bunos365 Privacy Policy

1.1 This Privacy Policy governs the collection, use, storage, disclosure, and protection of personal information by bunos365 in connection with the operation of the bunos365 Platform, accessible at bunos365.org, and all related services, features, and communications.

1.2 This Policy applies to all individuals who access or use the bunos365 Platform, including registered account holders, visitors who browse the Platform without registering, and any other persons whose personal data is processed by bunos365 in the course of its operations.

1.3 This Policy is issued in compliance with Republic Act No. 10173, the Data Privacy Act of 2012 of the Republic of the Philippines (the "DPA"), its Implementing Rules and Regulations, and applicable issuances of the National Privacy Commission ("NPC"). It also reflects bunos365's obligations under PAGCOR's licensing requirements regarding the handling of player data.

1.4 This Policy should be read in conjunction with bunos365's Terms & Conditions, which are accessible at bunos365.org/terms-conditions, and the Responsible Gaming Policy, accessible at bunos365.org/responsible-gaming.

In this Privacy Policy, the following terms shall have the meanings set out below:

• "Personal Data" means any information, whether recorded in a material form or not, from which the identity of an individual can be reasonably and directly ascertained, or when put together with other information would directly and certainly identify an individual.
• "Sensitive Personal Information" means personal data about an individual's race, ethnic origin, marital status, age, colour, religious, philosophical or political affiliations, health, education, genetic or sexual life, or legal proceedings.
• "Data Subject" means any natural person to whom Personal Data relates — in the context of this Policy, primarily Players who use the bunos365 Platform.
• "Processing" means any operation or set of operations performed upon Personal Data including collection, recording, organisation, storage, updating, modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction.
• "Data Protection Officer" or "DPO" means the individual designated by bunos365 who is responsible for ensuring compliance with the DPA and this Privacy Policy.
• "Platform" means the bunos365 website at bunos365.org and all associated services, features, and systems.

bunos365 collects the following categories of personal data from Players and Platform users:

3.2 bunos365 does not intentionally collect Sensitive Personal Information beyond what is necessary for age and identity verification, AML compliance, and responsible gaming monitoring. Where such information is collected incidentally (for example, a medical condition disclosed in a responsible gaming self-exclusion request), it is treated with the highest level of data protection and access control.

bunos365 collects personal data through the following means:

• Directly from you: When you register an account, complete the identity verification process, make deposits or withdrawal requests, contact customer support, participate in promotions, or otherwise interact with the Platform.
• Automatically: When you access or use the Platform, our systems automatically collect Technical Data and Gaming Activity Data through server logs, cookies, and similar tracking technologies. See Section 11 (Cookies) for more detail.
• From third-party verification services: bunos365 may receive identity verification results, fraud risk scores, and AML screening results from third-party identity and compliance service providers where you have consented to or triggered such checks as part of the account verification process.
• From payment processors: When you make deposits or withdrawals, our payment processing partners may share transaction confirmation data and payment method verification information with bunos365 to facilitate the transaction and support fraud prevention.

5.1 bunos365 processes personal data on the following legal bases under the Data Privacy Act of 2012:

• Contractual necessity: Processing required to fulfil our obligations to you under the Terms & Conditions, including account management, game provision, payment processing, and customer support.
• Legal obligation: Processing required to comply with applicable Philippine law, including PAGCOR regulations, the Anti-Money Laundering Act (AMLA), Republic Act No. 9160 as amended, and the Data Privacy Act itself.
• Legitimate interest: Processing for purposes such as fraud detection and prevention, platform security, responsible gaming monitoring, internal analytics, and improvement of Platform features — where such interests do not override your rights and freedoms.
• Consent: Processing of personal data for marketing communications and optional promotional features, where we rely on your explicit and freely given consent, which may be withdrawn at any time.

