taya03 Privacy Policy

1.1 This Privacy Policy governs the collection, use, storage, disclosure, and protection of personal data provided by or collected from users ("you", "Player", "Data Subject") of the taya03 online casino and sports betting platform, accessible via taya03.co.

1.2 taya03 is the Data Controller responsible for your personal data as defined under Republic Act No. 10173, the Data Privacy Act of 2012 of the Philippines ("DPA"), and its Implementing Rules and Regulations ("IRR"). taya03 has appointed a Data Protection Officer ("DPO") whose contact details are set out in Section 14 of this Policy.

1.3 This Policy applies to all personal data processed in connection with: (a) the creation and management of your taya03 account; (b) the use of any gaming, betting, or promotional services on the Platform; (c) financial transactions including deposits, withdrawals, and related payment processing; (d) customer support interactions; and (e) communications sent to you by taya03.

1.4 This Privacy Policy is incorporated into and forms part of the taya03 Terms & Conditions. Capitalized terms used but not defined in this Policy have the meanings given to them in the Terms & Conditions.

2.1 taya03 collects the following categories of personal data:

2.2 taya03 does not intentionally collect sensitive personal information as defined under Section 3(l) of the DPA (such as health data, political opinions, religious beliefs, or biometric data beyond what is necessary for KYC verification) unless you voluntarily provide such information in the context of a specific request, such as a responsible gaming application.

3.1 Directly from You. Most personal data taya03 processes is provided directly by you during account registration, KYC submission, deposit and withdrawal requests, support interactions, and communications with our team.

3.2 Automatically via the Platform. When you access taya03, our servers and analytics tools automatically collect Technical Data and Usage Data, including your IP address, device fingerprint, browser type, and session activity. This collection is necessary for Platform security and fraud prevention.

3.3 From Payment Processors. When you initiate a deposit or withdrawal via GCash, PayMaya, BPI, BDO, Metrobank, or Visa/Mastercard, taya03 receives transaction confirmation data and, where required for AML compliance, source-of-funds information from the relevant payment provider.

3.4 From Identity Verification Services. taya03 may use third-party KYC and identity verification service providers to validate the authenticity of government-issued IDs submitted during the KYC process. These providers process your identity documents under strict confidentiality and data processing agreements with taya03.

3.5 Cookies and Tracking Technologies. taya03 uses cookies, web beacons, and similar technologies to collect Usage Data and Technical Data. Full details are provided in Section 6 of this Policy.

4.1 taya03 processes personal data only where a valid lawful basis exists under the DPA. The primary lawful bases applicable to taya03's processing activities are:

• Contractual Necessity: Processing required to register your account, provide gaming services, and process payments pursuant to your agreement with taya03 under the Terms & Conditions.
• Legal Obligation: Processing required to comply with taya03's obligations under Philippine law, including anti-money laundering (AML) regulations, PAGCOR licensing requirements, and the DPA itself.
• Legitimate Interests: Processing necessary for taya03's legitimate business interests, including fraud prevention, platform security, responsible gaming enforcement, and service improvement — where these interests are not overridden by your fundamental rights.
• Consent: Where taya03 sends you optional marketing communications or uses optional analytics tools, we rely on your freely given, specific, and informed consent, which you may withdraw at any time.

4.2 The specific purposes for which taya03 processes personal data include:

• Creating, maintaining, and managing your taya03 account
• Verifying your identity and age (21+ requirement) in accordance with PAGCOR guidelines
• Processing deposits, withdrawals, and related financial transactions
• Detecting, preventing, and investigating fraud, money laundering, and other unlawful activities
• Delivering and improving gaming services, including personalization
• Monitoring player activity for responsible gaming purposes and enforcing self-exclusion commitments
• Communicating with you regarding your account, transactions, and support requests
• Sending promotional communications where you have consented
• Complying with regulatory, legal, and audit requirements
• Exercising or defending legal claims

5.1 taya03 does not sell your personal data to third parties. We share personal data only in the following circumstances:

5.2 Service Providers. taya03 engages third-party service providers to assist in operating the Platform, including payment processors (GCash, PayMaya, banks), identity verification providers, cloud hosting providers, cybersecurity firms, and analytics service providers. These providers act as Data Processors under the DPA and are contractually bound to process your data solely on taya03's instructions and in accordance with this Policy.

