taha777 Privacy Policy

1 Scope and Application

1.1 This Privacy Policy applies to all personal information collected, processed, and stored by taha777 in connection with your use of the taha777 online gaming platform accessible at taha777.app, including all associated features, customer support channels, and marketing communications.

1.2 This Policy applies to all registered users, applicants who begin but do not complete registration, and visitors who interact with the taha777 Platform without registering an account (to the limited extent that non-account visitor data is collected).

1.3 This Policy does not apply to the data practices of third-party game providers, payment processors, or other service partners whose platforms you may access through taha777. Those entities are governed by their own privacy policies.

2 Data Controller Identity

2.1 For purposes of the Philippine Data Privacy Act of 2012, taha777 is the personal information controller ("PIC") with respect to the personal data of its users. taha777 determines the purposes and means of processing personal data collected through the Platform.

2.2 taha777 operates under the regulatory oversight of the Philippine Amusement and Gaming Corporation (PAGCOR). Certain data processing activities are mandated by PAGCOR and Philippine AML regulations, in which capacity taha777 acts as a personal information processor ("PIP") on behalf of the Philippine government.

2.3 Data Protection Officer. taha777 has designated a Data Protection Officer (DPO) responsible for overseeing compliance with the Data Privacy Act. Contact details for the DPO are provided in Section 14 of this Policy. The taha777 DPO registration with the NPC is maintained in accordance with NPC Circular 17-01.

3 Categories of Personal Data We Collect

The following table summarizes the categories of personal data taha777 collects and the primary purpose for which each category is collected:

4 How We Collect Your Personal Data

taha777 collects personal data through the following channels:

• Direct submission: Information you provide during account registration, KYC verification, deposit and withdrawal requests, contact form submissions, and live chat or email support interactions;
• Automated technical collection: Log files, cookies, session tokens, and analytics tools that automatically record device and usage data when you access the Platform;
• Payment processors: Transaction confirmations and payment references received from GCash, PayMaya, and other payment service providers you use to fund your Account;
• Identity verification services: Verification results from third-party KYC and document verification platforms used to validate government-issued Philippine IDs;
• Fraud prevention services: Risk signals and device fingerprinting data from fraud detection service providers;
• PAGCOR-mandated reporting: Data provided to or received from PAGCOR in connection with our regulatory licensing obligations.

5 How We Use Your Personal Data

taha777 uses the personal data we collect for the following purposes:

• Account management: To create, verify, maintain, and close your taha777 Account;
• Service delivery: To provide access to games, process bets and winnings, manage your balance, and deliver all Platform features;
• Payment processing: To process deposits, verify withdrawal instructions, and return funds to your registered payment method;
• Identity and age verification: To comply with PAGCOR's 21+ age restriction and KYC requirements under Philippine AML regulations;
• Fraud and security: To detect, investigate, and prevent unauthorized access, bonus abuse, account fraud, money laundering, and other prohibited activities;
• Responsible gaming: To monitor gaming behavior patterns that may indicate problem gambling and to enforce deposit limits, session controls, and self-exclusion instructions;
• Customer support: To respond to your inquiries, resolve disputes, and improve the quality of our support services;
• Legal and regulatory compliance: To comply with PAGCOR licensing requirements, Anti-Money Laundering Act obligations, Data Privacy Act requirements, and any other applicable Philippine law;
• Marketing communications: To send you information about taha777 promotions, bonuses, and new features, where you have not opted out of such communications. You may opt out at any time via Account Settings or by contacting support;
• Platform improvement: To analyze usage patterns and improve the functionality, performance, and user experience of the Platform.

6 Legal Bases for Processing

Under the Data Privacy Act of 2012, taha777 processes your personal data on the following legal bases:

• Consent (Section 12(a), DPA): Where you have given specific, free, and informed consent, including consent to marketing communications at the time of registration;
• Contractual necessity (Section 12(b), DPA): Processing necessary to perform our contractual obligations to you under the taha777 Terms & Conditions, including account management, payment processing, and service delivery;
• Legal obligation (Section 12(c), DPA): Processing required by PAGCOR regulations, the Anti-Money Laundering Act (RA 9160 as amended), the Data Privacy Act itself, and other applicable Philippine law;
• Legitimate interests (Section 12(f), DPA): Processing necessary for taha777's legitimate business interests, including fraud prevention, platform security, and responsible gaming monitoring, provided such interests are not overridden by your rights and freedoms.

7 Data Sharing and Third-Party Disclosure

7.1 Service Providers. taha777 engages third-party service providers who process personal data on our behalf as personal information processors under data processing agreements. These include payment processors (GCash, PayMaya, card networks), KYC and identity verification platforms, fraud detection services, cloud infrastructure providers, and analytics platforms. All such processors are contractually bound to process data only as instructed by taha777 and in compliance with the Data Privacy Act.

7.2 Game Providers. When you play games hosted by third-party studios on the taha777 Platform, limited gameplay and session data may be shared with the relevant game provider for the purpose of game delivery, outcome verification, and jackpot management. Game providers are not granted access to your full identity or financial data.

7.3 Regulatory Disclosure. taha777 is required by Philippine law to disclose personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other government authorities upon lawful request or as mandated by our operating license. Such disclosures are made without separate notification to the affected user where legally required.

7.4 Business Transfers. In the event of a merger, acquisition, or sale of taha777 or its assets, personal data held by taha777 may be transferred to the successor entity, subject to the same privacy protections described in this Policy. Affected users will be notified in advance where practicable.

