time by contacting pilwin support or updating your notification preferences in account settings. Withdrawal of marketing consent does not affect the lawfulness of processing carried out before withdrawal.
To analyze aggregated and anonymized usage data to improve Platform performance, game selection, user experience, and feature development. Where analytics involve personal data, pilwin applies appropriate pseudonymization measures.
pilwin does not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes. Personal data is shared only in the following circumstances:
pilwin shares personal data with third-party service providers who process data on pilwin's behalf under written data processing agreements. These include:
pilwin will disclose personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), or other competent Philippine government authorities where required to do so by law, regulation, court order, or official government request. pilwin will notify affected players of such disclosures where legally permitted to do so.
In the event of a merger, acquisition, restructuring, or sale of all or substantially all of pilwin's assets, your personal data may be transferred to the acquiring or successor entity. In such circumstances, pilwin will use reasonable efforts to ensure that the receiving entity is bound by data protection obligations no less protective than those set out in this Policy, and will provide notice to affected players where required by the DPA.
pilwin may disclose personal data where necessary for the establishment, exercise, or defense of legal claims, including proceedings before PAGCOR, the NPC, or Philippine courts.
pilwin retains personal data for as long as necessary to fulfill the purposes described in this Policy, comply with applicable legal and regulatory obligations, and resolve disputes. The following retention periods apply as a general guide:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration and KYC data | Duration of account plus 5 years after closure | PAGCOR regulation; AMLA requirements |
| Financial transaction records | 10 years from transaction date | Anti-Money Laundering Act of 2001 |
| Gaming activity records | 5 years from date of activity | PAGCOR reporting obligations |
| Customer support records | 3 years from last interaction | Legitimate interests; dispute resolution |
| Marketing consent records | Duration of consent plus 3 years | DPA accountability requirements |
| Technical / device logs | 12 months from collection | Security monitoring; fraud prevention |
Upon expiry of the applicable retention period, pilwin will securely delete or anonymize your personal data in accordance with NPC-approved data disposal procedures. Where data has been anonymized such that you can no longer be identified from it, this Policy ceases to apply to that data.
pilwin implements appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, destruction, alteration, or disclosure. These measures include:
Data Breach Notification: In the event of a personal data breach that poses a risk to your rights and freedoms, pilwin will notify the National Privacy Commission (NPC) within seventy-two (72) hours of becoming aware of the breach as required under NPC Circular 16-03. Affected data subjects will be notified in accordance with NPC guidelines and the severity of the breach.
pilwin uses cookies and similar tracking technologies on the Platform to support essential Platform functionality, security, and analytics. The following categories of cookies are used:
You may manage cookie preferences through your browser settings. Disabling certain cookie categories may limit Platform functionality. Strictly necessary and security cookies cannot be disabled through browser settings as they are essential to Platform integrity and your account security.
Under the Data Privacy Act of 2012 and its IRR, you have the following rights with respect to your personal data held by pilwin:
The right to know that your personal data is being collected, what data is collected, how it is used, and with whom it is shared – fulfilled by this Policy.
The right to obtain a copy of your personal data held by pilwin, and information about how that data has been used and disclosed.
The right to request correction of inaccurate or incomplete personal data held by pilwin.
The right to request deletion of personal data that is no longer necessary, was unlawfully processed, or for which consent has been withdrawn – subject to legal retention obligations.
The right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
The right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit it to another personal information controller where technically feasible.
To exercise any of the above rights, please submit a written request to the pilwin Data Protection Officer using the contact information provided in Section 15. pilwin will respond to verified requests within thirty (30) calendar days. Where the request is complex or voluminous, the response period may be extended by a further thirty (30) days with notification to you.
You also have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines if you believe that pilwin has not handled your personal data in accordance with the Data Privacy Act. Complaints to the NPC may be submitted through the NPC's official channels.
The pilwin Platform is strictly intended for persons who are twenty-one (21) years of age or older, as required by PAGCOR regulations. pilwin does not knowingly collect personal data from persons under the age of 21. If pilwin discovers that personal data has been collected from a person under 21, the relevant account will be immediately suspended and the data will be deleted or anonymized, except to the extent retention is required by applicable law or to protect against legal claims.
If you believe that a person under 21 has registered an account on pilwin or has used the Platform, please notify pilwin immediately via the contact details in Section 15 and the matter will be investigated and resolved promptly.
Certain third-party service providers engaged by pilwin (including cloud infrastructure providers and game studios) may process personal data outside of the Philippines. Where such international transfers occur, pilwin ensures that:
pilwin's primary data storage infrastructure is located in data centers within or serving the Asia-Pacific region. Specific server location information can be provided to data subjects upon request to the Data Protection Officer.
The pilwin Platform may contain links to or integrations with third-party platforms such as payment provider portals (GCash, PayMaya, BPI, BDO) that are accessed for the purpose of processing your transactions. Once you leave the pilwin Platform and enter a third-party platform, that platform's own privacy policy applies to the collection and processing of your data.
pilwin is not responsible for the privacy practices of third-party platforms. We encourage you to review the privacy policies of any third-party services you use in connection with your pilwin account.
pilwin reserves the right to update, revise, or replace this Privacy Policy at any time to reflect changes in applicable law, NPC guidelines, PAGCOR requirements, our data processing activities, or our business operations. The "Last updated" date at the top of this Policy will be revised each time material changes are made.
Where changes are material, pilwin will provide advance notice to registered players via SMS to their registered Philippine mobile number or via a prominent in-Platform notification, with reasonable notice prior to the effective date of the changes.
Your continued use of the Platform after the effective date of any revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree to the revised Policy, you must discontinue use of the Platform and may request account closure.
For any questions, concerns, or requests relating to this Privacy Policy or your personal data held by pilwin, please contact the pilwin Data Protection Officer. All privacy-related correspondence should clearly identify the nature of your request and include your registered pilwin mobile number for verification purposes.
Data Protection Officer – pilwin
Contact for privacy inquiries, data subject rights requests, and data breach reports:
Email (plain text): [email protected] – subject line: "Data Privacy Request"
Response time: Within 30 calendar days of receipt of a verified written request.
If you are not satisfied with pilwin's response to your privacy inquiry or data subject rights request, you have the right to escalate your complaint to the National Privacy Commission (NPC) of the Philippines, which has jurisdiction over complaints involving violations of the Data Privacy Act of 2012.
The legal language above is important, but here's the plain-language version of what the pilwin Privacy Policy means for you as a Filipino player.
pilwin does not sell, rent, or trade your personal data to third parties for marketing or commercial use. Your data is used only for the purposes described in this Policy.
pilwin processes your data in full compliance with Republic Act 10173 (Data Privacy Act of 2012) and all NPC issuances. A designated Data Protection Officer oversees compliance.
Every byte of data between your device and pilwin servers is encrypted in transit. Stored sensitive data is encrypted at rest. Your financial and personal information is protected at every layer.
The Data Privacy Act gives you real rights: access, correction, deletion, portability, and the right to object. Submit a request to the pilwin DPO and receive a response within 30 days.
If a data breach poses risk to your rights, pilwin notifies the NPC within 72 hours and affected players as required by NPC Circular 16-03. No sweep-under-the-rug approach here.
pilwin is accountable to both PAGCOR and the NPC. If our response to your privacy concern is unsatisfactory, you have the legal right to escalate directly to the NPC.
pilwin keeps your personal data secure, your privacy respected, and your Philippine Peso wallet ready. PAGCOR regulated, GCash-native, 1,000+ games available. Join over a million Filipino players. Must be 21 or older to play.