Data Protection & Privacy

680ph Privacy
Policy

Your personal data belongs to you. This Privacy Policy explains exactly what information 680ph collects from Filipino players, why we collect it, how we use and protect it, and what rights you have under the Data Privacy Act of 2012 (Republic Act No. 10173) and applicable PAGCOR regulations.

Effective Date: 1 January 2026  |  Version 2.4
Our Privacy Commitments

What 680ph Promises About Your Data

These six commitments summarize how 680ph approaches your privacy. They complement — but do not replace — the full Policy sections below.

Your Data Is Never Sold
680ph does not sell, rent, or auction your personal data to any third party for their own marketing or commercial use. Full stop. When we share data with third parties — for payment processing, game provision, or regulatory compliance — it is only to operate the services you have signed up for, under strict data-sharing agreements that bind those parties to confidentiality.
256-Bit SSL Encryption
All data transmitted between your device and the 680ph platform is protected by 256-bit SSL encryption — the same standard used by Philippine government portals and major banks like BPI and BDO. Your login credentials, payment details, and personal information are encrypted in transit and at rest. We conduct regular security audits and penetration testing on all data systems.
You Control Your Data
Under the Data Privacy Act of 2012 (R.A. 10173), you have legal rights over your personal data — the right to access, correct, object, erase, and port. 680ph honours all these rights with a dedicated process. Submit a data request to [email protected] and we will respond within 15 business days. No bureaucratic runaround — just a straightforward fulfilment process.
Transparent Purpose Limitation
Every piece of data 680ph collects is collected for a specific, documented purpose. We do not collect data "just in case." We do not use data collected for account management to run targeted advertising. Each data type has a stated purpose, a legal basis, and a defined retention period — all documented in this Policy. If the purpose changes, we will notify you and seek fresh consent where required.
PAGCOR and NPC Compliant
680ph operates under dual regulatory oversight: PAGCOR governs gaming compliance, and the National Privacy Commission (NPC) of the Philippines governs data protection compliance. Our privacy practices are designed to satisfy both frameworks simultaneously. Where PAGCOR's AML and KYC requirements create obligations to retain or process personal data, this Policy explains those obligations clearly so you understand why they exist.
Breach Notification
In the event of a personal data breach that is likely to result in harm to you, 680ph will notify affected players within 72 hours of becoming aware of the breach — consistent with NPC mandatory notification requirements. We will explain what data was involved, what steps we are taking, and what you can do to protect yourself. Transparency in a breach is not optional for us.
Contents
Scope of This Policy: This Privacy Policy applies to all personal data processed by 680ph in connection with your registration, use of our platform, participation in promotions, and any other interactions with 680ph. It covers data processed by 680ph as Data Controller under the Data Privacy Act of 2012 (R.A. 10173). By using 680ph, you acknowledge you have read and understood this Policy.
1
Data Controller Identity
Who is responsible for your personal data

1.1  The Data Controller responsible for your personal data is 680ph, the online casino and gaming platform accessible at https://680ph.club, operating under a license issued by the Philippine Amusement and Gaming Corporation (PAGCOR).

1.2  In this Privacy Policy, references to "680ph," "we," "us," or "our" refer to the Data Controller. References to "you," "your," or "the Player" refer to any natural person whose personal data is processed by 680ph in the course of providing its online gaming services.

1.3  680ph has designated a Data Protection Officer (DPO) as required by the Data Privacy Act of 2012 and National Privacy Commission (NPC) issuances. The DPO can be contacted at [email protected] with the subject line "DPO — Data Privacy Inquiry."

2
Personal Data We Collect
What information 680ph holds about you

2.1  680ph collects the following categories of personal data:

Category Data Types Mandatory?
Identity Data Full legal name, date of birth, nationality, government ID type and number (for KYC) Yes (for withdrawals)
Contact Data Philippine mobile number, email address (if provided) Yes (mobile required at registration)
Financial Data GCash number, Maya account, bank account details (for withdrawals), transaction amounts Yes (for payment processing)
Gaming Activity Data Game session logs, bet amounts, game outcomes, winnings, losses, bonus usage Automatic (generated by use)
Device & Technical Data IP address, device type, browser type, operating system, session timestamps Automatic (generated by use)
Preferences Data Language settings, notification preferences, marketing opt-in/opt-out Optional
Communications Data Records of support chat or email correspondence with 680ph Generated when you contact us

2.2  680ph does not collect sensitive personal information as defined under Section 3(l) of R.A. 10173 (such as health or medical records, political affiliation, or sexual orientation) unless specifically required by applicable law or PAGCOR regulations and with your explicit consent.

