ditowin Privacy Policy

1. Introduction

ditowin ("ditowin," "we," "us," or "our") is committed to protecting the privacy and personal data of all users of the ditowin online casino platform, accessible at ditowin.club and any associated mobile or web applications (collectively, the "Platform"). This Privacy Policy describes how ditowin collects, uses, discloses, stores, and protects your personal information in connection with your use of the Platform.

This Privacy Policy is issued in compliance with Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission (NPC) of the Philippines. By registering an account or using the ditowin Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein.

If you do not agree with the terms of this Privacy Policy, please do not access or use the ditowin Platform. For questions or concerns about this policy, please contact our Data Protection Officer at [email protected].

2. Personal Data We Collect

ditowin collects personal data that is necessary to provide our services, comply with regulatory obligations, and maintain the security and integrity of the Platform. The categories of personal data we collect include:

2.1 Registration & Identity Data

• Full legal name as it appears on your government-issued ID
• Date of birth (to verify you are 21 years of age or older)
• Residential address (barangay, city/municipality, province)
• Mobile number and email address
• Username and encrypted password

2.2 KYC & Verification Documents

• Copies of valid Philippine government-issued photo IDs (e.g., PhilSys National ID, passport, driver's license, SSS/GSIS ID, PRC ID, voter's ID)
• Proof of address documents (e.g., utility bills, bank statements, barangay certificates)
• Proof of payment method ownership (e.g., GCash account screenshots showing your registered name)
• Selfie or liveness verification images where required

2.3 Financial & Transaction Data

• Deposit and withdrawal amounts, dates, and payment methods used
• GCash, PayMaya, BPI, BDO, and Metrobank account references (masked where possible)
• Transaction history and account balance records
• Bonus and promotional activity records

2.4 Gameplay & Activity Data

• Games played, bet amounts, win/loss records, and session durations
• Responsible gaming tool usage (deposit limits, self-exclusion requests)
• Customer support interactions and correspondence

2.5 Technical & Device Data

• IP address and approximate geolocation
• Device type, operating system, and browser information
• Cookie identifiers and session tokens
• Platform access logs and timestamps

3. How We Use Your Personal Data

ditowin processes your personal data for the following purposes:

• Account Management: To create, maintain, and manage your ditowin account, including processing your registration and verifying your identity through KYC procedures.
• Service Delivery: To provide access to games, process deposits and withdrawals, credit bonuses, and deliver the full range of ditowin platform services.
• Regulatory Compliance: To comply with obligations under Philippine law, including the Data Privacy Act of 2012, the Anti-Money Laundering Act (AMLA), PAGCOR regulations, and any other applicable laws or regulatory directives.
• Fraud Prevention & Security: To detect, investigate, and prevent fraudulent activity, money laundering, unauthorized account access, and other illegal or prohibited conduct on the Platform.
• Responsible Gaming: To monitor gameplay patterns for signs of problem gambling and to administer responsible gaming tools such as deposit limits, cooling-off periods, and self-exclusion.
• Customer Support: To respond to your inquiries, resolve disputes, and provide technical assistance.
• Communications: To send you transactional notifications (e.g., deposit confirmations, withdrawal updates), security alerts, and, where you have opted in, promotional communications about ditowin offers and new games.
• Platform Improvement: To analyze usage patterns, conduct research, and improve the functionality, performance, and user experience of the ditowin Platform.

4. Legal Basis for Processing

ditowin processes your personal data on the following legal bases under the Data Privacy Act of 2012:

• Contractual Necessity: Processing is necessary to perform the contract between you and ditowin (i.e., to provide the Platform services you have registered for).
• Legal Obligation: Processing is required to comply with applicable Philippine laws and regulations, including PAGCOR licensing requirements and AMLC reporting obligations.
• Legitimate Interests: Processing is necessary for ditowin's legitimate interests in preventing fraud, ensuring platform security, and improving our services, provided these interests are not overridden by your data protection rights.
• Consent: For certain processing activities, such as sending promotional communications or using non-essential cookies, ditowin relies on your freely given, specific, and informed consent. You may withdraw your consent at any time by contacting us at [email protected].

5. Data Sharing & Disclosure

ditowin does not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may share your personal data with the following categories of recipients only to the extent necessary for the purposes described in this Privacy Policy:

5.1 Payment Service Providers

We share necessary transaction data with payment processors including GCash (Mynt), PayMaya (Maya Bank), BPI, BDO, and Metrobank to facilitate deposits and withdrawals. These providers process your data under their own privacy policies and are bound by applicable Philippine financial regulations.

5.2 Identity Verification Providers

ditowin may engage third-party KYC and identity verification service providers to assist with document verification and liveness checks. These providers are contractually bound to process your data only for verification purposes and in accordance with the DPA.

5.3 Regulatory & Law Enforcement Authorities

ditowin may disclose your personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), the Bureau of Internal Revenue (BIR), or other competent Philippine government authorities where required by law, court order, or regulatory directive.

5.4 Service Providers & Technology Partners

ditowin engages trusted third-party service providers for cloud hosting, data analytics, customer support software, and cybersecurity services. All such providers are subject to data processing agreements that restrict their use of your data to the specific services they provide to ditowin.

5.5 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of ditowin's assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections described in this policy. You will be notified of any such transfer via email or a prominent notice on the Platform.