5.3 Regulatory and Legal Authorities. taya03 will disclose personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission, the National Bureau of Investigation (NBI), the Philippine National Police, or any court of competent jurisdiction where required or authorized by Philippine law, or where disclosure is necessary to protect the rights, property, or safety of taya03, its players, or the public.

5.4 Business Transfers. In the event of a merger, acquisition, or sale of all or substantially all of taya03's assets, your personal data may be transferred to the acquiring entity as part of the transaction, subject to equivalent privacy protections as described in this Policy.

5.5 With Your Consent. taya03 will not share your personal data for purposes not described in this Policy without your prior consent.

6.1 taya03 uses cookies and similar tracking technologies on its Platform. Cookies are small text files stored on your device that enable taya03 to recognize your browser and remember certain information across sessions.

6.2 taya03 uses the following types of cookies:

• Strictly Necessary Cookies: Essential for the Platform to function correctly, including maintaining your login session, storing your authentication state, and enabling core gaming functionality. These cookies cannot be disabled without materially impairing Platform functionality.
• Performance and Analytics Cookies: Collect anonymized or aggregated information about how Players use the Platform (pages visited, errors encountered, load times) to help taya03 improve the user experience. These are subject to your consent.
• Security Cookies: Used to detect and prevent fraud, identify suspicious login behavior, and enforce responsible gaming controls including self-exclusion detection.
• Preference Cookies: Remember your display preferences and settings between sessions.

6.3 You can manage cookie preferences through your browser settings. Note that disabling strictly necessary cookies may prevent some or all Platform functionality from operating correctly.

6.4 taya03 does not use third-party advertising cookies or share Usage Data collected via cookies with external advertising networks.

7.1 taya03 retains personal data for the period necessary to fulfill the purposes for which it was collected, or as required by applicable Philippine law and regulatory obligations. The following general retention periods apply:

• Account and Identity Data: Retained for the duration of your active account and for a minimum of five (5) years after account closure, as required under AMLC and PAGCOR recordkeeping obligations.
• Financial Transaction Records: Retained for a minimum of five (5) years in accordance with AMLC requirements under RA 9160.
• KYC Documents: Retained for a minimum of five (5) years after the end of the business relationship, or longer if required by specific regulatory instruction.
• Gaming and Betting Records: Retained for a minimum of three (3) years after the relevant sessions or transactions, for dispute resolution and regulatory audit purposes.
• Customer Support Communications: Retained for two (2) years after the resolution of the relevant inquiry or complaint.
• Marketing Consent Records: Retained for the duration of the relevant marketing activity and for two (2) years after consent is withdrawn, for compliance documentation purposes.

7.2 Upon expiry of the applicable retention period, personal data is securely deleted, anonymized, or disposed of in a manner that prevents unauthorized access or reconstruction, using industry-standard data destruction practices.

8.1 taya03 implements appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, destruction, or alteration. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and taya03's servers
• Encryption of sensitive data at rest, including payment information and KYC document storage
• Role-based access controls limiting internal access to personal data to authorized personnel only
• Regular penetration testing and vulnerability assessments by independent security firms
• Multi-factor authentication requirements for all internal systems handling personal data
• Intrusion detection and prevention systems monitoring for unusual access patterns
• Regular staff training on data handling, privacy obligations, and security awareness

8.2 In the event of a personal data breach that poses a real risk of serious harm to affected data subjects, taya03 will notify the National Privacy Commission within seventy-two (72) hours of becoming aware of the breach, and will notify affected individuals without undue delay, in accordance with Section 20(f) of the DPA and NPC Circular 16-03.

