ditowin Privacy Policy

This Policy applies to all personal data collected by ditowin in connection with the operation of the ditowin Platform, including but not limited to data collected during account registration, identity verification (KYC), deposit and withdrawal processing, gameplay activity, customer support interactions, and marketing communications.

This Policy applies to all Players registered on ditowin, regardless of whether they access the Platform from Metro Manila, Cebu, Davao, Quezon City, Makati, or any other location in the Philippines. It applies equally to access via desktop browser and mobile browser. All data processing activities described in this Policy are conducted in respect of natural persons only — corporate or legal entity accounts are not offered on the ditowin Platform.

This Policy does not apply to the privacy practices of third-party websites linked from the ditowin Platform, including payment processors, game studio portals, or any other external service. We encourage you to review the privacy policies of any third-party services you interact with in connection with your ditowin account.

For the purposes of the Data Privacy Act of 2012, ditowin acts as the Personal Information Controller in respect of the personal data collected from Players through the ditowin Platform at ditowin.co.

ditowin is responsible for determining the purposes and means of processing personal data collected through the Platform. Where ditowin engages third-party service providers to process personal data on its behalf, those providers act as Personal Information Processors and are bound by written data processing agreements that require them to maintain confidentiality and implement appropriate security measures.

ditowin collects the following categories of personal data from Players. Collection occurs only to the extent necessary for the specific purposes identified in Section 5 of this Policy:

ditowin collects personal data through the following means:

• Direct provision by you — when you register an account, complete KYC verification, make a deposit or withdrawal, contact our support team, or participate in a promotion.
• Automated technical collection — when you access or use the Platform, our servers automatically log technical data such as IP addresses, device identifiers, session duration, and page interaction data.
• Cookies and similar tracking technologies — as described in Section 8 of this Policy.
• Third-party KYC and identity verification providers — who process your identity documents and return a verification result to ditowin. ditowin does not retain raw biometric data generated by these providers.
• Payment processors — who confirm the status and reference details of deposit and withdrawal transactions processed through GCash, PayMaya, BPI, BDO, Metrobank, and USDT channels.

Under the Data Privacy Act of 2012, ditowin processes personal data on the following legal bases:

• Contractual necessity — processing required to perform the contract between ditowin and the Player (i.e., to operate the Player's account, process deposits and withdrawals, and provide gaming services);
• Legal obligation — processing required to comply with applicable Philippine law, including PAGCOR regulatory requirements, anti-money laundering obligations under Republic Act No. 9160 (AMLA), and tax reporting obligations;
• Legitimate interests — processing carried out for the legitimate interests of ditowin, including fraud detection and prevention, platform security, responsible gaming monitoring, and service improvement, where such interests are not overridden by the Player's data protection rights; and
• Consent — where ditowin relies on your explicit consent for specific processing activities (such as the sending of marketing communications), you have the right to withdraw that consent at any time.

ditowin uses the personal data collected from Players for the following specific purposes:

• Account creation and management: Registering your account, maintaining your Player profile, and providing access to ditowin Platform features.
• Identity verification (KYC): Verifying your identity and age in compliance with PAGCOR requirements and anti-money laundering obligations. KYC is mandatory before real-money play and withdrawals are enabled.
• Payment processing: Processing deposits and withdrawals through GCash, PayMaya, BPI, BDO, Metrobank, and USDT. Verifying that payment accounts belong to the registered Player.
• Regulatory compliance: Fulfilling reporting and record-keeping obligations under applicable Philippine law, including anti-money laundering requirements and PAGCOR regulatory obligations.
• Customer support: Responding to support queries, investigating complaints, and resolving account disputes.
• Responsible gaming: Monitoring gameplay patterns for indicators of problem gambling. Applying responsible gaming controls in accordance with PAGCOR guidelines and ditowin's Responsible Gaming Policy.
• Security and fraud prevention: Detecting, investigating, and preventing fraudulent activity, bonus abuse, multiple account violations, and unauthorized account access.
• Marketing communications: Sending promotional offers, bonus notifications, and platform updates by email or SMS, where you have provided consent. You may opt out at any time through your account settings.
• Platform improvement: Analysing aggregated and anonymised usage data to improve the ditowin Platform, enhance game offerings, and optimise the player experience.

7.1 Service Providers. ditowin shares personal data with carefully selected third-party service providers who process data on our behalf solely for the purposes described in this Policy. These providers include:

• KYC and identity verification providers — who process identity documents and return verification results to ditowin;
• Payment processors — who facilitate deposit and withdrawal transactions (GCash, PayMaya, and banking partners);
• Game software providers — who supply and operate the games available on the ditowin Platform; and
• Cloud infrastructure and hosting providers — who host the Platform and its associated data systems.

All service providers are required to process personal data only on ditowin's documented instructions, to maintain appropriate security measures, and to delete or return data upon termination of the service relationship.

7.2 Regulatory Authorities. ditowin will disclose personal data to competent Philippine government authorities — including PAGCOR, the Anti-Money Laundering Council (AMLC), and the National Privacy Commission (NPC) — where required to do so by applicable law, court order, or regulatory direction.