6. Cookies & Tracking Technologies

ditowin uses cookies, web beacons, pixel tags, and similar tracking technologies to enhance your experience on the Platform. The types of cookies we use include:

• Strictly Necessary Cookies: Essential for the Platform to function correctly, including maintaining your login session and security tokens. These cannot be disabled.
• Functional Cookies: Remember your preferences such as language settings and game display options to personalize your ditowin experience.
• Analytics Cookies: Help us understand how players use the Platform, which pages are most visited, and where technical issues occur, enabling us to improve performance.
• Marketing Cookies: Used to deliver relevant promotional content about ditowin to you, where you have consented to receive such communications.

You can manage or disable non-essential cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the ditowin Platform. For more information on managing cookies, refer to your browser's help documentation.

7. Data Retention

ditowin retains your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable Philippine law. Our general retention periods are as follows:

• Account & KYC Data: Retained for a minimum of five (5) years from the date of account closure, as required under the Anti-Money Laundering Act and PAGCOR regulations.
• Transaction Records: Retained for a minimum of five (5) years from the date of each transaction, in compliance with AMLC reporting requirements and BIR regulations.
• Gameplay Data: Retained for three (3) years from the date of each gaming session, or longer if required for the resolution of a dispute or regulatory investigation.
• Customer Support Records: Retained for two (2) years from the date of the last interaction, unless the matter is subject to ongoing legal proceedings.
• Marketing Consent Records: Retained for the duration of your account and for one (1) year following account closure or withdrawal of consent, whichever is later.

Upon expiry of the applicable retention period, ditowin will securely delete or anonymize your personal data in accordance with our internal data disposal procedures. Where anonymization is not technically feasible, the data will be securely destroyed.

8. Data Security

ditowin takes the security of your personal data seriously and implements a comprehensive set of technical and organizational measures to protect it against unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption: All data transmitted between your device and the ditowin Platform is protected using 256-bit SSL/TLS encryption. Sensitive data at rest, including KYC documents and financial records, is encrypted using industry-standard algorithms.
• Access Controls: Access to personal data is restricted to authorized ditowin personnel and service providers on a strict need-to-know basis. All staff with access to personal data are subject to confidentiality obligations.
• Two-Factor Authentication (2FA): ditowin offers 2FA for player accounts to provide an additional layer of protection against unauthorized access.
• Regular Security Audits: ditowin conducts periodic security assessments, penetration testing, and vulnerability scans to identify and remediate potential security risks.
• Incident Response: ditowin maintains a data breach response plan. In the event of a personal data breach that poses a risk to your rights and freedoms, ditowin will notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach, and will notify affected players without undue delay, as required under the DPA.

While ditowin employs robust security measures, no system is completely immune to security threats. You are responsible for maintaining the security of your ditowin login credentials and for notifying us immediately at [email protected] if you suspect any unauthorized access to your account.

9. Your Data Privacy Rights

Under the Data Privacy Act of 2012 and its Implementing Rules and Regulations, you have the following rights with respect to your personal data held by ditowin:

• Right to Be Informed: You have the right to be informed about how ditowin collects and processes your personal data, as described in this Privacy Policy.
• Right of Access: You have the right to request a copy of the personal data ditowin holds about you, along with information about how it is being processed.
• Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data ditowin holds about you.
• Right to Erasure: You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to ditowin's legal retention obligations.
• Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes or where processing is based on ditowin's legitimate interests.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the National Privacy Commission (NPC) if you believe ditowin has violated your data privacy rights.

To exercise any of these rights, please submit a written request to our Data Protection Officer at [email protected]. ditowin will respond to your request within fifteen (15) business days of receipt. We may require you to verify your identity before processing your request.

10. Children's Privacy

The ditowin Platform is strictly intended for adults aged 21 years and above, in accordance with Philippine law governing casino-style gambling. ditowin does not knowingly collect personal data from individuals under the age of 21.

If ditowin becomes aware that personal data has been collected from a person under 21 years of age, we will immediately suspend the associated account, delete the personal data in question, and, where applicable, report the matter to the relevant authorities. If you believe that a minor has registered on the ditowin Platform, please notify us immediately at [email protected].

11. International Data Transfers

ditowin primarily stores and processes your personal data within the Republic of the Philippines. In certain circumstances, your data may be transferred to or processed by service providers located outside the Philippines, such as cloud infrastructure providers or international game software licensors.

Where such transfers occur, ditowin ensures that appropriate safeguards are in place to protect your personal data, including contractual clauses that require the recipient to provide a level of data protection equivalent to that required under the Data Privacy Act of 2012. ditowin will not transfer your personal data to a foreign country or international organization unless such transfer is authorized under the DPA and its Implementing Rules and Regulations.

12. Third-Party Links

The ditowin Platform may contain links to third-party websites or services, such as payment provider portals. This Privacy Policy applies solely to the ditowin Platform and does not cover the privacy practices of any third-party websites or services. ditowin is not responsible for the content, privacy policies, or data practices of any third-party sites.

We encourage you to review the privacy policies of any third-party services you access through or in connection with the ditowin Platform before providing them with your personal data.

13. Changes to This Privacy Policy

ditowin reserves the right to update or modify this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or regulatory requirements. When material changes are made, ditowin will notify registered players via email or a prominent notice on the Platform at least seven (7) days before the changes take effect, where practicable.

The "Last Updated" date at the top of this page indicates when this Privacy Policy was most recently revised. Your continued use of the ditowin Platform after the effective date of any revised Privacy Policy constitutes your acceptance of the updated terms. The most current version of this Privacy Policy will always be available at ditowin.club/privacy-policy.

14. Contact Our Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or ditowin's data processing practices, please contact our Data Protection Officer (DPO):