aha888 Privacy Policy

01

About This Privacy Policy

aha888 is committed to protecting the privacy and personal data of every Filipino player who registers and plays on our platform. This Privacy Policy describes in plain terms what personal information aha888 collects, how it is used, who it may be shared with, how long it is kept, and what rights you have over your data.

This Policy applies to all personal data processed by aha888 in connection with the aha888.one website and any related services, applications, or communications, regardless of the device or method through which you access the platform. It covers data collected from players based in the Philippines and is drafted in compliance with Republic Act No. 10173, the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, the directives of the National Privacy Commission (NPC) of the Philippines, and PAGCOR's applicable regulatory standards for licensed online gaming operators.

By registering an account on aha888 or continuing to use the platform after this Policy's effective date, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein.

Philippine Data Privacy Act (RA 10173): As a data controller processing the personal information of Filipino data subjects, aha888 is subject to the full requirements of the DPA and the jurisdiction of the National Privacy Commission. Your rights under Philippine data privacy law are set out fully in Section 11 of this Policy.

02

Data Controller Information

For the purposes of the Philippine Data Privacy Act of 2012 and applicable data protection legislation, the data controller responsible for your personal information processed through the aha888 platform is:

aha888 (aha888.one)
Regulated by the Philippine Amusement and Gaming Corporation (PAGCOR)
Contact Email: [email protected]
Support Channel: 24/7 Live Chat via member dashboard

aha888 has designated a Data Protection Officer (DPO) as required under the Data Privacy Act. Privacy-related requests, complaints, and inquiries should be directed to our support team, which will escalate data protection matters to the DPO as appropriate.

03

Personal Data We Collect

aha888 collects personal data that is necessary, adequate, and not excessive for the purposes described in this Policy. We do not collect sensitive personal information beyond what is strictly required by PAGCOR KYC obligations and AML compliance requirements. The categories of data we collect are described below.

Category	Examples	Collected When
Identity Data	Full legal name, date of birth, nationality, government ID number and type	Account registration; KYC verification
Contact Data	Philippine mobile number, email address, mailing address	Account registration; KYC
Financial Data	GCash number, PayMaya account, bank account name and number (BPI, BDO, Metrobank), transaction history, deposit/withdrawal records	Payment processing; KYC; AML monitoring
KYC Documents	Scanned or photographed government-issued Philippine ID, selfie with ID (liveness verification where required)	KYC verification process
Gaming Activity Data	Bet history, game session logs, win/loss records, bonus usage, stake amounts, game preferences	Platform use — ongoing
Technical Data	IP address, device type, browser type and version, operating system, session timestamps, cookies	Platform access — ongoing
Communications Data	Live chat transcripts, support email correspondence, feedback submissions	When you contact aha888 support
Marketing Preferences	Opt-in/opt-out status for promotional communications, preferred contact channel	Registration; account settings updates

aha888 does not intentionally collect sensitive personal information (as defined under Section 3(l) of the DPA) such as racial or ethnic origin, political opinions, religious beliefs, health data, or sexual orientation. To the extent that sensitive data is incidentally disclosed through communications with our support team, it will not be processed beyond what is necessary to address the specific support matter.

04

How We Collect Your Data

aha888 collects personal data through the following means:

4.1 Directly from You

The majority of personal data we hold is provided directly by you during account registration, the KYC verification process, payment transactions, responsible gaming tool configuration, and communications with our support team. You are not required to provide more information than is necessary to access the Services.

4.2 Automated Technical Collection

When you access aha888.one, our servers and analytics infrastructure automatically collect certain technical data about your device and session, including your IP address, device identifiers, browser characteristics, and access timestamps. This data is collected through server logs, session cookies, and similar technologies described in Section 10 of this Policy.

4.3 Third-Party Sources

In limited circumstances, aha888 may receive personal data from third-party sources as part of our legal compliance obligations. These include: (a) identity verification service providers used to authenticate KYC documents; (b) payment processors (GCash, PayMaya, and Philippine banking partners) who confirm transaction validity; and (c) public records, sanctions screening databases, and politically exposed persons (PEP) lists that aha888 is required to cross-reference under PAGCOR AML compliance rules.

