jilace Privacy Policy

This Privacy Policy ("Policy") is issued by jilace ("jilace," "we," "us," or "our") and applies to all personal data processed in connection with the jilace online casino and gaming platform accessible at jilace.org (the "Platform") and all related services offered to registered players in the Philippines.

This Policy applies to all individuals who: (a) visit or browse the jilace Platform; (b) register a player account with jilace; (c) use any game, payment, or other service offered through the Platform; or (d) communicate with jilace support or marketing channels. By registering a jilace account and using the Platform, you acknowledge that you have read, understood, and consent to the collection and processing of your personal data as described in this Policy.

This Policy is intended to comply with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, the circulars and advisories of the National Privacy Commission (NPC), and applicable PAGCOR data handling requirements. In the event of any conflict between this Policy and mandatory legal requirements under Philippine law, the applicable legal requirement shall prevail.

This Policy should be read together with the jilace Terms & Conditions available at /terms-conditions, which form part of the complete legal agreement between jilace and each registered player.

2.1 Identity. For the purposes of the Philippine Data Privacy Act of 2012 and this Policy, jilace acts as the Personal Information Controller (PIC) with respect to the personal data of registered players and Platform visitors. As PIC, jilace determines the purposes for which and the means by which personal data is processed.

2.2 Data Privacy Officer. jilace has appointed a Data Privacy Officer (DPO) responsible for ensuring compliance with RA 10173 and this Policy, and for handling data subject requests. The DPO can be contacted at the email address provided in Section 16 of this Policy. jilace's DPO registration is maintained with the National Privacy Commission in compliance with NPC Advisory No. 2017-01.

2.3 Third-Party Processors. jilace engages third-party Personal Information Processors (PIPs) — including game software providers, payment processors, and technology infrastructure providers — to process personal data on jilace's behalf and under jilace's written instructions. All PIPs engaged by jilace are contractually bound to implement appropriate technical and organizational security measures and to process personal data only as directed by jilace.

jilace collects the following categories of personal data, depending on your interaction with the Platform:

jilace collects personal data through the following methods:

• Direct Collection. You provide data directly to jilace when you register an account, complete KYC verification, submit payment details, contact support, respond to promotions, or communicate with jilace through any channel.
• Automated Technical Collection. jilace's Platform automatically collects technical data — including IP addresses, device identifiers, browser fingerprints, and session logs — as a function of standard web and mobile platform operation. This collection is necessary for security, fraud detection, and regulatory compliance.
• Cookies and Similar Technologies. jilace uses cookies, local storage, and similar tracking technologies on the Platform. Details of cookies used and your opt-out rights are described in Section 8 of this Policy.
• Payment Processors. When you deposit or withdraw funds via GCash, Maya, BPI, BDO, Metrobank, or other payment methods, the relevant payment processor may share transaction confirmation data with jilace for the purpose of crediting your jilace wallet or processing your withdrawal.
• Identity Verification Providers. jilace may engage third-party KYC and identity verification services to verify government-issued ID documents and to conduct liveness checks during the account verification process.
• Social Login. If you register or log in using Facebook or Google, those platforms share limited profile information (name, email address, and profile photo) with jilace in accordance with your privacy settings on those platforms. jilace does not have access to your Facebook or Google password.

Under RA 10173, jilace processes personal data on the following lawful bases:

• Consent. Where you have provided explicit, informed consent to specific processing activities — such as receiving marketing communications, or completing optional profile information. You may withdraw consent at any time as described in Section 14.
• Contractual Necessity. Processing that is necessary for the performance of the player agreement between you and jilace — including account creation, game operation, deposit processing, withdrawal execution, and support provision.
• Legal Obligation. Processing required to comply with applicable Philippine law, including KYC requirements under PAGCOR regulations, transaction monitoring under Republic Act No. 9160 (Anti-Money Laundering Act, as amended), and record-keeping obligations under PAGCOR licensing conditions.
• Legitimate Interests. Processing necessary for jilace's legitimate interests in operating a secure and compliant gaming platform, preventing fraud and bonus abuse, maintaining Platform security, and improving the Platform's performance and user experience — provided that such interests do not override your fundamental rights and freedoms.
• Vital Interests. In exceptional circumstances, processing may be necessary to protect the vital interests of a data subject, such as in connection with responsible gaming interventions for players displaying signs of problem gambling.

