saggili Privacy Policy

saggili ("saggili", "we", "us", "our") is committed to protecting the personal data of every player who uses our online gaming platform. This commitment is not merely a regulatory formality — it reflects saggili's recognition that Filipino players trust us with sensitive personal and financial information when they create an account, make deposits via GCash or BPI, or verify their identity under PAGCOR's KYC requirements.

This Privacy Policy sets out in clear terms what personal data saggili collects, the purposes for which it is processed, who it may be shared with, how long it is retained, and what rights you hold as a data subject under Philippine law. We have written this Policy to be readable and precise — not buried in deliberate complexity.

This Policy is governed by Republic Act No. 10173 (the Data Privacy Act of 2012, "PDPA"), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission of the Philippines ("NPC"). saggili's data processing activities are also subject to PAGCOR's player data requirements as part of our operating licence.

2.1 Controller. For the purposes of the Data Privacy Act of 2012, saggili — the operator of the saggili.club online gaming platform licensed by PAGCOR — is the personal information controller responsible for the personal data collected through this Platform.

2.2 Data Protection Officer. saggili has designated a Data Protection Officer ("DPO") in compliance with Section 21 of the PDPA and NPC Circular 16-01. The saggili DPO is responsible for overseeing compliance with this Privacy Policy and applicable data protection law. You may contact the DPO via saggili's official support channels.

2.3 NPC Registration. saggili maintains its registration with the National Privacy Commission of the Philippines as required for personal information controllers processing personal data above the applicable threshold under NPC regulations.

3.1 Registration Data. When you create a saggili account, we collect: full legal name, date of birth, Philippine mobile number, email address (optional), and residential address within the Philippines. This data is required to create and maintain your account and to comply with PAGCOR player registration requirements.

3.2 Identity Verification (KYC) Data. To comply with PAGCOR licensing conditions and Philippine AML obligations under Republic Act No. 9160 (as amended), saggili collects copies of government-issued identification documents — which may contain your full name, photo, date of birth, ID number, and other details present on the submitted document. KYC data is collected and retained as a regulatory obligation.

3.3 Financial Transaction Data. saggili records all deposits, withdrawals, bonus credits, and wagers associated with your account. For payment processing, we collect your GCash mobile number, PayMaya number, bank account details, or other payment identifiers you provide. Full financial account credentials (e.g., bank passwords, GCash PINs) are never collected or stored by saggili.

3.4 Technical and Usage Data. saggili automatically collects certain technical data when you access the Platform: IP address, device type and operating system, browser type and version, session timestamps, pages visited, games played, and in-game actions. This data is used for Platform security, fraud prevention, and improving user experience.

3.5 Communications Data. If you contact saggili's support team via live chat, email, or SMS, we retain records of those communications for quality assurance, dispute resolution, and compliance purposes.

3.6 Responsible Gaming Data. If you set deposit limits, request a cooling-off period, or initiate self-exclusion, saggili records this for the purpose of enforcing your responsible gaming preferences and complying with PAGCOR responsible gaming requirements.

saggili processes your personal data strictly for the following defined purposes. Data collected for one purpose is not used for another purpose that is incompatible with the original basis of collection:

• Account Creation and Management: To create, maintain, and operate your saggili player account, including processing login, managing your wallet balance, and recording your gaming history;
• Identity Verification and KYC: To verify that you are who you say you are, that you are at least 21 years of age, and that you are located within the Philippines — all as required by PAGCOR and AML law;
• Payment Processing: To process your GCash, PayMaya, BPI, BDO, Metrobank, or other payment method deposits and to execute your withdrawal requests in compliance with Philippine banking regulations;
• Regulatory Compliance: To fulfil saggili's obligations under PAGCOR licensing conditions, Republic Act No. 9160 (AMLA), the Data Privacy Act, and other applicable Philippine law — including mandatory reporting to PAGCOR and the Anti-Money Laundering Council (AMLC) where required;
• Security and Fraud Prevention: To monitor for suspicious account activity, detect fraud, prevent money laundering, and protect the integrity of the saggili platform and its player community;
• Responsible Gaming Enforcement: To apply and enforce your responsible gaming preferences — including deposit limits, self-exclusion orders, and PAGCOR-mandated player protection measures;
• Platform Improvement: To analyse aggregated, de-identified usage data to improve the saggili platform's performance, game selection, and user interface;
• Customer Support: To respond to your queries, resolve disputes, and provide assistance through saggili's support channels;
• Marketing Communications: To send you promotional offers, bonus notifications, and platform updates — but only where you have provided explicit consent and have not subsequently opted out.