6.1 bunos365 uses the personal data we collect for the following purposes:

• To create, maintain, and manage your bunos365 Account and provide access to all Platform features.
• To verify your identity, age (21+), and eligibility to use the Platform in accordance with PAGCOR requirements.
• To process deposits, withdrawals, and other financial transactions, including fraud screening and AML compliance checks.
• To provide customer support and resolve account queries, disputes, and complaints.
• To monitor gaming activity for responsible gaming purposes, including identifying patterns that may indicate problem gambling behaviour and taking appropriate action including applying account limits or initiating a welfare check.
• To detect, investigate, and prevent fraudulent activity, multi-accounting, bonus abuse, collusion, and other prohibited conduct.
• To fulfil our reporting obligations to PAGCOR and other competent Philippine regulatory and law enforcement authorities.
• To send you transactional communications relating to your Account, including deposit confirmations, withdrawal notifications, verification requests, and security alerts.
• To send marketing and promotional communications where you have provided consent to receive them — you may withdraw this consent at any time.
• To analyse Platform usage patterns and improve the bunos365 Platform, game offerings, and user experience.

6.2 bunos365 will not use your personal data for any purpose incompatible with the purposes stated in this section without providing you with additional notice and, where required, obtaining your consent.

7.1 bunos365 does not sell, rent, or trade your personal data to third parties for their own marketing purposes.

7.2 We may share your personal data with the following categories of third parties where necessary and on a strictly limited basis:

• Payment service providers: GCash, PayMaya, BPI, BDO, Metrobank, Visa, Mastercard, and other payment partners — solely to facilitate deposit and withdrawal transactions.
• Identity verification and AML compliance providers: Third-party Know Your Customer (KYC) and Anti-Money Laundering screening services, for the purpose of verifying your identity and screening against applicable watchlists as required by Philippine law.
• Game content providers: Licensed casino game studios and software providers who supply games available on the Platform. These providers may receive anonymised or pseudonymised gaming session data for game functionality purposes.
• Technology and hosting providers: Cloud infrastructure, database, and cybersecurity service providers who process data on our behalf under binding data processing agreements.
• PAGCOR and Philippine regulatory authorities: As required by the conditions of our PAGCOR licence and applicable Philippine gaming and financial regulations, including reporting obligations under the AMLA.
• Law enforcement and government agencies: Where required by a valid court order, subpoena, or other lawful demand from a Philippine law enforcement or government agency.
• Professional advisers: Legal, audit, and financial advisers engaged by bunos365, under strict confidentiality obligations.

7.3 All third parties with whom bunos365 shares personal data are required, by contract, to handle such data in accordance with the Data Privacy Act of 2012 and to implement appropriate security measures.

8.1 In the course of operating the bunos365 Platform, some of your personal data may be transferred to and processed in countries outside the Republic of the Philippines — for example, where our cloud infrastructure or game studio partners operate servers in other jurisdictions.

8.2 Where such international transfers occur, bunos365 ensures that appropriate safeguards are in place to protect your personal data, including contractual data protection clauses between bunos365 and the receiving party that impose standards of protection equivalent to those required under the Data Privacy Act of 2012.

8.3 By using the bunos365 Platform, you acknowledge and consent to the transfer of your personal data to countries outside the Philippines as described in this section, subject to the safeguards described herein.

9.1 bunos365 implements a comprehensive set of technical and organisational security measures designed to protect your personal data against unauthorised access, disclosure, alteration, destruction, and loss. These measures include:

• SSL/TLS encryption for all data transmitted between your browser or device and the bunos365 Platform servers.
• AES encryption for sensitive personal data and payment information stored at rest in our databases.
• Role-based access controls that restrict staff access to personal data on a strict need-to-know basis, with access logs maintained and reviewed regularly.
• Two-factor authentication requirements for all bunos365 staff who access systems containing personal data.
• Regular penetration testing and security vulnerability assessments of the Platform and supporting infrastructure.
• Documented incident response procedures for the identification, containment, and notification of personal data breaches.

9.2 In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, bunos365 will notify the National Privacy Commission within seventy-two (72) hours of becoming aware of the breach, and will notify affected Players without undue delay where required by the DPA.

9.3 Notwithstanding the security measures described above, no method of electronic transmission or storage is entirely secure. bunos365 cannot guarantee the absolute security of your personal data and is not liable for unauthorised access to your data that results from circumstances beyond our reasonable control.

10.1 bunos365 retains personal data only for as long as necessary to fulfil the purposes for which it was collected, and in any event for no shorter a period than is required by applicable Philippine law and regulation, including PAGCOR licence conditions and the AMLA.