jilace uses your personal data for the following purposes:

• Account Management. Creating, maintaining, verifying, and administering your jilace account, including processing login authentication, OTP delivery, and password recovery.
• Service Delivery. Enabling you to access and use all games, payment features, bonuses, and other services available through the jilace Platform.
• Financial Processing. Processing deposits from and withdrawals to your registered payment methods (GCash, Maya, bank accounts), and maintaining accurate records of all financial transactions.
• Regulatory Compliance. Fulfilling KYC, anti-money laundering (AML), and counter-terrorist financing (CTF) obligations under PAGCOR regulations and applicable Philippine law, including transaction reporting to AMLC where required.
• Fraud Prevention and Security. Detecting, investigating, and preventing fraudulent activity, account takeovers, bonus abuse, collusion, and other conduct prohibited under the jilace Terms & Conditions.
• Responsible Gaming. Monitoring gaming activity for indicators of problem gambling, enforcing deposit and loss limits, processing self-exclusion requests, and communicating with players regarding responsible gaming resources.
• Customer Support. Responding to player inquiries, resolving disputes, processing complaints, and improving support quality.
• Platform Improvement. Analyzing aggregated, anonymized usage data to improve Platform performance, game selection, user interface design, and feature development.
• Marketing Communications. Sending promotional offers, bonus notifications, and Platform news to players who have opted in to marketing communications. See Section 14 for opt-out options.
• Legal Claims. Establishing, exercising, or defending legal claims arising in connection with your use of the Platform or these policies.

7.1 No Sale of Data. jilace does not sell, rent, or trade personal data to third-party marketers, data brokers, or advertising networks. This prohibition applies regardless of compensation or anonymization status.

7.2 Service Providers. jilace shares personal data with carefully selected third-party service providers who process data on jilace's behalf under written data processing agreements. These providers include: game software and platform technology providers; payment processors (GCash/Mynt, Maya/PayMaya Philippines Inc., BPI, BDO, Metrobank); identity verification and KYC service providers; cloud infrastructure and hosting providers; and customer support platform operators. All providers are contractually prohibited from using your data for any purpose beyond the specific services they provide to jilace.

7.3 Regulatory Authorities. jilace is required by law to disclose personal data and transaction records to: PAGCOR, in the exercise of its regulatory oversight functions; the Anti-Money Laundering Council (AMLC), in connection with covered and suspicious transaction reporting; the National Privacy Commission (NPC), in the exercise of its regulatory functions; and other Philippine government authorities where required by court order, subpoena, or applicable law.

7.4 Business Transfers. In the event of a merger, acquisition, restructuring, or sale of all or substantially all of jilace's assets, your personal data may be transferred to the acquiring entity as part of the transaction, subject to the acquiring entity's commitment to honor the terms of this Privacy Policy or to provide you with adequate notice of any material changes.

7.5 Aggregated Data. jilace may share aggregated, anonymized data — from which no individual player can be identified — with game providers, industry analysts, or regulatory bodies for the purposes of market research, platform improvement, and regulatory reporting.

8.1 Cookie Use. The jilace Platform uses cookies and similar tracking technologies to enhance Platform functionality, maintain session security, remember your preferences, and collect aggregated analytics. Cookies are small text files stored on your device by your browser at the instruction of the jilace Platform.

8.2 Types of Cookies. jilace uses the following categories of cookies:

• Strictly Necessary Cookies: Essential for the Platform to function — including session authentication tokens, security cookies, and anti-fraud detection cookies. These cannot be disabled without affecting Platform functionality.
• Functional Cookies: Remember your language preferences, game settings, and other personalization choices to improve your experience on repeat visits.
• Analytics Cookies: Collect aggregated, anonymized data about how players use the Platform — which pages are visited most frequently, how long sessions last, and where errors occur — to help jilace improve Platform performance.
• Security Cookies: Used to detect and prevent fraudulent account activity, including bot detection and suspicious login pattern analysis.

