taya07 Privacy Policy

taya07 (operated at taya07.club) is the personal information controller responsible for the personal data collected and processed through the taya07 online gaming platform, including the website, progressive web application, and all associated digital services. taya07 operates under a license granted by the Philippine Amusement and Gaming Corporation (PAGCOR) and is subject to the regulatory oversight of PAGCOR with respect to data handling obligations applicable to licensed online gaming operators in the Philippines.

As personal information controller, taya07 determines the purposes and means by which personal data collected from Filipino players and other users of the platform is processed. Where taya07 engages third-party service providers to process personal data on its behalf — such as payment processors, identity verification providers, and game software suppliers — those providers act as personal information processors under data processing agreements that impose obligations consistent with the Data Privacy Act of 2012.

taya07 collects personal data that is necessary for the lawful operation of the platform, including compliance with PAGCOR licensing requirements, KYC and AML obligations, and the provision of gaming and payment services to Filipino players. The categories of personal data we collect are as follows:

Account Registration Data

• Full legal name as it appears on your government-issued identification;
• Date of birth (to verify compliance with the 21+ age requirement);
• Philippine mobile number (primary account identifier and OTP delivery channel);
• Username chosen at registration;
• Account password (stored in hashed, non-reversible format — never stored in plain text);
• Email address (if provided).

Identity Verification (KYC) Data

• Copies of government-issued identification documents (PhilSys National ID, passport, driver's license, SSS/GSIS ID, UMID, or other PAGCOR-accepted documents);
• Selfie or live photo taken for facial comparison against identity document (where required by PAGCOR KYC protocols);
• Proof of address documents (where required for enhanced due diligence);
• Source of funds documentation (where required under AML protocols for high-value accounts).

Financial Transaction Data

• GCash account number or mobile number;
• Maya / PayMaya account details;
• Bank account details (BPI, BDO, Metrobank, or other linked bank accounts);
• Transaction history including deposits, withdrawals, and bonus credits;
• Payment method reference numbers and timestamps.

Gaming Activity Data

• Game sessions played, including game titles, bet amounts, winnings, and session duration;
• Sports betting selections and stake amounts;
• Bonus and promotion usage history;
• Responsible gaming limit settings and self-exclusion records.

Technical and Device Data

• IP address and approximate geographic location derived from IP;
• Device type, model, and operating system;
• Browser type and version;
• Session logs including login times and durations;
• Cookies and similar tracking technologies (see Section 10).

Communications Data

• Records of customer support conversations via live chat, email, or messaging platforms;
• Survey responses and feedback submitted through taya07 channels.

taya07 collects personal data through the following channels and methods:

• Directly from you during account registration, KYC submission, deposit and withdrawal requests, customer support interactions, and responsible gaming tool activations;
• Automatically through your use of the platform — including login sessions, game play, navigation patterns, and device/browser data collected via cookies and server logs;
• From payment providers such as GCash, Maya, BPI, BDO, and other payment processors, in the form of transaction confirmation data and payment reference numbers;
• From identity verification providers engaged by taya07 to assist with KYC document authentication and facial verification processes;
• From PAGCOR and other regulatory bodies where required for licensing compliance, including player exclusion lists and regulatory directives.

taya07 processes your personal data only for the purposes described in the following table. Each processing activity is tied to a specific purpose and a corresponding legal basis (set out in Section 5).