2.3  680ph does not knowingly collect personal data from individuals under 21 years of age. Where an Account is found to belong to a person below the minimum legal gambling age, all data associated with that account will be securely deleted following closure of the account, subject to any mandatory retention obligations under PAGCOR or AMLA regulations.

3
How We Collect Your Data
Sources and collection methods

3.1  680ph collects personal data through the following channels:

  • Account Registration: You provide Identity Data and Contact Data directly when you sign up for a 680ph account on the Platform.
  • KYC Verification: You provide government-issued ID documents when completing identity verification prior to your first withdrawal.
  • Deposits and Withdrawals: Financial Data is collected when you fund your Wallet or request a payout using GCash, Maya, BPI, BDO, Metrobank, or other supported payment methods.
  • Platform Use: Gaming Activity Data and Technical Data are generated automatically when you log in to 680ph and use its services.
  • Support Interactions: Communications Data is collected when you contact 680ph Support via live chat, email, or any other channel.
  • Cookies and Similar Technologies: Certain Technical Data and Preferences Data are collected via cookies placed on your browser or device. See Section 8 for full details.

3.2  680ph does not purchase personal data from data brokers or other third-party data aggregators for the purpose of building player profiles.

4
Purpose and Legal Basis for Processing
Why we use your data and our legal justification

4.1  680ph processes your personal data only for specific, legitimate purposes. Each processing activity has an identified legal basis under R.A. 10173:

Purpose Data Used Legal Basis
Account creation and management Identity, Contact Performance of contract
KYC identity & age verification (PAGCOR-mandated) Identity, Financial Legal obligation / PAGCOR compliance
Processing deposits and withdrawals Financial, Identity Performance of contract
AML transaction monitoring (AMLA compliance) Financial, Gaming Activity Legal obligation (R.A. 9160 as amended)
Providing gaming services and game session management Gaming Activity, Technical Performance of contract
Platform security and fraud prevention Technical, Identity Legitimate interests of 680ph
Responsible gaming monitoring Gaming Activity, Financial Legal obligation / PAGCOR compliance
Customer support Communications, Identity Performance of contract
Sending promotional communications Contact, Preferences Consent (opt-in required)
Compliance with PAGCOR reporting obligations Identity, Financial, Gaming Activity Legal obligation

4.2  Where processing is based on your consent (such as for marketing communications), you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. You may withdraw marketing consent via the Notification Preferences section of your account settings or by contacting [email protected].

5
Data Sharing and Disclosure
Who else may access your data

5.1  680ph does not sell or trade your personal data. We may share your data only in the following circumstances:

  • Payment Processors: GCash (Mynt), Maya (Voyager Innovations), and partner banks (BPI, BDO, Metrobank) receive the minimum financial data necessary to process your transactions. These entities are subject to their own data protection obligations under Philippine law.
  • Game Studio Providers: Third-party game studios whose products appear in the 680ph lobby may receive technical session data necessary to operate games. They do not receive your identity or financial data and are bound by data processing agreements.
  • PAGCOR: As our licensing authority, PAGCOR may require 680ph to submit player data for regulatory compliance purposes, including AML investigations, responsible gaming compliance audits, and license renewal reviews.
  • Anti-Money Laundering Council (AMLC): Under the Anti-Money Laundering Act (R.A. 9160, as amended), 680ph is a covered person obligated to report covered and suspicious transactions to the AMLC. This reporting may include personal and financial data.
  • Law Enforcement and Courts: 680ph will disclose personal data to law enforcement, courts, or other government bodies where required by valid legal process, court order, or as otherwise required by Philippine law.
  • Service Providers: Third-party providers supplying technical infrastructure, cybersecurity services, fraud detection tools, or customer support platforms access data strictly to provide those contracted services under data processing agreements requiring GDPR-equivalent protections.

