auwin Privacy Policy
— How We Handle Your Personal Data

1 Introduction

auwin ("we," "us," or "our") is a PAGCOR-regulated online casino and sports betting platform operating at auwin.asia, designed and built specifically for Filipino players across the Philippines. We take our responsibilities as a data controller seriously, and this Privacy Policy sets out — in plain, clear terms — how auwin collects, processes, stores, and protects your personal information.

This Policy applies to all personal data we collect from players, prospective players, and website visitors in connection with the auwin platform. It covers information collected through account registration, gaming activity, payment transactions, customer support interactions, and your use of the auwin website and related services.

auwin is committed to compliance with Republic Act 10173, the Data Privacy Act of 2012 (DPA) of the Philippines, and its implementing rules and regulations. The auwin platform is also subject to data handling requirements under our PAGCOR operating license and the Anti-Money Laundering Act (AMLA) as it applies to licensed gaming operators.

If you have questions about this Policy or how auwin handles your personal data, contact us at any time via the details in Section 15 of this document.

2 Data Controller

For the purposes of the Data Privacy Act of the Philippines, auwin is the data controller responsible for your personal data collected through the auwin platform at auwin.asia.

As data controller, auwin determines the purposes and means by which your personal data is processed. auwin has appointed a Data Protection Officer (DPO) in compliance with the requirements of Republic Act 10173. Contact details for the DPO are provided in Section 15 of this Policy.

3 Personal Data We Collect

3.1 Registration and Account Data

When you create an auwin account, we collect the following information:

• Full legal name (as it appears on your government-issued Philippine ID)
• Date of birth (to verify you meet the 21-year minimum age requirement)
• Philippine mobile number (used for OTP verification and account communications)
• Email address
• Residential address in the Philippines
• Username and encrypted account password

3.2 Identity Verification (KYC) Data

Before processing your first withdrawal, auwin is required by PAGCOR and AMLA regulations to verify your identity. We collect:

• Copies of your valid Philippine government-issued identification document (UMID, passport, driver's license, PhilSys ID, Voter's ID, SSS/GSIS ID, or PRC ID)
• A selfie photograph for identity matching
• Proof of address where required by enhanced due diligence

3.3 Financial and Transaction Data

We collect financial data necessary to process deposits and withdrawals:

• GCash account number and registered mobile number
• PayMaya account details where applicable
• Bank account name and account number for BPI, BDO, or Metrobank transactions
• Deposit and withdrawal transaction history
• Betting and gaming activity records, including wager amounts and game outcomes

3.4 Technical and Usage Data

When you access the auwin platform, we automatically collect certain technical data:

• IP address and approximate geographic location derived from IP
• Device type, operating system, and browser type and version
• Session timestamps, pages visited, and features used
• Cookie and similar tracking technology data (see Section 6)

3.5 Communications Data

Records of your communications with auwin customer support — including live chat transcripts and email correspondence — are retained for quality assurance, dispute resolution, and training purposes.

3.6 Responsible Gaming Data

Where you use responsible gaming tools — including deposit limits, self-exclusion, or cool-off periods — auwin records the limits and exclusions you set, as well as usage patterns that may inform our responsible gaming interventions.

4 How We Use Your Personal Data

auwin uses your personal data for the following purposes:

• Account management: Creating and maintaining your auwin player account, processing logins, and managing account settings.
• Age and identity verification: Confirming that you are at least 21 years old and verifying your identity in compliance with PAGCOR licensing requirements and Philippine law.
• Payment processing: Processing deposits and withdrawals via GCash, PayMaya, BPI, BDO, and Metrobank in Philippine Peso.
• Gaming services: Enabling your participation in casino games, sports betting, bingo, and all other games available on the auwin platform.
• Regulatory compliance: Meeting our obligations under PAGCOR licensing conditions, the Anti-Money Laundering Act (AMLA), and other applicable Philippine laws and regulations.
• Fraud prevention and security: Detecting and preventing unauthorized account access, fraudulent transactions, money laundering, and abuse of the platform.
• Responsible gaming: Monitoring player activity to identify signs of problem gambling and administering responsible gaming tools including deposit limits, session limits, and self-exclusion.
• Customer support: Responding to your enquiries, resolving disputes, and providing assistance with your account.
• Platform improvement: Analysing aggregated usage data to improve the performance, design, and features of the auwin platform.
• Marketing communications: Sending you promotional offers, bonus notifications, and platform updates — but only where you have provided consent or where such communications are permitted under applicable law. You may opt out at any time.