Under Section 12 of the Data Privacy Act of 2012, personal data may only be processed in the Philippines where a lawful basis exists. saggili processes personal data on the following lawful bases:

• Performance of a Contract (Section 12[b]): Processing necessary to execute the player account agreement — including account management, payment processing, and game operation;
• Compliance with a Legal Obligation (Section 12[c]): Processing required by PAGCOR regulations, the AMLA (RA 9160), and other applicable Philippine statutes — including KYC, AML transaction monitoring, and mandatory PAGCOR reporting;
• Consent (Section 12[a]): Processing for optional purposes where you have given specific, informed, and freely given consent — including marketing communications. You may withdraw consent for marketing at any time;
• Legitimate Interests (Section 12[f]): Processing for fraud prevention, platform security, and aggregated analytics where saggili's legitimate interests are balanced against and do not override your data subject rights.

6.1 No Sale of Data. saggili does not sell, rent, or commercially transfer your personal data to any third party.

6.2 Service Providers. saggili shares personal data with contracted third-party service providers solely to the extent necessary for them to deliver specified services on saggili's behalf. These include:

• Payment processors and e-wallet operators (GCash/GXI, PayMaya/Maya Bank, BPI, BDO, Metrobank) for deposit and withdrawal processing;
• KYC and identity verification service providers that assist with document verification and age confirmation;
• Game software providers (Pragmatic Play, PG Soft, Jili, Habanero, CQ9, and others) whose games are hosted on the saggili Platform — limited to session and transaction data necessary to operate the specific game;
• Cloud infrastructure and data hosting providers operating in secure environments;
• Fraud detection and AML screening service providers;
• Customer support software providers.

All third-party service providers are bound by data processing agreements that prohibit them from using your personal data for any purpose beyond the contracted service and that require compliance with data protection standards consistent with the PDPA.

6.3 Regulatory Authorities. saggili is legally required to share personal data with regulatory and law enforcement authorities in specified circumstances, including: PAGCOR (as licence supervisor), the Anti-Money Laundering Council (AMLC) for covered and suspicious transaction reporting under RA 9160, the National Privacy Commission (in the event of a reportable data breach), and Philippine law enforcement with a valid legal order.

6.4 Cross-Border Transfers. Where personal data is transferred outside the Philippines — for example, to cloud infrastructure providers — saggili ensures such transfers are subject to appropriate safeguards consistent with NPC requirements, including contractual clauses providing PDPA-equivalent protections.

7.1 Retention Periods. saggili retains personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law and PAGCOR regulations. The following general retention periods apply:

7.2 Deletion. Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised. Where data is anonymised, the resulting dataset no longer constitutes personal data and is not subject to the PDPA.

7.3 Legal Hold. Notwithstanding the general retention periods, saggili may retain personal data for a longer period where required by a court order, PAGCOR direction, AMLC hold order, or other mandatory legal process.

8.1 What We Use. saggili uses cookies and similar tracking technologies (including browser local storage and session tokens) to operate the Platform, maintain your login session, and analyse usage patterns. Cookies set by saggili are first-party only; saggili does not use third-party advertising cookies.

8.2 Cookie Categories:

• Strictly Necessary Cookies: Required for the Platform to function. These include session cookies that maintain your login state and security cookies that protect against CSRF attacks. These cannot be disabled without disabling saggili itself.
• Functional Cookies: Remember your preferences — such as language settings, responsible gaming reminder intervals, and game display settings — to personalise your saggili experience.
• Analytics Cookies: Collect aggregated, de-identified data on how players navigate the Platform to help saggili improve the user experience. saggili uses self-hosted analytics rather than third-party analytics services to minimise data exposure.

8.3 Cookie Management. Strictly necessary cookies cannot be disabled as they are essential to Platform operation. Functional and analytics cookies may be managed through your browser settings. Note that disabling functional cookies may affect the personalisation features of your saggili experience.

9.1 Technical Safeguards. saggili implements the following technical security measures to protect your personal data:

• Encryption in Transit: All data transmitted between your device and saggili's servers is encrypted using TLS 1.2 or higher (256-bit SSL), the same standard used by Philippine banks and financial institutions;
• Encryption at Rest: Sensitive personal data stored in saggili's databases — including KYC documents and payment details — is encrypted using AES-256;
• Access Controls: Access to personal data is restricted to authorised saggili personnel on a strict need-to-know basis. All access is authenticated, logged, and subject to regular access review;
• Penetration Testing: saggili's technical infrastructure undergoes regular independent penetration testing to identify and remediate security vulnerabilities;
• Incident Response: saggili maintains a documented data breach incident response plan in compliance with NPC Circular 16-03, including the obligation to notify the NPC within 72 hours and affected players without undue delay where a breach poses a risk to their rights.