7.3 No Sale of Data. ditowin does not sell, rent, or otherwise transfer personal data to third parties for their own marketing or commercial purposes under any circumstances.

ditowin uses cookies and similar technologies on the Platform. A cookie is a small data file placed on your device by a website. ditowin uses the following categories of cookies:

• Strictly necessary cookies: Essential for the operation of the Platform. These include session cookies that maintain your logged-in state and security cookies that prevent fraudulent activity. These cookies cannot be disabled without affecting your ability to use the Platform.
• Functional cookies: Enable the Platform to remember your preferences (e.g., language settings, preferred game categories) to enhance your experience. Disabling these cookies may reduce the functionality available to you.
• Analytics cookies: Collect anonymised data about how Players interact with the Platform — which pages are visited, how long sessions last, and where navigation errors occur. This data is used solely to improve the Platform.
• Security and fraud prevention cookies: Help ditowin identify suspicious login attempts, unusual session patterns, and potential bonus abuse activity by comparing current session data against historical patterns.

You may manage cookie settings through your browser's privacy controls. Note that disabling strictly necessary cookies will prevent you from logging in to your ditowin account.

ditowin retains personal data only for as long as necessary to fulfil the purposes described in this Policy, or as required by applicable Philippine law. The following retention periods apply:

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised such that it can no longer be attributed to an identifiable individual. Anonymised data may be retained indefinitely for statistical and platform improvement purposes.

ditowin implements a comprehensive set of technical and organisational security measures to protect personal data against unauthorised access, loss, destruction, or alteration. Key measures include:

• Transport Layer Security (TLS): All data transmitted between your device and ditowin's servers is encrypted using TLS. The padlock icon in your browser confirms an active encrypted connection.
• Password hashing: Account passwords are stored as salted cryptographic hashes using industry-standard algorithms. ditowin staff cannot view or retrieve your plaintext password under any circumstances.
• Access controls: Access to personal data within ditowin's systems is restricted to personnel with a documented operational need. Role-based access controls and audit logging are applied to all systems containing personal data.
• Two-factor authentication: ditowin offers 2FA for Player accounts and requires 2FA for all internal systems containing personal data.
• Security monitoring: Continuous monitoring for unauthorised access attempts, unusual data access patterns, and potential security incidents is maintained.
• Data breach response: In the event of a personal data breach, ditowin will notify affected Players and the National Privacy Commission in accordance with the requirements of the Data Privacy Act.

While ditowin implements robust security measures, no system is completely immune to security risks. Players are encouraged to use strong, unique passwords for their ditowin accounts and to enable two-factor authentication from their account security settings.

Under Republic Act No. 10173 (Data Privacy Act of 2012), Filipino data subjects have the following rights in respect of their personal data. ditowin provides mechanisms to exercise each of these rights through your account dashboard or via the support team:

To exercise any of the above rights, contact ditowin's Data Protection Officer via the support email set out in Section 15. ditowin will respond to data rights requests within thirty (30) days of receipt. We may request proof of identity before processing a data rights request.

The ditowin Platform is strictly intended for persons aged 21 years and above. ditowin does not knowingly collect or process the personal data of persons under the age of 21. Account registration by persons under 21 is prohibited, and ditowin conducts age verification as part of the KYC process for all accounts.

If ditowin becomes aware that personal data of a person under 21 has been collected — whether through fraudulent registration by the minor or a third party — that data will be deleted and the associated account will be permanently closed in accordance with the ditowin Terms & Conditions.

Some of the third-party service providers engaged by ditowin — including cloud hosting infrastructure providers and international game studios — may process personal data outside the Philippines. Where personal data is transferred to a jurisdiction outside the Philippines, ditowin ensures that the transfer is subject to appropriate safeguards, which may include:

• Standard contractual clauses approved by the National Privacy Commission or an equivalent competent authority;
• The receiving jurisdiction maintaining an adequate level of data protection as determined by the NPC; or
• Other legally recognised transfer mechanisms permissible under the Data Privacy Act.

Players who wish to obtain further information about cross-border data transfers or the applicable safeguards may contact ditowin's Data Protection Officer at the contact details provided in Section 15.

ditowin reserves the right to update or amend this Privacy Policy at any time to reflect changes in applicable law, regulatory requirements, or ditowin's data processing practices. Material changes to this Policy will be communicated to Players via one or more of the following methods: a notice on the Platform upon login; an email to the Player's registered email address; or a notification within the Player's account dashboard.

The date of the most recent update is displayed at the top of this Policy. Continued use of the ditowin Platform following the effective date of a Policy update constitutes your acknowledgement of the revised Policy. If you do not agree with any update, you must cease using the Platform and request account closure.

For all matters relating to this Privacy Policy, the exercise of data rights, or data protection concerns, Players may contact ditowin through the following channels. All privacy-related communications should be marked for the attention of the Data Protection Officer:

• Live Chat: Available inside your ditowin account dashboard, 24 hours a day, 7 days a week. Average response time under 2 minutes.
• Email (plain text — not a link): [email protected] — mark your message "Attn: Data Protection Officer."

ditowin will acknowledge receipt of privacy-related requests within five (5) business days and will endeavour to resolve all requests within thirty (30) days of receipt. Complex or multi-faceted requests may require a longer resolution period, in which case ditowin will notify you of the extended timeframe and the reasons therefor.