5 Legal Basis for Processing

Under the Data Privacy Act of the Philippines (RA 10173), auwin processes your personal data on the following legal bases:

• Contractual necessity: Processing necessary to fulfil our contractual obligations to you as a registered auwin player — including account management, payment processing, and game access.
• Legal obligation: Processing required to comply with applicable Philippine law, including PAGCOR licensing requirements, AMLA obligations, and tax reporting requirements.
• Legitimate interests: Processing carried out in pursuit of auwin's legitimate business interests — such as fraud prevention, platform security, and service improvement — where those interests are not overridden by your rights and interests.
• Consent: Processing based on your explicit consent, including the sending of marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.

6 Cookies & Tracking Technologies

auwin uses cookies and similar tracking technologies on the auwin.asia website. Cookies are small text files stored on your device that help us recognise your browser, maintain your login session, and understand how the platform is being used.

Types of Cookies Used

• Essential cookies: Required for core platform functionality, including maintaining your login session, remembering your account preferences, and enabling secure transactions. These cannot be disabled without impairing your ability to use the platform.
• Analytics cookies: Used to collect aggregated, anonymised data about how players navigate and use the platform. This data helps auwin identify performance issues and improve the user experience. These cookies do not track individually identifiable information.
• Functional cookies: Remember your preferences — such as language settings and game lobby display options — to provide a more personalised experience.
• Security cookies: Used to detect and prevent fraudulent activity, including bot access and account takeover attempts.

You may manage cookie preferences through your browser settings. Blocking all cookies may impair platform functionality — in particular, essential cookies are required for the platform to operate correctly. auwin does not use third-party advertising or behavioural tracking cookies.

7 Data Sharing & Disclosure

auwin does not sell, rent, or trade your personal data to third parties for their own marketing purposes. Your personal data may be shared in the following limited circumstances:

7.1 Service Providers

auwin engages third-party service providers who process personal data on our behalf under data processing agreements. These include payment processors (GCash, PayMaya, BPI, BDO, Metrobank), identity verification and KYC service providers, gaming software providers, cloud hosting and infrastructure providers, and customer support technology providers. All service providers are contractually required to process data only in accordance with auwin's instructions and applicable law.

7.2 Regulatory Authorities

auwin is required by law to share certain player data with PAGCOR as the licensing authority, the Anti-Money Laundering Council (AMLC) where AMLA reporting obligations apply, the National Privacy Commission (NPC) in the event of a data breach or upon lawful request, and other Philippine government agencies where required by law or court order.

7.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a material part of auwin's business assets, your personal data may be transferred to the acquiring entity as part of that transaction. You will be notified of any such transfer and the privacy practices of the acquiring entity in advance.

8 International Data Transfers

Some of auwin's service providers — particularly cloud infrastructure and gaming software providers — may process your data in servers located outside the Philippines. Where such transfers occur, auwin ensures that appropriate safeguards are in place to protect your personal data to a standard consistent with the Data Privacy Act of the Philippines.

Safeguards used for international data transfers include: contractual clauses binding the recipient to Philippine-equivalent data protection standards, transfers only to jurisdictions that PAGCOR and the NPC recognise as providing adequate protection, and data processing agreements that restrict the recipient's use of your data to the specified service purpose.

9 Data Retention

auwin retains your personal data for as long as your account remains active and for a period following account closure as required by law and regulatory obligation. The following general retention periods apply:

• Account and identity data: Retained for the duration of your active account plus five (5) years after account closure, in compliance with PAGCOR licensing and AMLA record-keeping requirements.
• Transaction records: Retained for five (5) years from the date of the transaction, as required by AMLA reporting obligations and Philippine tax law.
• KYC documents: Retained for five (5) years after account closure or the completion of the last transaction, whichever is later.
• Customer support records: Retained for two (2) years from the date of the interaction, unless the record relates to an unresolved dispute.
• Marketing opt-in records: Retained for the duration of the marketing relationship plus two (2) years, to demonstrate consent where required.