8.3 While taya03 implements rigorous security measures, no system can be guaranteed completely secure. Players are responsible for maintaining the security of their own account credentials and devices used to access the Platform.

9.1 Under the Philippine Data Privacy Act of 2012 and its IRR, you have the following rights with respect to your personal data processed by taya03:

9.2 To exercise any of the above rights, please submit a written request to taya03's Data Protection Officer using the contact details in Section 14. taya03 will acknowledge your request within three (3) business days and will respond substantively within fifteen (15) business days, or such longer period as permitted by the DPA's IRR for complex requests.

9.3 taya03 may require you to verify your identity before processing a data subject rights request to prevent unauthorized disclosure of personal data to third parties.

9.4 Some rights are subject to exceptions under the DPA, including where processing is necessary for compliance with a legal obligation, for the exercise or defense of legal claims, or where erasure would conflict with taya03's regulatory recordkeeping requirements.

10.1 The taya03 Platform is strictly for individuals who are twenty-one (21) years of age or older. taya03 does not knowingly collect or process personal data from persons under 21 years of age.

10.2 Age verification is performed during the KYC process for all accounts. Where taya03 discovers that personal data has been collected from an individual under the age of 21, taya03 will immediately suspend the account, delete the associated personal data to the extent legally permissible, and take appropriate steps consistent with applicable law and PAGCOR requirements.

11.1 taya03 primarily processes and stores personal data within the Philippines. However, certain service providers engaged by taya03 (including cloud infrastructure providers, cybersecurity monitoring services, and identity verification providers) may process data in jurisdictions outside the Philippines.

11.2 Where personal data is transferred to a country outside the Philippines, taya03 ensures that appropriate safeguards are in place in accordance with Section 21 of the DPA and applicable NPC issuances. These safeguards may include: (a) transfers to countries with an adequate level of data protection as determined by the NPC; (b) contractual clauses that impose data protection obligations on the recipient equivalent to those applicable in the Philippines; or (c) other mechanisms recognized under Philippine law.

11.3 By accepting this Privacy Policy, you acknowledge and consent to the transfer of your personal data to service providers operating outside the Philippines, subject to the safeguards described in this clause.

12.1 The taya03 Platform may contain links to third-party websites or services (such as payment provider portals accessed during a deposit or withdrawal transaction). This Privacy Policy does not apply to those third-party websites or services.

12.2 taya03 is not responsible for the privacy practices or content of any third-party website or service. We encourage you to read the privacy policy of any third-party site you visit, particularly before providing any personal information.

12.3 taya03's inclusion of a link to a third-party website does not constitute an endorsement of that website's privacy practices or content.

13.1 taya03 may update this Privacy Policy periodically to reflect changes in our data processing practices, legal obligations, or Platform functionality. The "Last Updated" date at the top of this page will be revised to reflect the date of the most recent amendment.

13.2 For material changes to this Policy that may significantly affect how we process your personal data, taya03 will provide advance notice via a prominent notification on the Platform or by contacting you at your registered email address or Philippine mobile number. Your continued use of the taya03 Platform following such notification constitutes your acceptance of the updated Privacy Policy.

13.3 We recommend reviewing this Privacy Policy periodically. If you disagree with any update to this Policy, please contact our Data Protection Officer as described in Section 14 and consider closing your account in accordance with the Terms & Conditions.

14.1 If you have questions, concerns, or requests regarding this Privacy Policy or taya03's data processing practices, please contact our Data Protection Officer (DPO):

14.2 For complaints not resolved through taya03's internal process, you may contact the National Privacy Commission of the Philippines:

14.3 This Privacy Policy was last reviewed and approved on 1 January 2026. It supersedes all prior versions of the taya03 Privacy Policy. All taya03 account holders active as of this date are bound by this version upon their next use of the Platform.