fb004 Privacy Policy

1. Data Controller

fb004.org ("fb004", "we", "us", "our") is the data controller responsible for the personal information you provide when registering for and using the fb004 online gaming Platform. fb004 operates in the Philippines and processes personal data in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission (NPC).

By creating an account on fb004, accessing our games, or interacting with our Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your personal data as described herein.

2. Personal Data We Collect

fb004 collects the following categories of personal data from registered players and Platform visitors:

• Identity Data: Full legal name, date of birth, gender, nationality, and government-issued identification numbers (e.g., Philippine National ID, passport number, driver's licence number) collected for Know Your Customer (KYC) and age verification purposes.
• Contact Data: Email address, Philippine mobile number (09xx format), and residential address in the Philippines, which may include city or municipality (e.g., Quezon City, Cebu City, Davao City, Makati, Pasig).
• Account Credentials: Username and encrypted password hash. fb004 does not store passwords in plaintext.
• Financial Data: GCash mobile wallet number, Maya account identifier, BPI or BDO account details (last four digits for verification only), deposit and withdrawal history, and account balance records.
• Transactional Data: Gaming history, bet records, game session timestamps, wagering amounts, game outcomes, and bonus utilisation records.
• Technical Data: IP address, device type and model, operating system, browser type and version, mobile network, session duration, and clickstream data.
• Communications Data: Records of your correspondence with fb004 support, including live chat transcripts, email exchanges, and support ticket records.
• Responsible Gaming Data: Deposit limits, loss limits, session limits, and self-exclusion status where applicable.

3. How We Collect Your Data

fb004 collects personal data through the following means:

• Direct submission: Information you provide during account registration, KYC verification, deposit and withdrawal requests, support interactions, and promotional form submissions.
• Automated collection: Technical data collected automatically when you access the Platform, including IP address, device identifiers, cookies, and server log files.
• Payment processors: Transaction confirmation data received from GCash, Maya, BPI, BDO, InstaPay, and other integrated payment providers upon completion of deposit or withdrawal transactions.
• Game providers: Session and gameplay data transmitted by certified third-party game providers when you access their games through the fb004 Platform.
• Identity verification services: Where you submit government-issued ID documents for KYC verification, these documents are processed by fb004 or authorised third-party identity verification providers.

4. Purposes of Processing

fb004 processes your personal data for the following purposes:

• To create, maintain, and administer your fb004 player account.
• To verify your identity and age (21+) in compliance with Philippine gaming regulations and the PAGCOR regulatory framework.
• To process deposits and withdrawals via GCash, Maya, bank transfer, and other accepted Philippine payment methods.
• To provide and improve the gaming services, features, and content available on the Platform.
• To detect, prevent, and investigate fraud, money laundering, and other prohibited conduct as required by Philippine law.
• To comply with Anti-Money Laundering Act (AMLA) obligations, PAGCOR reporting requirements, and other applicable legal and regulatory obligations.
• To send transactional communications, including account security alerts, deposit confirmations, and withdrawal notifications.
• To send promotional and marketing communications, subject to your consent and opt-out rights.
• To administer responsible gaming tools, including deposit limits, self-exclusion, and problem gambling referrals.
• To analyse Platform usage for performance improvement, security monitoring, and business analytics (using aggregated or anonymised data where possible).

5. Legal Basis for Processing

fb004 processes your personal data on the following legal grounds as recognised under the Data Privacy Act of 2012:

• Consent: You have given your explicit consent to the processing of your personal data at the time of account registration and in relation to optional processing activities such as marketing communications.
• Contractual necessity: Processing is necessary for the performance of the player account agreement and service contract between you and fb004, including payment processing and account management.
• Legal obligation: Processing is required to comply with fb004's legal obligations under Philippine law, including KYC requirements, AMLA obligations, tax reporting, and PAGCOR regulatory compliance.
• Legitimate interests: Processing is necessary for fb004's legitimate interests in fraud detection, platform security, responsible gaming enforcement, and service improvement, provided these interests are not overridden by your rights and freedoms.

6. Data Sharing & Disclosure

fb004 does not sell, rent, or trade your personal information. We may share your personal data with the following categories of third parties strictly on a need-to-know basis:

• Payment service providers: GCash (GXI), Maya (Voyager Innovations), BancNet, InstaPay, and bank partners for the processing of deposit and withdrawal transactions.
• Game providers: Certified third-party software providers whose games are integrated into the fb004 Platform. These providers receive only the minimum data required to operate the game session (e.g., a session token).
• Identity verification providers: Authorised KYC and age verification service providers engaged to assist with regulatory compliance.
• Regulatory authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other Philippine government agencies, where disclosure is required by law or regulatory order.
• IT and cloud service providers: Third-party service providers engaged to host, operate, and maintain the fb004 Platform infrastructure, under contractual obligations of confidentiality and data protection.

All third-party service providers engaged by fb004 are contractually required to maintain appropriate data protection standards consistent with the DPA and fb004's own security requirements.