8.3 Managing Cookies. You can control non-essential cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling certain cookies may affect the functionality of the jilace Platform, including session stability and game loading performance. jilace does not use third-party advertising cookies or share cookie data with advertising networks.

9.1 Technical Measures. jilace implements industry-standard technical security controls to protect personal data, including: 256-bit TLS/SSL encryption for all data in transit; AES-256 encryption for sensitive data at rest; strict role-based access controls limiting staff access to personal data on a need-to-know basis; multi-factor authentication for all administrative system access; regular penetration testing and vulnerability assessments; and real-time intrusion detection monitoring.

9.2 Organizational Measures. In addition to technical controls, jilace maintains organizational security measures including: mandatory data privacy and security training for all staff who handle personal data; documented data handling procedures and internal privacy policies; formal vendor assessment processes for all third-party processors; and an incident response plan for data security events.

9.3 Data Breach Response. In the event of a personal data breach that poses a real risk of harm to affected players, jilace will notify the National Privacy Commission within seventy-two (72) hours of becoming aware of the breach as required under NPC Circular 16-03. Affected players will be notified promptly where the breach is likely to result in a high risk to their rights and freedoms. Notifications will include the nature of the breach, the categories of data involved, and the remedial actions taken.

9.4 Player Responsibility. While jilace takes extensive measures to protect personal data on its systems, the security of your jilace account is also dependent on maintaining the confidentiality of your login credentials. Players are responsible for: using a strong, unique password; enabling two-factor authentication; not sharing account credentials with third parties; and promptly reporting any suspected unauthorized access to jilace support.

10.1 Retention Principles. jilace retains personal data only for as long as is necessary for the purpose for which it was collected, or as required or permitted by applicable Philippine law. jilace applies the principle of storage limitation, conducting periodic reviews to identify and securely dispose of data that is no longer required.

10.2 Standard Retention Periods. The following retention periods apply to the principal categories of personal data held by jilace:

• Account and Identity Data: Retained for the duration of the active account relationship and for a period of five (5) years following account closure, in compliance with PAGCOR record-keeping requirements.
• Financial Transaction Records: Retained for a minimum of five (5) years following the transaction date, as required by the Anti-Money Laundering Act (RA 9160, as amended) and PAGCOR regulations.
• KYC and Verification Documents: Retained for a minimum of five (5) years following account closure or the completion of the relevant transaction.
• Game Activity Logs: Retained for a minimum of twelve (12) months for operational purposes and for up to five (5) years for regulatory compliance and dispute resolution purposes.
• Support Communications: Retained for a period of three (3) years following the close of each support case.
• Marketing Preference Records: Retained for the duration of the account relationship and for one (1) year following account closure to document opt-in/opt-out history.

10.3 Post-Retention Disposal. Upon expiry of the applicable retention period, personal data is securely deleted from jilace systems or irreversibly anonymized such that individual players can no longer be identified from the retained data. Physical documents containing personal data are destroyed using secure methods that prevent reconstruction.

Under the Philippine Data Privacy Act of 2012 (RA 10173), you have the following rights with respect to the personal data jilace holds about you:

How to Exercise Your Rights. To exercise any of the rights described above, contact jilace's Data Privacy Officer at the details provided in Section 16. Please include your registered username, the nature of your request, and any supporting information that will assist jilace in identifying and processing your request. jilace will respond within fifteen (15) business days of receiving a complete request. No fee is charged for data subject rights requests, except where requests are manifestly unfounded or excessive.

12.1 Age Restriction. jilace is strictly prohibited from being used by individuals under the age of twenty-one (21) years. jilace does not knowingly collect or process personal data of persons under the age of 21. The age restriction is enforced through the registration process and KYC verification.

12.2 Discovery of Minor's Data. If jilace discovers that personal data has been collected from an individual who was under 21 at the time of registration, jilace will immediately: (a) permanently close the account; (b) refund any real money balance to the payment source used; (c) delete all personal data associated with the account, except where retention is required by PAGCOR regulations; and (d) take appropriate steps to prevent recurrence.

