This Privacy Policy ("Policy") is issued by bf099 ("bf099", "we", "us", "our"), the operator of the online gaming platform at bf099.net ("Platform"), and applies to all personal information collected from registered members and visitors of the Platform ("Members", "Users", "you"). This Policy is issued in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173) ("DPA"), its Implementing Rules and Regulations, the issuances of the National Privacy Commission ("NPC"), and applicable PAGCOR regulatory requirements.
By registering an account on the bf099 Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your personal information as described herein. If you do not consent to the terms of this Policy, you must not register an account or use the Platform.
Scope & Application
This Policy applies to all personal information processed by bf099 in connection with the operation of the Platform, including data collected during account registration, KYC verification, deposits and withdrawals, gameplay activity, customer support interactions, and promotional communications. This Policy applies to information collected through the bf099.net website and any related mobile-optimised web interface.
This Policy does not apply to the privacy practices of third-party payment processors, game providers, or other third-party services that Members may access via the Platform. Those third parties maintain their own privacy policies governing their data handling practices, and Members are encouraged to review those policies independently.
Data Controller
For the purposes of the Data Privacy Act of 2012, bf099 is the personal information controller ("PIC") in respect of the personal data of its Members. bf099 determines the purposes and means of processing Member personal data and is responsible for ensuring that processing is carried out in accordance with applicable Philippine data protection law and PAGCOR requirements.
bf099 has designated a Data Protection Officer ("DPO") responsible for overseeing compliance with this Policy and the DPA. Contact details for the DPO are set out in Section 15 of this Policy.
Personal Data We Collect
bf099 collects the following categories of personal information from Members:
3.1 Registration & Identity Data
| Data Category | Specific Data Points | Purpose |
|---|---|---|
| Identity | Legal full name, date of birth, gender | Account creation, age verification, KYC |
| Contact | Philippine mobile number, email address (if provided) | Account verification, 2FA, support communications |
| Government ID | PhilSys ID, driver's licence, passport, or SSS/GSIS ID (number and image) | KYC verification (PAGCOR requirement) |
| Facial Biometric | Selfie / liveness check image (where required for KYC) | Identity verification against government ID |
3.2 Financial Data
| Data Category | Specific Data Points | Purpose |
|---|---|---|
| Payment Account | GCash mobile number, PayMaya account reference, bank account name and number (BPI/BDO/Metrobank) | Deposit and withdrawal processing |
| Transaction Records | Deposit amounts, dates and times, withdrawal amounts, transaction IDs | Financial record-keeping, PAGCOR compliance, AML monitoring |
| Account Balance | Real money balance, bonus balance history | Account management, dispute resolution |
3.3 Platform Usage Data
bf099 collects technical and behavioural data arising from your use of the Platform, including: game session records (games played, wagers placed, outcomes, session duration); login records (date, time, IP address, device type, browser type); and customer support interaction records. This data is used for platform security, fraud prevention, responsible gaming monitoring, and service improvement.
How We Collect Personal Data
bf099 collects personal data through the following means:
- Directly from you — when you register an account, complete KYC verification, make a deposit or withdrawal request, contact customer support, or participate in promotions;
- Automatically — through your use of the Platform, including via cookies, server logs, and technical tracking tools that record device and session information;
- From third-party payment processors — GCash, PayMaya, and banking partners provide transaction confirmation data necessary for deposit and withdrawal processing;
- From identity verification services — where bf099 uses third-party KYC providers to assist with identity document verification and liveness checking.
Purposes of Processing
bf099 processes Member personal data for the following specific purposes:
- Account registration and management — to create, maintain, and administer your bf099 Account;
- Identity verification (KYC) — to verify your identity and age as required by PAGCOR and the Anti-Money Laundering Act;
- Payment processing — to process deposits and withdrawals via GCash, PayMaya, and bank transfer channels in Philippine Peso;
- Platform security and fraud prevention — to detect, investigate, and prevent fraudulent activity, multiple account creation, and security breaches;
- Responsible gaming compliance — to monitor gameplay patterns and apply responsible gaming tools in accordance with PAGCOR requirements;
- Customer support — to respond to your inquiries, resolve disputes, and provide technical assistance;
- Legal and regulatory compliance — to meet bf099's obligations under PAGCOR regulations, the DPA, and Philippine anti-money laundering legislation;
- Promotional communications — to send you information about bf099 promotions and offers, subject to your communication preferences.