5.2  In all cases of data sharing, 680ph limits disclosure to the minimum data necessary for the stated purpose and requires all third parties to maintain confidentiality and comply with applicable Philippine data protection law.

6
Data Retention
How long we keep your information

6.1  680ph retains your personal data for as long as it is necessary for the purposes for which it was collected, subject to any longer retention required by law. The principal retention periods applicable to 680ph data are:

Account and identity data: Retained for the duration of your active account and for a minimum of 5 years following account closure, as required by PAGCOR licensing conditions and the Anti-Money Laundering Act.
Financial transaction records: Retained for a minimum of 5 years from the date of each transaction in accordance with AMLA obligations.
Game session logs: Retained for a minimum of 12 months for dispute resolution and responsible gaming monitoring purposes, and up to 5 years for AML compliance purposes.
Communications data (support records): Retained for 3 years from the date of the last interaction.
Marketing preferences and consent records: Retained for the duration of your active consent and for 2 years following withdrawal of consent, to demonstrate compliance.
Technical and device data: Typically retained for 12 months for security and fraud monitoring, unless required to be retained longer as part of a specific investigation.

6.2  Upon expiry of applicable retention periods, data is securely deleted or anonymized in accordance with 680ph's internal data lifecycle management procedures.

7
Security Measures
How we protect your data technically and organizationally

7.1  680ph implements appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. Current security measures include:

  • 256-bit SSL/TLS encryption for all data in transit between your device and 680ph servers;
  • AES-256 encryption for data stored at rest in our databases, including account credentials and KYC documents;
  • OTP-based two-factor authentication for player account access and sensitive account actions;
  • One-way cryptographic hashing (bcrypt) for password storage — your actual password is never stored in readable form;
  • Role-based access controls limiting internal staff access to personal data strictly to job functions that require it;
  • Regular independent penetration testing and vulnerability assessments of the platform and supporting infrastructure;
  • Automated anomaly detection systems monitoring for unusual login patterns, payment behavior, and API activity;
  • Physical and logical data center security measures at all hosting facilities.

7.2  While 680ph maintains robust security controls, no online system is entirely immune to risk. You play a critical role in your own data security — please see the account security provisions in our Terms & Conditions for your responsibilities regarding credential management.

7.3  In the event of a personal data breach that poses a significant risk of harm to affected players, 680ph will notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach, and will notify affected players without undue delay.

8
Cookies and Similar Technologies
How 680ph uses cookies on your device

8.1  680ph uses cookies and similar local storage technologies to operate the platform and improve your experience. The following types of cookies may be placed on your device:

Cookie Type Purpose Can be declined?
Strictly Necessary Session authentication, security tokens, payment flow state management. Required for the platform to function. No — essential for operation
Functional Remembering your language preference, notification settings, and last game played for convenience. Yes — via cookie settings
Analytics Aggregated, anonymized usage statistics to understand how players navigate the platform — used for product improvement only. Yes — via cookie settings
Security / Fraud Detection Device fingerprinting and session consistency checks to detect unauthorized access and fraud attempts. No — required for security

8.2  680ph does not place third-party advertising cookies or permit advertising networks to track your behavior across unrelated websites via cookies placed during your 680ph session.

8.3  You may manage your cookie preferences through your browser settings. Note that disabling strictly necessary or security cookies will impair your ability to use 680ph services.

9
Your Data Rights
Rights under the Data Privacy Act of 2012 (R.A. 10173)

9.1  As a data subject under R.A. 10173, you have the following rights with respect to your personal data held by 680ph:

Right to Access
Request a copy of the personal data 680ph holds about you, including the purpose for which it is processed and any third parties it has been shared with.
Right to Correction
Request correction of any inaccurate or incomplete personal data. You can update contact details directly in your account settings.
Right to Erasure
Request deletion of your personal data where it is no longer necessary for the purpose it was collected and no legal obligation requires its retention.
Right to Object
Object to processing of your data for marketing purposes or where processing is based on legitimate interests and your individual circumstances warrant it.
Right to Data Portability
Request your personal data in a machine-readable format where technically feasible, allowing you to transfer it to another service.
Right to Complain
Lodge a complaint with the National Privacy Commission (NPC) of the Philippines if you believe your rights have been violated and 680ph has not adequately addressed your concern.