Upon expiry of applicable retention periods, personal data is securely deleted or irreversibly anonymised. Anonymised data may be retained for analytical purposes without limitation, as it no longer constitutes personal data.

10 Your Data Rights

Under Republic Act 10173 — the Data Privacy Act of the Philippines — you have the following rights with respect to your personal data held by auwin:

To exercise any of the above rights, submit a written request to auwin's Data Protection Officer via email at [email protected] with the subject line "Data Rights Request — [Your Account Number]." auwin will acknowledge your request within three (3) business days and provide a substantive response within fifteen (15) business days of receipt.

11 Children's Privacy

The auwin platform is strictly restricted to individuals who are at least 21 years of age. auwin does not knowingly collect personal data from individuals under 21 years old.

If auwin identifies that an account has been registered by a person under 21 years of age, the account will be immediately suspended and the personal data associated with the account will be deleted, except where retention is required for regulatory reporting purposes. Any funds deposited by an underage registrant will be handled in accordance with auwin's Terms and Conditions and PAGCOR guidelines.

auwin applies mandatory age verification through KYC document checks before processing any withdrawal, as an additional safeguard against underage registration.

12 Data Security

auwin implements a comprehensive set of technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, and destruction. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and auwin's servers
• Encryption at rest for sensitive data stored in auwin's databases, including financial account details and KYC documents
• Access controls limiting internal access to personal data to authorised personnel who require it for their specific role
• Two-factor authentication (2FA) available to all player accounts, and required for internal staff access to player data systems
• Regular security audits and penetration testing conducted by qualified security professionals
• Secure data centres with physical access controls, operated by certified cloud infrastructure providers
• Incident response procedures for the detection, containment, and reporting of data security incidents

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, auwin will notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach, and will notify affected data subjects as required by law.

While auwin takes all reasonable steps to protect your data, no system is completely immune to risk. You are also responsible for keeping your auwin account credentials confidential and for notifying auwin immediately if you suspect any unauthorised access to your account.

13 Third-Party Links

The auwin platform may contain references to or integrations with third-party services — such as GCash, PayMaya, BPI, BDO, and Metrobank — for payment processing purposes. These third-party services operate under their own privacy policies and data handling practices, which are separate from and independent of this Privacy Policy.

auwin does not control and is not responsible for the privacy practices of third-party payment providers or other external services. We encourage you to read the privacy policies of any third-party service you use in connection with your auwin account.

14 Amendments to This Policy

auwin reserves the right to update or amend this Privacy Policy at any time. The revised Policy will be posted on this page with an updated Effective Date. Where amendments are material — meaning they significantly affect how we collect or use your personal data — auwin will provide advance notice via the email address associated with your account or via an in-platform notification.

Your continued use of the auwin platform following the Effective Date of any amendment constitutes your acknowledgement of the revised Privacy Policy. If you do not agree with any amendment, you must stop using the platform and contact support to request account closure.

15 Contact & Complaints

For questions, data rights requests, or privacy-related concerns, contact auwin's Data Protection Officer using the following channels:

• Email: [email protected] — subject line: "DPO — Privacy Request" or "Data Rights Request — [Account Number]"
• 24/7 Live Chat: Available inside the auwin platform after login — request to speak with a Data Privacy Officer
• Response time: Acknowledgement within 3 business days; substantive response within 15 business days

Filing a Complaint with the NPC

If you are not satisfied with auwin's response to a privacy concern, or if you believe auwin has violated the Data Privacy Act of the Philippines, you have the right to file a complaint with the National Privacy Commission (NPC) of the Philippines. The NPC is the independent regulatory body responsible for enforcing RA 10173. Information on filing a complaint with the NPC is available through official Philippine government channels.