Legal Basis for Processing
Under the Data Privacy Act of 2012, bf099 relies on the following legal bases for processing Member personal data:
- Contractual necessity — processing necessary to perform the agreement between bf099 and the Member (the Terms & Conditions), including account management and payment processing;
- Legal obligation — processing necessary to comply with PAGCOR regulations, the Anti-Money Laundering Act (RA 9160), and other applicable Philippine law;
- Consent — processing for promotional communications and certain optional features, where you have expressly consented and may withdraw consent at any time;
- Legitimate interests — processing for platform security, fraud prevention, and service improvement, where bf099's legitimate interests are not overridden by your rights and interests.
Data Sharing & Disclosure
bf099 does not sell, rent, or trade your personal information to third parties for their own commercial purposes. bf099 shares personal data only in the following circumstances:
7.1 Service Providers (Personal Information Processors)
bf099 engages third-party service providers who process personal data on bf099's behalf under contractual data processing agreements. These include: payment processors (GCash, PayMaya, BPI, BDO, Metrobank, InstaPay); KYC and identity verification service providers; game software providers (JILI, PG Soft, Pragmatic Play, and others); platform hosting and cloud infrastructure providers; and customer support technology providers. All such providers are bound by data processing agreements requiring them to process Member data only as directed by bf099 and in accordance with applicable Philippine data protection law.
7.2 Regulatory Disclosure
bf099 may be required to disclose Member personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), or other Philippine government authorities where required by applicable law, regulatory order, or lawful legal process. bf099 will comply with such requirements and, where legally permitted, will inform the affected Member of any such disclosure.
7.3 Business Transfers
In the event of a merger, acquisition, reorganisation, or sale of all or part of bf099's business, Member personal data may be transferred as part of that transaction. bf099 will notify affected Members in advance of any such transfer, and the acquiring entity will be required to honour this Privacy Policy or provide Members with equivalent or greater protections.
International Data Transfers
Certain third-party service providers engaged by bf099 — including game software providers and platform infrastructure services — may process Member data on servers located outside the Philippines. Where international data transfers occur, bf099 ensures that adequate data protection safeguards are in place through contractual clauses that require the recipient to apply data protection standards equivalent to those required under Philippine law.
Core Member account data, KYC documents, and Philippine payment transaction records are stored on infrastructure located in jurisdictions that provide an adequate level of data protection as assessed by bf099. Members who wish to know more about the specific countries to which their data may be transferred may contact bf099's Data Protection Officer.
Data Retention
bf099 retains Member personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law and PAGCOR regulatory obligations. The following retention periods apply:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration data | Duration of account + 5 years post-closure | PAGCOR regulatory requirement |
| KYC identity documents | Duration of account + 5 years post-closure | Anti-Money Laundering Act (RA 9160) |
| Financial transaction records | 5 years from date of transaction | AMLC and PAGCOR requirements |
| Platform usage & game logs | 2 years from date of activity | Security, dispute resolution |
| Customer support records | 3 years from date of interaction | Dispute resolution, service improvement |
| Marketing consent records | Until consent is withdrawn + 1 year | DPA consent documentation requirements |
Upon expiry of the applicable retention period, bf099 will securely delete or anonymise the relevant personal data in accordance with its data disposal procedures.
Data Security
bf099 implements appropriate technical and organisational security measures to protect Member personal data against unauthorised access, loss, disclosure, alteration, or destruction. These measures include:
- SSL/TLS encryption on all data transmissions between Member devices and bf099 servers;
- Encryption at rest for sensitive personal data including KYC documents and financial records stored on bf099 systems;
- Two-factor authentication (2FA) via Philippine mobile number for account access, reducing the risk of unauthorised login;
- Access controls restricting internal access to Member personal data to authorised bf099 personnel on a need-to-know basis;
- Regular security assessments of the Platform and its infrastructure;
- Incident response procedures for detecting, investigating, and responding to personal data breaches.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected Members, bf099 will notify the National Privacy Commission within 72 hours of becoming aware of the breach, in accordance with the DPA, and will notify affected Members without undue delay.