10.2 The following general retention periods apply:

• Account data and identity verification records: Retained for the duration of the account's active status and for a minimum of five (5) years following account closure, in compliance with PAGCOR and AMLA requirements.
• Financial transaction records: Retained for a minimum of five (5) years from the date of the relevant transaction, in compliance with the AMLA and PAGCOR reporting obligations.
• Customer support communications: Retained for three (3) years from the date of the communication, unless longer retention is required for ongoing disputes or legal proceedings.
• Technical and gaming activity logs: Retained for a period of up to two (2) years, unless specific records are required in connection with an investigation, dispute, or legal proceeding.
• Marketing consent records: Retained for the duration of your consent and for one (1) year thereafter as evidence of the consent given.

10.3 Upon the expiry of applicable retention periods, personal data is securely deleted or anonymised such that it can no longer be associated with any individual.

11.1 The bunos365 Platform uses cookies and similar tracking technologies (collectively, "Cookies") to improve user experience, ensure Platform functionality, maintain session security, and analyse usage patterns. By continuing to use the Platform after being informed of our Cookie use, you consent to the placement of Cookies on your device in accordance with this section.

11.2 The following categories of Cookies are used on the bunos365 Platform:

• Strictly necessary Cookies: Required for the Platform to function correctly. These include session authentication cookies that keep you logged in during your active session, and security cookies that protect against cross-site request forgery. These cannot be disabled without affecting core Platform functionality.
• Functional Cookies: Used to remember your preferences, such as language settings, and to maintain game session continuity where you navigate between Platform sections.
• Analytics Cookies: Used to collect aggregate, anonymised data about how Players use the Platform — including page views, game session patterns, and navigation paths — to help us improve the Platform experience. Analytics data collected does not identify individual Players.
• Security and fraud prevention Cookies: Used by our fraud detection systems to identify suspicious access patterns and protect your Account.

11.3 You can manage or disable non-essential Cookies through your browser settings. Note that disabling certain Cookies may affect your experience of the bunos365 Platform, including game session performance.

12.1 As a Data Subject under Republic Act No. 10173, you have the following rights with respect to your personal data held by bunos365:

12.2 To exercise any of the rights above, please contact the bunos365 Data Protection Officer using the contact details in Section 15. bunos365 will respond to verified requests within thirty (30) days of receipt, in accordance with NPC timelines. Some rights may be subject to limitations where their exercise would conflict with bunos365's legal obligations, including PAGCOR and AMLA requirements.

13.1 The bunos365 Platform is strictly intended for individuals aged 21 years and above. bunos365 does not knowingly collect personal data from individuals under the age of 21, and does not permit individuals under 21 to register, deposit, or participate in any real-money gaming activity on the Platform.

13.2 bunos365 conducts age verification as a mandatory step in the account registration and withdrawal process. Where an Account is found to belong to a person under the age of 21, the Account will be immediately closed, personal data will be retained only for the minimum period required by applicable law, and the matter will be handled in accordance with PAGCOR's requirements and these Terms.

13.3 If you are a parent or guardian and believe that a minor under your care has registered an Account with bunos365, please contact our Data Protection Officer immediately at the details provided in Section 15. We will investigate and act promptly.

14.1 bunos365 reserves the right to amend this Privacy Policy at any time to reflect changes in applicable law, regulatory requirements, our processing practices, or Platform features. Where amendments are material, we will provide advance notice to Players via the Platform or by email to the Player's registered address.

14.2 Continued use of the bunos365 Platform following the publication of an updated Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with the updated Policy, you must cease using the Platform and may request Account closure.

14.3 The current version of this Privacy Policy, together with its effective date, is always accessible at bunos365.org/privacy-policy.

15.1 bunos365 has designated a Data Protection Officer responsible for overseeing compliance with the Data Privacy Act of 2012 and this Privacy Policy. The DPO can be contacted for any privacy-related query, data subject rights request, or privacy concern related to the bunos365 Platform.

15.2 Contact details for the bunos365 Data Protection Officer:

• Email: support@bunos365.org (please mark your message "DPO — Privacy Request")
• Live Chat: Available 24/7 via the bunos365 Platform — identify your query as a data privacy matter
• Response Time: Within thirty (30) days of verified receipt, in accordance with NPC guidelines

15.3 If you are not satisfied with bunos365's response to your privacy concern, you have the right to lodge a complaint with the National Privacy Commission of the Philippines at privacy.gov.ph (external regulatory authority — please access directly through your browser).