05

How and Why We Use Your Personal Data

aha888 processes your personal data only for specific, legitimate purposes. We do not use your data in ways that are incompatible with the purposes for which it was originally collected. The primary purposes for which we process personal data are:

Account Management: To register your account, verify your identity, maintain your profile, and manage your access to the aha888 platform;
Service Delivery: To provide the gaming services you have requested, process your bets and wagers, credit winnings to your Wallet, and manage your gaming activity;
Payment Processing: To process deposits via GCash, PayMaya, BPI, BDO, Metrobank, and other approved channels, and to execute withdrawals to your verified payment accounts in Philippine Peso;
Regulatory Compliance: To comply with PAGCOR licensing requirements, KYC obligations, anti-money laundering (AML) obligations under the Philippine AMLA (Republic Act No. 9160, as amended), and any other applicable Philippine law;
Fraud Prevention and Security: To detect, investigate, and prevent fraudulent transactions, unauthorized account access, bonus abuse, and other security threats;
Responsible Gaming: To monitor gaming patterns and, where required by PAGCOR regulations, proactively identify players who may be exhibiting signs of problem gambling and to apply responsible gaming tools;
Customer Support: To respond to your inquiries, complaints, and requests submitted via live chat or email;
Marketing Communications: To send you promotional offers, bonus notifications, and platform updates — but only where you have given your prior consent, and you may withdraw this consent at any time through your account settings;
Platform Improvement: To analyze aggregated, anonymized usage data for the purpose of improving the aha888 platform, game selection, and user experience.

06

Legal Basis for Processing

Under the Philippine Data Privacy Act of 2012, aha888 relies on the following lawful bases for processing your personal data:

Contractual Necessity (Section 12(b) DPA): Processing is necessary for the performance of the contract between you and aha888 — i.e., providing you with gaming services, processing your deposits and withdrawals, and managing your account;
Legal Obligation (Section 12(c) DPA): Processing is necessary for compliance with aha888's legal obligations under PAGCOR regulations, the AMLA, the DPA itself, and other applicable Philippine law;
Legitimate Interests (Section 12(f) DPA): Processing is necessary for the purposes of the legitimate interests pursued by aha888, including fraud prevention, platform security, and service improvement, provided these interests are not overridden by your privacy rights;
Consent (Section 12(a) DPA): For marketing communications and certain non-essential data uses, aha888 relies on your specific, informed, freely given consent, which you may withdraw at any time without penalty.

07

Sharing and Disclosure of Personal Data

aha888 does not sell your personal data to third parties. We do not share your personal data with third parties for their own direct marketing purposes. Personal data is shared only in the limited circumstances described below:

7.1 Service Providers (Processors)

aha888 engages trusted third-party service providers who process personal data on our behalf and under our instruction. These include: identity verification and KYC technology providers; payment gateway operators (GCash, PayMaya, and banking partners); IT infrastructure and cloud hosting providers; fraud detection and AML screening services; customer support platform providers; and email communication services. All processors are contractually required to maintain appropriate data security standards and may only use your data for the specific purpose for which they were engaged.

7.2 Regulatory and Legal Authorities

aha888 is required by Philippine law and PAGCOR regulations to disclose certain personal data and transaction records to regulatory and law enforcement bodies. This includes mandatory reporting to the Anti-Money Laundering Council (AMLC) of covered and suspicious transactions, disclosures to PAGCOR in response to regulatory inquiries, and compliance with court orders, subpoenas, or directions from competent Philippine government authorities. Such disclosures are made strictly within the scope required by law.

7.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of aha888's business or assets, personal data held by aha888 may be transferred to the acquiring entity, subject to the acquirer maintaining equivalent data protection standards and any required PAGCOR regulatory approvals.

aha888 will never sell your personal data. We will never share your GCash number, bank account details, government ID information, or gaming history with any party for commercial, advertising, or profiling purposes without your explicit, informed consent.