Cookies & Tracking Technologies
bf099 uses cookies and similar tracking technologies on the Platform to support core functionality, improve user experience, and maintain platform security. The following categories of cookies are used:
- Strictly necessary cookies — required for the Platform to function, including session management and authentication. These cannot be disabled.
- Functional cookies — remember your preferences such as language settings and lobby display options to personalise your experience across sessions.
- Analytics cookies — collect anonymised data about how Members use the Platform to help bf099 identify areas for improvement. No personally identifiable information is sent to analytics services.
- Security cookies — detect fraudulent activity and protect the Platform from automated abuse and suspicious login attempts.
You can manage cookie preferences through your browser settings. Disabling strictly necessary cookies will affect the functionality of the Platform, including your ability to log in and maintain an active session. bf099 does not use cookies for third-party advertising or cross-site tracking.
Your Rights as a Data Subject
Under the Data Privacy Act of 2012, you have the following rights in relation to personal data held by bf099:
- Right to be Informed — you have the right to be informed that your personal data is being collected and processed, and the purposes for which it is processed. This Policy constitutes bf099's fulfilment of this obligation.
- Right of Access — you may request a copy of the personal data bf099 holds about you, along with information about the purposes of processing and the recipients to whom your data has been disclosed.
- Right to Rectification — you may request correction of inaccurate or incomplete personal data held about you.
- Right to Erasure or Blocking — you may request deletion or blocking of your personal data where there is no longer a lawful basis for its retention, subject to bf099's legal retention obligations under PAGCOR regulations and the Anti-Money Laundering Act.
- Right to Object — you may object to the processing of your personal data for direct marketing or profiling purposes. bf099 will cease such processing upon receipt of a valid objection.
- Right to Data Portability — you may request a copy of your personal data in a structured, commonly used, machine-readable format where technically feasible.
- Right to Lodge a Complaint — if you believe bf099 has processed your personal data in violation of the DPA, you have the right to lodge a complaint with the National Privacy Commission of the Philippines.
To exercise any of the above rights, contact bf099's Data Protection Officer at the details in Section 15. bf099 will respond to data subject requests within thirty (30) calendar days of receipt, or notify you if additional time is required. Some rights may be subject to limitations where bf099 has overriding legal obligations, particularly under PAGCOR regulations and the Anti-Money Laundering Act.
Children's Privacy
The bf099 Platform is strictly restricted to individuals aged 21 years and above in accordance with PAGCOR regulations. bf099 does not knowingly collect or process personal data relating to individuals under 21 years of age. Where bf099 discovers that personal data has been collected from an individual under 21, the associated Account will be immediately closed, the data will be deleted (subject to any mandatory retention obligations), and the matter will be handled in accordance with PAGCOR's underage gambling protocols.
Parents and guardians who have reason to believe that a minor has registered an account on bf099 are encouraged to contact bf099 support immediately via live chat.
Amendments to This Policy
bf099 reserves the right to amend this Privacy Policy at any time to reflect changes in applicable law, PAGCOR requirements, or our data processing practices. Material changes to this Policy will be communicated to registered Members via their registered Philippine mobile number or email address (where provided) and via a prominent notice on the bf099 Platform, no less than fourteen (14) days before the revised Policy takes effect, unless immediate amendment is required by law or regulatory directive.
The "Effective Date" at the top of this Policy indicates the date of the most recent revision. Continued use of the Platform following the effective date of any amendment constitutes your acceptance of the revised Policy. If you do not accept the revised Policy, you must cease using the Platform and request Account closure.
Contact & Data Protection Officer
For all privacy-related inquiries, data subject access requests, complaints, or queries regarding this Policy, please contact bf099's Data Protection Officer through the following channels:
- Data Protection Officer — bf099
- Email: [email protected] — mark your message with the subject line "DPA Request – [Your Account Username]" for faster routing to the privacy team. Please allow up to thirty (30) calendar days for a full response.
- Live Chat: Available 24/7 on bf099.net for urgent account-related privacy concerns. The live chat team will route privacy-specific requests to the DPO.
If you are not satisfied with bf099's response to a privacy concern, you have the right to lodge a formal complaint with the National Privacy Commission of the Philippines (NPC), the regulatory body responsible for enforcing the Data Privacy Act of 2012 in the Philippines.