7. International Data Transfers

Some of fb004's third-party service providers, including game providers and technology partners, may be located outside the Philippines. Where personal data is transferred outside the Philippines, fb004 ensures that appropriate safeguards are in place, including contractual data protection clauses consistent with NPC standards, to ensure your data receives equivalent protection to that required under Philippine law.

fb004 will not transfer your personal data to jurisdictions that do not provide an adequate level of data protection without first obtaining your explicit consent or implementing appropriate safeguards as required by the DPA.

8. Data Retention

fb004 retains personal data only for as long as necessary to fulfil the purposes described in this Policy, or as required by applicable law. Specific retention periods include:

• Account data: Retained for the duration of the active player account and for a minimum of five (5) years following account closure, consistent with AMLA record-keeping requirements.
• Financial transaction records: Retained for a minimum of five (5) years from the date of the transaction, in compliance with Philippine financial record-keeping laws.
• KYC and identity documents: Retained for the duration of the account relationship and for five (5) years post-closure.
• Support communications: Retained for a period of three (3) years from the date of the last interaction.
• Technical and log data: Retained for up to twelve (12) months unless longer retention is required for security investigation or legal proceedings.

Upon expiry of the applicable retention period, personal data will be securely deleted or anonymised in accordance with fb004's data destruction procedures.

9. Cookies & Tracking Technologies

fb004 uses cookies and similar tracking technologies to enhance your experience on the Platform. The types of cookies we use include:

• Essential cookies: Required for the Platform to function, including authentication session management and security tokens. These cannot be disabled.
• Functional cookies: Store your preferences such as language settings and last-visited game category to personalise your experience.
• Analytics cookies: Used to understand how players interact with the Platform in aggregate, enabling us to improve performance and usability. Data collected is anonymised or pseudonymised.
• Marketing cookies: Used to measure the effectiveness of promotional campaigns on the fb004 Platform. No data is shared with external advertising networks.

You may manage cookie preferences through your browser settings. Disabling essential cookies will affect the functionality of the Platform, including the ability to log in and access games.

10. Your Data Subject Rights

Under the Data Privacy Act of 2012, you have the following rights with respect to your personal data held by fb004:

• Right to be informed: The right to be notified of how your data is collected, used, and processed, as set out in this Policy.
• Right of access: The right to request a copy of the personal data fb004 holds about you.
• Right to rectification: The right to request correction of inaccurate or incomplete personal data.
• Right to erasure: The right to request deletion of your personal data, subject to fb004's legal and regulatory retention obligations.
• Right to object: The right to object to the processing of your personal data for marketing purposes or where processing is based on legitimate interests.
• Right to data portability: The right to receive your personal data in a structured, commonly used format for transfer to another controller, where technically feasible.
• Right to lodge a complaint: The right to file a complaint with the National Privacy Commission (NPC) if you believe your data rights have been violated.

To exercise any of the above rights, please contact the fb004 Data Protection Officer using the contact details in Section 14 of this Policy.

11. Children's Privacy

The fb004 Platform is strictly for adults aged 21 years and above. fb004 does not knowingly collect personal data from individuals under the age of 21. Age verification is conducted as part of the account registration and KYC process. If fb004 discovers that an account has been created by or for a person under 21 years of age, the account will be immediately suspended, all balances will be reviewed, and the data will be deleted or restricted in accordance with applicable law.

Parents and guardians are encouraged to use parental control tools to prevent minors from accessing online gaming platforms. If you believe a minor has registered on fb004, please contact our support team immediately.

12. Security Measures

fb004 implements technical and organisational security measures designed to protect your personal data against unauthorised access, disclosure, alteration, and destruction. These measures include:

• SSL/TLS encryption on all data transmitted between your device and fb004 servers.
• Encrypted storage of sensitive data including password hashes and identity document scans.
• Role-based access controls limiting internal access to personal data on a strict need-to-know basis.
• Regular security assessments, penetration testing, and vulnerability scanning of Platform infrastructure.
• Two-factor authentication (2FA) available to all registered accounts for additional login security.
• Automated fraud and anomaly detection systems monitoring account activity in real time.

In the event of a personal data breach that is likely to result in risk to your rights, fb004 will notify the NPC within 72 hours of becoming aware of the breach, and will notify affected data subjects without undue delay where required.

13. Changes to This Privacy Policy

fb004 reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data practices, legal obligations, or regulatory requirements. The revised Policy will be published on this page with an updated effective date. Where changes are material, fb004 will notify registered players via their registered email address or via a prominent notice on the Platform at least fourteen (14) days before the changes take effect. Your continued use of the fb004 Platform after the effective date of any amendment constitutes acceptance of the revised Privacy Policy.

14. Contact & Data Protection Officer

For any questions, requests, or complaints relating to this Privacy Policy or fb004's data processing activities, please contact the fb004 Data Protection Officer (DPO):

• Method: Live chat — available 24/7 via the fb004 Platform
• Email (plain text): [email protected]

fb004 is committed to responding to all data subject requests within thirty (30) days of receipt, consistent with the timelines set out in the Data Privacy Act of 2012 and NPC guidelines. If you are not satisfied with fb004's response to your data rights request, you have the right to file a complaint with the National Privacy Commission of the Philippines.