Under the Data Privacy Act of 2012 and its Implementing Rules and Regulations, taya07 relies on the following legal bases for the processing of personal data:

• Contractual Necessity: Processing necessary for the performance of the contract between taya07 and the Player — including account management, payment processing, and the delivery of gaming services — is carried out on the basis of contractual necessity.
• Legal Obligation: Processing required to comply with taya07's legal obligations under Philippine law — including PAGCOR licensing conditions, the Anti-Money Laundering Act (Republic Act No. 9160, as amended), the Data Privacy Act itself, and applicable tax regulations — is carried out on the basis of legal obligation.
• Legitimate Interest: Processing for fraud prevention, platform security, and responsible gaming program administration is carried out on the basis of taya07's legitimate interests, balanced against the privacy rights and interests of Players.
• Consent: Processing for marketing and promotional communications is carried out on the basis of your freely given, specific, informed, and unambiguous consent. You may withdraw consent for marketing communications at any time without affecting the lawfulness of prior processing or the continuation of other processing activities.

taya07 may share your personal data with the following categories of recipients in the circumstances described below:

• Payment Processors: GCash (GXI), Maya Philippines, BancNet, and other Philippine payment infrastructure providers receive transaction data necessary to execute your deposit and withdrawal instructions. These parties are subject to their own data privacy obligations under Philippine law.
• Identity Verification Providers: Third-party KYC service providers process identity document images and facial comparison data on behalf of taya07 under data processing agreements that restrict their use of your data to identity verification purposes only.
• Game Software Providers: Providers such as PG Soft, Pragmatic Play, Jili, and JDB receive limited technical data (such as a pseudonymous player identifier and session token) to deliver game content within the taya07 platform. These providers do not receive your name, contact details, or financial data.
• PAGCOR and Regulatory Authorities: taya07 is required by PAGCOR licensing conditions to provide player account data, transaction records, and gaming activity logs to PAGCOR upon request or as part of regular regulatory reporting. taya07 is also required to submit suspicious transaction reports to the Anti-Money Laundering Council (AMLC) in accordance with the Anti-Money Laundering Act.
• Law Enforcement and Courts: taya07 may disclose personal data to Philippine law enforcement agencies, courts, or other competent authorities where required to do so by law, court order, or in connection with the prevention or investigation of criminal activity.
• Professional Advisers: taya07's legal, accounting, and audit advisers may have access to personal data where necessary for the provision of professional services, subject to professional confidentiality obligations.

Some of taya07's game software providers and technical service providers operate servers or data processing infrastructure outside the Philippines. Where personal data is transferred to service providers located outside the Philippines, taya07 ensures that such transfers comply with Section 21 of the Data Privacy Act of 2012, which requires that personal data transferred abroad receives an equivalent level of protection to that required under Philippine law.

taya07 achieves this through the use of standard contractual clauses, data processing agreements that incorporate the data protection requirements of Philippine law, and by selecting service providers whose data protection practices have been assessed as meeting the required standard. Any international data transfer made by taya07 is limited to the minimum personal data necessary for the service being provided.

taya07 retains personal data for no longer than is necessary for the purposes for which it was collected, subject to any longer retention periods required by law. The following retention periods apply as a general guide:

After the applicable retention period expires, personal data is securely deleted or anonymized in a manner that prevents reconstruction of the original data. Where data must be retained for regulatory purposes, access is restricted to compliance personnel only.

taya07 implements a multi-layered information security program designed to protect personal data from unauthorized access, disclosure, alteration, and destruction. The following security measures are in place:

• Encryption in Transit: All data transmitted between users and taya07 servers is encrypted using TLS/SSL protocols (minimum TLS 1.2);
• Encryption at Rest: Sensitive data stored in taya07's database infrastructure is encrypted at rest using AES-256 encryption;
• Password Hashing: Account passwords are hashed using industry-standard one-way hashing algorithms. taya07 cannot retrieve your password — only reset it;
• Two-Factor Authentication: Players may enable SMS-based two-factor authentication for additional account login security;
• Access Controls: Internal access to personal data is governed by a role-based access control system. Only taya07 personnel with a legitimate operational need may access any category of personal data;
• Penetration Testing and Security Audits: taya07 conducts regular security assessments, including penetration testing of platform infrastructure, to identify and remediate vulnerabilities;
• Data Breach Response: taya07 maintains a documented data breach response procedure. In the event of a personal data breach that poses a risk to the rights and freedoms of Players, taya07 will notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach and will notify affected Players without undue delay, as required by the Data Privacy Act.

