Privacy Policy

Last updated: June 23, 2026

Casino XO ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and protect your information in compliance with applicable data protection laws including the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and international data protection standards.

1. Who We Are (Data Controller)

Casino XO is operated by Casino XO International Ltd, an online gaming operator. For data protection enquiries, contact our Data Protection Officer at: [email protected]

2. Legal Framework

We process personal data in accordance with:

Philippine Data Privacy Act of 2012 (RA 10173) and its Implementing Rules and Regulations (IRR) — the primary framework for Philippine players; General Data Protection Regulation (GDPR, EU 2016/679) — applicable to EU resident players; and applicable international anti-money-laundering (AML) requirements governing online gambling operators.

3. Data We Collect

3.1 Identification Data

Full name, date of birth, government-issued ID details (e.g., PhilSys National ID, Passport, Driver's License) required for account verification and KYC compliance.

3.2 Contact Data

Email address, phone number, residential address. Used for account management, security notifications, and support communications.

3.3 Financial Data

Payment method details (GCash number, bank account details), transaction history (deposits, withdrawals, bonus activity), and wagering records. Required for payment processing and AML compliance.

3.4 Gameplay Data

Game session records, bets placed, wins/losses, responsible gaming limit settings, and bonus usage. Used for game integrity, responsible gaming monitoring, and account management.

3.5 Technical Data

IP address, device type, browser, operating system, session timestamps, cookies. Used for security, fraud prevention, and platform optimisation.

3.6 Marketing Data

Communication preferences, opt-in records, campaign interaction history. Used only with your explicit consent.

4. Legal Basis for Processing

Purpose	Legal Basis
Account creation and management	Contract performance
KYC / identity verification	Legal obligation (AML laws)
Payment processing	Contract performance
Fraud prevention and security	Legitimate interest
Responsible gaming monitoring	Legal obligation / legitimate interest
Marketing communications	Consent (revocable at any time)
Legal claims and regulatory reporting	Legal obligation

5. Data Retention

Data Category	Retention Period	Reason
Account data	5 years post-account closure	Regulatory compliance
AML/KYC records	5 years post-transaction	AML legal obligation
Transaction history	5 years	Financial regulatory requirement
Game logs	90 days	Dispute resolution
Marketing data	Until consent withdrawn + 30 days	Consent-based processing
Technical/security logs	12 months	Security monitoring

We may share your data with the following categories of third parties, only as necessary:

Payment processors (GCash / GXI, Maya / Paymaya, banking partners) for transaction processing; KYC/AML verification providers for identity checking; analytics providers (Google Analytics 4, anonymised) for platform improvement; regulatory bodies and law enforcement when required by law; cloud infrastructure providers operating under appropriate data processing agreements.

We do not sell your personal data to third parties for commercial purposes.

7. International Data Transfers

Your data may be processed outside the Philippines by our international service providers. Where such transfers occur, we ensure appropriate safeguards are in place in accordance with RA 10173 cross-border transfer requirements and applicable international standards.

8. Your Rights (Philippine Data Privacy Act)

Under Republic Act No. 10173, you have the following rights regarding your personal data:

▸Right to be informed — you have the right to know that your data is being processed and how.

▸Right to access — you may request a copy of the personal data we hold about you.

▸Right to rectification — you may request correction of inaccurate data.

▸Right to erasure — you may request deletion of data, subject to legal retention obligations.

▸Right to object — you may object to processing based on legitimate interest, particularly for marketing.

▸Right to data portability — you may request your data in a commonly used, machine-readable format.

To exercise your rights, contact our DPO at [email protected] with proof of identity. We will respond within 30 days.

9. Security Measures

Casino XO employs 256-bit SSL/TLS encryption for all data in transit. Data at rest is encrypted using industry-standard AES-256 encryption. Access to personal data is restricted on a need-to-know basis with role-based access controls and mandatory 2FA for staff. We conduct regular security audits and penetration testing.

10. Cookies

We use cookies and similar tracking technologies. See our Cookies Policy for full details on the types of cookies used and how to manage your preferences.

11. Complaints

If you believe your data protection rights have been violated, you may lodge a complaint with the National Privacy Commission of the Philippines (NPC): privacy.gov.ph · [email protected]

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to your registered address. Continued use of Casino XO following notification constitutes acceptance of the updated policy.

13. Contact

Data Protection Officer: [email protected]
General support: Contact Us

This Privacy Policy was last reviewed on June 23, 2026. Casino XO complies with Republic Act No. 10173 (Philippine Data Privacy Act of 2012). Terms & Conditions · Cookies Policy