12.3 Parental Responsibility. Parents and guardians are responsible for ensuring that minor members of their household do not access the jilace Platform using the parent or guardian's account or device. jilace recommends enabling device-level parental controls and maintaining the confidentiality of jilace account credentials within households where minors are present.

13.1 Transfers Outside the Philippines. Certain third-party service providers engaged by jilace — including game software providers and cloud infrastructure operators — may be located outside the Philippines and may process personal data in foreign jurisdictions as part of the services they provide to jilace.

13.2 Safeguards. Where personal data is transferred outside the Philippines, jilace ensures that appropriate safeguards are in place in compliance with RA 10173 and NPC guidelines. These safeguards include: written data processing agreements incorporating standard contractual clauses approved by the NPC; assessment of the recipient country's data protection framework; and technical and organizational security requirements consistent with those applied within the Philippines.

13.3 Minimum Scope. jilace applies the principle of data minimization to all cross-border transfers — only the personal data strictly necessary for the specific service being provided is transferred. Personal data is not transferred to foreign jurisdictions in bulk for purposes unrelated to the operation of the jilace Platform.

14.1 Consent-Based Marketing. jilace sends marketing communications — including promotional offers, bonus notifications, new game announcements, and Platform updates — only to players who have actively opted in to receive such communications at the time of registration or through account settings. Marketing communications are sent via SMS, email, and in-Platform notifications.

14.2 Withdrawing Marketing Consent. Players may withdraw their consent to receive marketing communications at any time through the following methods: (a) adjusting marketing preferences in the jilace account settings page; (b) clicking the "Unsubscribe" link in any marketing email; (c) replying "STOP" to any marketing SMS; or (d) contacting jilace support. Withdrawal of marketing consent is processed within three (3) business days. Withdrawing marketing consent does not affect your ability to receive transactional communications (such as deposit confirmations, withdrawal notifications, and account security alerts), which are sent regardless of marketing preference.

14.3 Transactional Communications. Certain communications from jilace are transactional in nature and are not subject to marketing opt-out — these include account registration confirmations, OTP messages, deposit and withdrawal confirmations, account security alerts, and regulatory notices. These communications are necessary for the operation of your jilace account and cannot be disabled.

15.1 Right to Amend. jilace reserves the right to update or amend this Privacy Policy at any time to reflect changes in: applicable Philippine privacy law or NPC guidelines; jilace's data processing practices; new services or features introduced on the Platform; or changes in the third-party processors engaged by jilace.

15.2 Notification of Material Changes. For material changes to this Policy — such as changes to the categories of personal data collected, changes to data sharing practices, or changes to data subject rights procedures — jilace will provide notice to registered players via email to the registered address or via in-Platform notification at least seven (7) days prior to the change taking effect. The revised Policy will be published at jilace.org/privacy-policy with the updated effective date clearly displayed.

15.3 Continued Use. Continued use of the jilace Platform following the effective date of any amendment to this Policy constitutes acceptance of the revised Policy. Players who do not agree with any amendment may close their account in accordance with the jilace Terms & Conditions and may request deletion of their personal data subject to applicable retention obligations.

For any questions, concerns, or requests relating to this Privacy Policy or jilace's processing of your personal data, please contact jilace's Data Privacy Officer through the following channels:

• Email: [email protected] (plain text — this is not a clickable link). Please include "Data Privacy Request" in the subject line.
• Support Email: [email protected] (plain text — this is not a clickable link). For general account and privacy inquiries.
• Live Chat: Available 24/7 at jilace.org. Our support team can route your inquiry to the Data Privacy Officer for formal data subject right requests.

jilace will acknowledge receipt of all privacy-related correspondence within two (2) business days and will provide a substantive response within fifteen (15) business days. For complex requests, jilace may extend this period by an additional fifteen (15) business days, provided you are notified of the extension and the reasons for it.

If you believe jilace has handled your personal data in a manner inconsistent with this Policy or with RA 10173, you have the right to file a complaint with the National Privacy Commission of the Philippines. Information on filing complaints with the NPC is available on the official NPC website.