08

Data Retention

aha888 retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, or for such longer period as is required by Philippine law or PAGCOR regulations. Our general retention practices are as follows:

Account and Identity Data: Retained for the duration of your account and for a minimum of five (5) years following account closure, in compliance with PAGCOR record-keeping requirements and the AMLA's minimum retention obligation for gaming operators;
Financial Transaction Records: Retained for a minimum of five (5) years as required under the AMLA and related PAGCOR regulations;
KYC Documents: Retained for the duration of your account plus five (5) years post-closure, or longer if required by a specific regulatory investigation or legal proceeding;
Gaming Activity Logs: Retained for five (5) years from the date of each session or transaction;
Technical and Log Data: Retained for 90 days in active systems, then archived for up to 12 months for security and fraud investigation purposes;
Marketing Consent Records: Retained for the duration of your account plus three (3) years, to demonstrate compliance with consent requirements;
Support Communications: Retained for three (3) years from the date of the final communication in each interaction.

After the applicable retention period, personal data is securely deleted or anonymized in a manner that prevents reconstruction of the original data subject's identity.

09

Data Security Measures

aha888 implements technical and organizational security measures appropriate to the nature of the personal data we hold and the risks associated with its processing. These measures include:

Encryption in Transit: All data transmitted between your device and aha888's servers is protected using 256-bit TLS/SSL encryption — the same standard used by Philippine banks and GCash;
Encryption at Rest: Sensitive personal data, including KYC documents and financial identifiers, is encrypted at rest in our data storage systems;
Access Controls: Access to personal data is restricted on a strict need-to-know basis. All aha888 personnel and contractor access is logged, and privileged access requires multi-factor authentication;
Pseudonymization: Where possible, data used for analytics and testing is pseudonymized to reduce risk to data subjects;
Penetration Testing: aha888 engages independent security professionals to conduct periodic penetration testing and vulnerability assessments of its platform;
Data Breach Response: aha888 maintains a documented data breach response procedure. In the event of a personal data breach affecting Filipino data subjects, aha888 will notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach where required, and affected data subjects will be notified without undue delay.

While aha888 takes all reasonable technical precautions, no internet-based platform can guarantee absolute security. You can strengthen the security of your personal data by using a strong, unique password for your aha888 account, enabling two-factor authentication, and logging out of shared devices.

10

Cookies & Tracking Technologies

aha888 uses cookies and similar tracking technologies to operate the platform correctly, maintain your session security, and understand how players interact with the platform. Cookies are small text files stored on your device by your browser.

10.1 Types of Cookies Used

Strictly Necessary Cookies: Required for the platform to function. These include session authentication cookies that keep you logged into your aha888 account and security tokens. These cannot be disabled without breaking core platform functionality.
Functional Cookies: Remember your preferences such as language settings, game display preferences, and responsible gaming tool configurations.
Analytics Cookies: Collect anonymized, aggregated data about how players use the platform — which game categories are most visited, where navigation friction occurs. This data is used solely to improve the aha888 experience and is not used to identify individual players.
Security Cookies: Detect unusual or potentially fraudulent login behavior, including anomalous IP address changes or device switching within a session.

10.2 Managing Cookies

You can configure your browser to block or delete non-essential cookies. Please note that disabling strictly necessary cookies will prevent you from logging into your aha888 account and using core platform features. Instructions for managing cookies are available in your browser's help documentation.

11

Your Data Privacy Rights

Under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data held by aha888. These rights may be subject to limitations where processing is required for legal compliance or regulatory obligations that override individual privacy interests.

Right to Be Informed

You have the right to be informed about how aha888 processes your personal data. This Privacy Policy is how we fulfil that obligation. You may also request a plain-language summary of our data processing practices at any time by contacting our support team.

Right to Access

You have the right to request a copy of the personal data aha888 holds about you, including your account data, KYC records, transaction history, and gaming activity logs. Access requests will be responded to within 15 business days.