7.5 No Cross-Border Transfers Without Safeguards. taha777 does not transfer your personal data to recipients outside the Philippines unless adequate data protection safeguards are in place in accordance with NPC guidelines on cross-border data transfer.

8 Cookies and Tracking Technologies

8.1 taha777 uses cookies and similar tracking technologies (session tokens, local storage, pixel tags) to operate the Platform, maintain your login session, remember your preferences, detect fraud, and analyze usage patterns.

8.2 The following categories of cookies are used:

• Strictly Necessary Cookies: Required for the Platform to function. These include session authentication cookies and security tokens. Cannot be disabled without breaking core Platform functionality.
• Functional Cookies: Remember your preferences such as language, display settings, and responsible gaming configurations. Can be disabled but may affect your experience.
• Analytics Cookies: Collect aggregated, anonymized data about how users interact with the Platform to help us improve its design and performance. Collected via privacy-respecting analytics tools.
• Security Cookies: Used by our fraud detection systems to fingerprint devices and identify suspicious login patterns. Essential for account security.

8.3 You may manage non-essential cookies through your browser settings. Disabling cookies may affect your ability to use certain features of the Platform, including maintaining a logged-in session.

9 Data Retention

9.1 taha777 retains personal data only for as long as necessary for the purposes for which it was collected, subject to applicable legal retention requirements. The following retention periods apply:

• Account and identity data: For the duration of your account relationship with taha777, plus a minimum of 5 years after account closure, as required by PAGCOR and AMLA regulations;
• Financial and transaction data: Minimum 5 years from the date of each transaction, as required by Republic Act No. 9160 and PAGCOR regulations;
• KYC documents: Minimum 5 years from account closure or from the date of the last transaction, whichever is later;
• Support communications: 3 years from the date of the last interaction in a support thread;
• Marketing consent records: For as long as you maintain an Account and for 1 year after consent is withdrawn, for audit purposes;
• Technical and log data: 12 months from collection, unless retained longer for active fraud investigation purposes.

9.2 Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymized in accordance with NPC-recognized data disposal standards.

10 Data Security Measures

taha777 implements the following technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, and destruction:

• Encryption: AES-256 encryption for data at rest; TLS 1.3 for data in transit;
• Access controls: Role-based access controls limiting staff access to personal data on a need-to-know basis; multi-factor authentication required for all administrative access;
• Infrastructure security: Platform hosted on ISO 27001-certified cloud infrastructure with regular penetration testing and vulnerability assessments;
• Password handling: User passwords are stored as salted cryptographic hashes using bcrypt — plain-text passwords are never stored or accessible;
• Incident response: A documented data breach response plan with designated response team, NPC notification procedures, and affected-user notification protocols;
• Staff training: Regular data privacy and security training for all taha777 staff with access to personal data.

Despite these measures, no online platform can guarantee absolute security. You are responsible for maintaining the security of your own Account credentials and for notifying taha777 promptly if you suspect unauthorized access to your Account.

11 Your Data Subject Rights

Under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data held by taha777:

To exercise any of the above rights, submit a written request to the taha777 Data Protection Officer at the contact details in Section 14. taha777 will respond within 15 business days of receiving a verifiable request. Identity verification will be required before any data subject rights request is fulfilled.

You also have the right to file a complaint with the National Privacy Commission (NPC) if you believe taha777 has violated your rights under the Data Privacy Act. NPC complaint procedures are available at the NPC's official website.

12 Children's Privacy and Underage Users

12.1 The taha777 Platform is strictly restricted to users who are 21 years of age or older. taha777 does not knowingly collect personal data from persons under the age of 21. The 21-year minimum age is a mandatory requirement under PAGCOR regulations governing online gaming in the Philippines.

12.2 If taha777 discovers that personal data has been collected from a person under 21 years of age, the Account will be immediately suspended, all deposits will be returned to the registered payment method upon identity confirmation, and the personal data will be deleted in accordance with NPC guidelines for data of minors, subject to any overriding legal obligation to retain the data for reporting purposes.

12.3 Parents or guardians who believe a minor has registered with taha777 should contact the Data Protection Officer immediately using the contact details in Section 14.

13 Changes to This Privacy Policy

13.1 taha777 reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data practices, legal obligations, or Platform features. Where changes are material, we will provide advance notice to registered users via email or in-platform notification at least 7 days before the changes take effect.

13.2 The effective date at the top of this Policy reflects the date of the most recent revision. Continued use of the Platform after the revised Policy's effective date constitutes your acceptance of the changes. If you do not accept the revised Policy, you should close your Account before the effective date.

13.3 The most current version of this Privacy Policy will always be accessible at taha777.app/privacy-policy.

14 Contact and Data Protection Officer

For questions, concerns, or requests relating to this Privacy Policy or your personal data rights, please contact the taha777 Data Protection Officer through the following official channels:

• Email (DPO): [email protected] — subject line: "Data Privacy Request"
• Live Chat: 24/7 via the taha777 Platform dashboard — identify your inquiry as a data privacy matter
• Response Time: Within 15 business days for formal data subject rights requests; within 1 business day for general privacy inquiries

For complaints about taha777's data practices that cannot be resolved through our internal channels, you may escalate to the National Privacy Commission (NPC) of the Philippines. taha777 cooperates fully with NPC investigations and directives.