9.2 Organisational Safeguards. All saggili employees and contractors with access to personal data receive mandatory data protection training and are bound by contractual confidentiality obligations. saggili conducts annual data protection awareness training for all staff.

9.3 Breach Notification. In the event of a personal data breach that poses a risk to the rights and freedoms of affected players, saggili will notify the National Privacy Commission within 72 hours of becoming aware of the breach and will notify affected players without undue delay, in accordance with Section 20(f) of the PDPA and NPC Circular 16-03.

As a data subject under the Philippine Data Privacy Act of 2012, you hold the following rights with respect to your personal data held by saggili. saggili will respond to verified data subject requests within the statutory period under the PDPA (generally 15 business days, with possible extension for complex requests):

• Right to Access: You may request a copy of the personal data saggili holds about you and information about how it is processed;
• Right to Rectification: You may request correction of inaccurate or incomplete personal data. Many registration details can be updated directly from your saggili account settings;
• Right to Erasure: You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, or where you withdraw consent — subject to saggili's legal retention obligations under PAGCOR regulations and the AMLA;
• Right to Object: You may object to processing of your personal data for direct marketing at any time. You may also object to other processing based on legitimate interests, subject to overriding legal grounds;
• Right to Restrict Processing: You may request that saggili restricts processing of your data in certain circumstances — for example, while accuracy is being contested;
• Right to Data Portability: You may request a machine-readable copy of personal data you have provided to saggili, for transfer to another controller, where technically feasible;
• Right to Damages: Under Section 16(f) of the PDPA, you may seek indemnity for damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorised use of your personal data;
• Right to Lodge a Complaint: You may lodge a complaint with the National Privacy Commission of the Philippines if you believe saggili has processed your data in violation of the PDPA.

To exercise any of the above rights, contact saggili's Data Protection Officer through the support channels available at [email protected]. saggili may require identity verification before processing data subject requests to protect against unauthorised access to player data.

11.1 No Services to Minors. saggili is strictly prohibited from providing real-money gaming services to persons under 21 years of age under PAGCOR regulations and the Terms & Conditions of saggili's operating licence. saggili does not knowingly collect or process personal data from persons under 21 years of age.

11.2 Detection of Underage Registration. If saggili discovers or has reasonable grounds to believe that personal data belonging to a person under 21 years of age has been collected — whether through KYC review, anomaly detection, or third-party reporting — saggili will immediately suspend the associated account, initiate deletion of the collected personal data to the extent permitted by applicable law, and report the matter to PAGCOR as required by licensing conditions.

11.3 Parental Reporting. If a parent or guardian becomes aware that their child under 21 years of age has created a saggili account, they should contact saggili immediately via support channels to report the matter. saggili will act promptly on such reports.

12.1 Policy Updates. saggili may update this Privacy Policy from time to time to reflect changes in law, regulatory requirements, Platform features, or saggili's data processing practices. The effective date shown at the top of this Policy will be updated with each revision.

12.2 Notification of Material Changes. Where a proposed change is material — meaning it significantly affects the way saggili processes your personal data or reduces your rights — saggili will provide notice to registered players via SMS or email to your registered contact details at least 14 days before the change takes effect.

12.3 Continued Use. Your continued use of the saggili Platform after the effective date of an updated Privacy Policy constitutes acknowledgement of the updated Policy. If you do not agree with a material change, you may close your account and request deletion of your personal data (subject to legal retention obligations) before the change takes effect.

13.1 saggili Data Protection Officer. For all queries, requests, and concerns relating to your personal data and saggili's privacy practices, contact saggili's Data Protection Officer:

13.2 National Privacy Commission. If you are not satisfied with saggili's response to your data privacy concern, you have the right to lodge a complaint with the National Privacy Commission of the Philippines, the independent authority responsible for enforcing the Data Privacy Act of 2012. Information on the NPC complaint process is available on the NPC's official website.

13.3 Related Policies. This Privacy Policy should be read alongside saggili's Terms & Conditions and Responsible Gaming Policy. Together, these three documents constitute the full framework governing your use of the saggili Platform and saggili's obligations to you as a player.