Right to Rectification

If any personal data aha888 holds about you is inaccurate or incomplete, you have the right to request correction. Corrections to identity data require re-verification through our KYC process.

Right to Erasure

You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected. Note that aha888 cannot delete data that must be retained under PAGCOR regulations, the AMLA, or other Philippine law requirements (minimum five-year retention).

Right to Object

You have the right to object to the processing of your personal data for direct marketing purposes. You may withdraw your marketing consent at any time through your aha888 account settings without affecting your access to gaming services.

Right to Data Portability

Where processing is based on your consent or contract performance and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.

Right to Lodge a Complaint

If you believe aha888 has violated your data privacy rights, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines. We encourage you to contact us first so we can address your concern directly — but this does not affect your right to contact the NPC at any time.

Exercising Your Rights: To exercise any of the rights described above, please contact aha888 via live chat support or by email at [email protected]. We will verify your identity before processing any data subject request. Most requests are completed within 15 business days. No fee is charged for standard requests.

12

Children and Minors

The aha888 platform is strictly for individuals aged 21 years or older, in compliance with PAGCOR's age requirements for licensed online casino operators in the Philippines. aha888 does not knowingly collect personal data from persons under the age of 21.

The age verification component of our KYC process is specifically designed to identify and reject accounts opened by persons under 21 years of age. Any account subsequently found to have been registered by a minor will be closed immediately, personal data will be handled in accordance with the Data Privacy Act's requirements for data of individuals who lacked legal capacity at the time of collection, and the matter may be referred to PAGCOR.

Parents and guardians are responsible for preventing minors from accessing gambling websites. If you believe a minor has opened an aha888 account using your details or a false identity, please contact our support team immediately at [email protected].

13

Cross-Border Data Transfers

Some of aha888's service providers — including cloud infrastructure, game software providers, and certain analytics tools — may process personal data in servers located outside the Philippines. Where such cross-border transfers occur, aha888 ensures that:

The recipient country or organization provides an adequate level of data protection, as assessed against the standards of the Philippine Data Privacy Act;
Appropriate contractual safeguards (such as data processing agreements incorporating DPA-equivalent protections) are in place with all international processors;
Such transfers are limited to the minimum data necessary for the specific service purpose;
The transfer is reported to the National Privacy Commission where required under NPC rules on cross-border data flows.

The majority of your personal data — in particular your KYC documents, financial transaction records, and AMLA-regulated data — is processed and stored within systems accessible to aha888's compliance team under Philippine jurisdiction.

14

Changes to This Privacy Policy

aha888 may update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable Philippine law, NPC guidelines, or PAGCOR regulatory requirements. Material changes to this Policy will be communicated to registered players by email notification to your registered address, or via a prominent notice on the aha888 platform, no less than seven (7) days before the updated Policy takes effect.

The effective date and last updated date at the top of this document will be revised each time the Policy is updated. We recommend reviewing this page periodically. Continued use of the aha888 platform after a Policy update takes effect constitutes your acceptance of the revised Policy. If you do not agree with the changes, you should close your account and cease using the platform before the effective date of the amendment.

15

Contact & Data Privacy Inquiries

For all data privacy matters — including access requests, rectification requests, erasure requests, objections to processing, or general inquiries about this Privacy Policy — please contact the aha888 data protection team through the following channels:

24/7 Live Chat: Via your member dashboard on aha888.one. Average first response under two minutes. For data subject requests, please specify "Data Privacy Request" at the start of your message.
Email: [email protected] — Please include "Data Privacy Request" in your subject line. We will acknowledge receipt within one business hour and respond fully within 15 business days.

aha888 will verify your identity before processing any data subject request to ensure that personal data is not disclosed to unauthorized parties.

Regulated by PAGCOR. aha888 operates as a PAGCOR-licensed online gaming operator and processes personal data in compliance with Philippine law. If you have a data privacy complaint that aha888 has not resolved to your satisfaction, you may escalate the matter to the National Privacy Commission of the Philippines. License details are available on the About Us page.