taya07 uses cookies and similar tracking technologies to operate the platform effectively, maintain secure login sessions, analyze platform performance, and — where you have consented — to personalize your experience. The following categories of cookies are used:

• Strictly Necessary Cookies: These cookies are essential for the taya07 platform to function. They maintain your login session, store your security token, and enable core platform features. These cookies cannot be disabled without preventing the platform from operating correctly.
• Functional Cookies: These cookies remember your preferences — such as language settings and responsible gaming limit settings — to improve your experience across sessions.
• Analytics Cookies: taya07 uses analytics tools to collect anonymized or pseudonymized data about how users interact with the platform — including which pages are visited, game loading times, and error events. This data is used to improve platform performance and user experience. These cookies require your consent where not already covered by legitimate interest.
• Security Cookies: Cookies used for fraud detection, bot prevention, and login security are classified as security cookies. They are necessary for the security of your account and the platform.

You may manage your cookie preferences through your browser settings. Disabling strictly necessary cookies will prevent you from logging in to your taya07 account. Disabling functional or analytics cookies will not prevent access but may reduce functionality.

As a data subject under the Data Privacy Act of 2012, you have the following rights with respect to your personal data held by taya07. These rights are exercisable by contacting taya07's Data Protection Officer using the contact details in Section 15.

If you believe taya07 has not handled your personal data in accordance with the Data Privacy Act, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines.

taya07 is strictly an adult platform. The minimum age to register and use taya07 is twenty-one (21) years, as mandated by PAGCOR. taya07 does not knowingly collect personal data from any person under the age of 21. Age verification is conducted during the KYC process for all accounts prior to withdrawal processing.

If taya07 becomes aware that personal data has been collected from a person under 21 years of age, taya07 will immediately close the account, return any deposited funds in accordance with PAGCOR guidelines, and securely delete all personal data associated with the underage account. If you believe a person under 21 has registered a taya07 account, please contact taya07 support immediately via live chat or the DPO contact in Section 15.

The taya07 platform may contain references to or integrations with third-party services — including GCash, Maya, and game providers — whose own privacy policies govern the processing of personal data within their respective services. taya07 is not responsible for the privacy practices of third-party services and recommends that you review the privacy policies of any third-party service you use in connection with your taya07 Account.

When you make a GCash or Maya payment to or from taya07, the transaction is processed through the respective e-wallet provider's infrastructure. taya07 receives only the confirmation and reference data necessary to credit or debit your taya07 wallet — it does not receive or store your full GCash PIN, Maya password, or banking credentials.

taya07 reserves the right to amend this Privacy Policy at any time to reflect changes in applicable law, PAGCOR regulatory requirements, or taya07's data processing practices. When material changes are made, taya07 will notify registered Players by posting a notice on the platform and, where practicable, by sending an SMS notification to your registered mobile number at least 7 days prior to the amended Policy taking effect.

The date of the most recent revision to this Privacy Policy is displayed at the top of this page. Your continued use of the taya07 platform after any amended Privacy Policy takes effect constitutes your acknowledgement of the updated Policy. If you do not agree to material changes in the Policy, you may request account closure and withdrawal of your Real Money Balance in accordance with the taya07 Terms & Conditions.

For all matters relating to this Privacy Policy, including data subject rights requests, privacy concerns, and data breach notifications, please contact taya07's Data Protection Officer through the following channels:

• Subject Line for Email: Data Privacy – [Your Concern] (e.g., "Data Privacy – Right of Access Request")
• Email: [email protected] — marked for the attention of the Data Protection Officer
• Live Chat: Available 24/7 on the taya07 platform. For data privacy matters, ask to be connected to the DPO or compliance team.

taya07 commits to acknowledging all data privacy inquiries within 48 hours and to providing a substantive response within 15 business days. For complex requests involving large volumes of data or requiring additional verification, taya07 will notify you of any extension to this timeframe.