9.2  To exercise any of these rights, submit a written request to 680ph at [email protected] with the subject line "Data Rights Request — [Right Type]." Include your full registered name and registered mobile number for identity verification. 680ph will respond within 15 business days of receipt.

Important: Certain data rights may be limited where retention is required by PAGCOR licensing conditions, the Anti-Money Laundering Act, or other applicable Philippine law. Where a right cannot be fully exercised due to a legal obligation, 680ph will explain the specific legal basis for the limitation in our response to your request.
10
Children's Privacy and the 21+ Requirement
Protection of minors

10.1  680ph's services are strictly restricted to individuals aged 21 years and above as required by PAGCOR and Philippine law. 680ph does not knowingly collect personal data from any person under the age of 21.

10.2  Age is verified during the KYC process using government-issued Philippine identification. Any Account found during or after registration to belong to a person under 21 will be immediately suspended, the matter reported to PAGCOR, and all personal data associated with the account deleted or anonymized upon completion of any mandatory retention period under applicable law.

10.3  If you are a parent or legal guardian and you believe that a minor has provided personal data to 680ph or has registered an account, please contact us immediately at [email protected]. We will take prompt action to investigate and remedy the situation.

11
Cross-Border Data Transfers
When your data leaves the Philippines

11.1  680ph's primary data processing infrastructure is hosted in data centers within the Asia-Pacific region. In the course of providing services, certain personal data may be transferred to or accessible from locations outside the Philippines — specifically in connection with third-party game studio providers, cybersecurity services, and cloud infrastructure partners.

11.2  Where personal data is transferred outside the Philippines, 680ph ensures that appropriate safeguards are in place consistent with Section 21 of R.A. 10173 and NPC Circular No. 16-01. Safeguards include contractual clauses requiring the receiving party to maintain data protection standards equivalent to those required under Philippine law.

11.3  680ph does not transfer personal data to jurisdictions that do not provide an adequate level of data protection without implementing compensating controls such as data processing agreements containing standard contractual clauses approved by the NPC.

12
Changes to This Privacy Policy
How we notify you of updates

12.1  680ph may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal obligations, or regulatory requirements. Material changes — those that significantly affect how we use your personal data or your rights — will be communicated via SMS to your registered Philippine mobile number no less than 7 calendar days before the updated Policy takes effect.

12.2  Non-material changes (such as clarifications, corrections of typographical errors, or structural reformatting that does not alter substance) may be made without prior individual notice, and the updated effective date at the top of this document will be updated accordingly.

12.3  The current version of this Privacy Policy is always available at https://680ph.club/privacy-policy. We recommend reviewing this page periodically. Continued use of 680ph services after the effective date of a revised Policy constitutes your acceptance of the revised terms.

This is Version 2.4 of the 680ph Privacy Policy, effective 1 January 2026. Previous versions are available on request from 680ph Support.
13
Contact and Data Protection Officer
How to reach 680ph for privacy matters

13.1  For any privacy-related inquiry, data rights request, complaint, or concern, please contact 680ph's Data Protection Officer using the contact details below. All privacy correspondence is treated as confidential.

Data Protection Officer / Privacy Inquiries: [email protected] — Subject line: "DPO — [Nature of Inquiry]"
General Player Support (24/7): [email protected] — for account-specific concerns, payment issues, and non-privacy matters.
Partnerships & Affiliates: [email protected] — for business and affiliate program inquiries.

13.2  If you are not satisfied with 680ph's response to a privacy concern, you have the right to lodge a complaint with the National Privacy Commission of the Philippines (NPC). The NPC can be reached through its official government channels. 680ph cooperates fully with NPC investigations and inquiries.

13.3  Email addresses in this Policy are displayed as plain text only and are not clickable links. This is an intentional security measure. Do not act on any unsolicited email purporting to be from 680ph that you did not initiate. Phishing attempts impersonating 680ph should be reported to [email protected] immediately.

Questions About 680ph Privacy?

Our Data Protection Officer and 24/7 support team are here to help with any questions about how your personal data is handled on 680ph.

Login to 680ph About 680ph
🔞 21+ only  |  PAGCOR Regulated  |  NPC Compliant  |  Philippines