77haha Privacy Policy

1.1 This Privacy Policy ("Policy") describes how 77haha ("we," "us," "our") collects, uses, discloses, stores, and protects the personal data of users ("you," "your," "data subject") who register, access, or interact with the 77haha online gaming platform at 77haha.org and any associated mobile or web application.

1.2 This Policy is issued in compliance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations (IRR), and the issuances of the National Privacy Commission (NPC) of the Philippines.

1.3 By registering an account with 77haha or continuing to use the platform after the effective date of this Policy, you acknowledge that you have read and understood its contents and consent to the collection and processing of your personal data as described herein.

1.4 This Policy applies to all personal data collected in connection with your use of 77haha, whether provided directly by you, collected through automated means, or received from third-party sources such as payment processors or identity verification services.

2.1 For the purposes of the Data Privacy Act of 2012, 77haha is the personal information controller (PIC) in respect of your personal data. As PIC, 77haha determines the purposes and means by which your personal data is processed.

2.2 77haha has appointed a Data Privacy Officer (DPO) who is responsible for overseeing data protection strategy and compliance. The DPO's contact details are provided in Section 15 of this Policy.

2.3 Certain data processing activities are carried out by personal information processors (PIPs) — third parties engaged by 77haha to process data on our behalf (for example, payment gateways, identity verification services, and cloud infrastructure providers). These processors act under contractual instructions from 77haha and are subject to data processing agreements that impose obligations consistent with this Policy and applicable law.

The categories of personal data collected by 77haha vary depending on the nature of your interaction with the platform. The following table summarises the main data categories:

3.1 Sensitive Personal Information. Certain data elements — specifically government ID numbers and biometric data (selfie photographs used for identity matching) — constitute sensitive personal information under the DPA. This data is processed only to the extent necessary to meet KYC and regulatory requirements and is afforded a higher level of protection within our systems.

77haha collects personal data through the following channels:

• Direct Collection: Data you provide voluntarily when registering an account, completing KYC, submitting a support request, or updating your profile.
• Automated Collection: Data gathered automatically when you interact with the platform, including technical and behavioural data collected via cookies, server logs, and session tracking tools.
• Third-Party Sources: Data received from payment processors (e.g., GCash, Maya, BDO) to verify transaction details; data from identity verification service providers engaged to assist with KYC; and data from fraud detection partners flagging suspicious activity patterns.
• Publicly Available Sources: In limited circumstances, publicly available information may be used to verify identity details or assess risk, consistent with applicable law.

77haha processes your personal data for the following specific, legitimate purposes:

1. Account Registration and Management: Creating and maintaining your 77haha account, including authentication and access control.
2. Identity Verification (KYC): Verifying your identity and age (minimum 21 years) as required by PAGCOR regulations and anti-money laundering obligations.
3. Payment Processing: Processing deposits and withdrawals through your selected Philippine payment method, reconciling transactions, and maintaining accurate financial records.
4. Service Delivery: Enabling you to access and use the game library, sports betting markets, VIP programme, and other platform features.
5. Regulatory Compliance: Meeting obligations under PAGCOR licensing conditions, the Anti-Money Laundering Act (AMLA), the DPA, and other applicable Philippine law.
6. Fraud Prevention and Security: Detecting, investigating, and preventing fraudulent activity, account takeovers, money laundering, and other prohibited conduct.
7. Customer Support: Responding to your enquiries, resolving disputes, and providing technical assistance.
8. Responsible Gaming: Monitoring gaming behaviour to identify potential signs of problem gambling; administering voluntary deposit limits, loss limits, and self-exclusion requests.
9. Marketing Communications: Sending promotional offers and platform updates where you have provided consent and have not opted out. You may withdraw consent at any time via account settings or by contacting support.
10. Platform Improvement: Analysing aggregated, anonymised usage data to improve game performance, user experience, and platform stability.

Each processing activity carried out by 77haha is grounded in one or more of the following lawful bases under the DPA and its IRR:

• Consent: Where you have given clear, informed consent for a specific purpose (e.g., marketing communications). Consent may be withdrawn at any time without detriment to your account.
• Contractual Necessity: Processing that is necessary to perform our obligations under the Terms and Conditions you accepted at registration (e.g., processing deposits, settling bets, maintaining your account balance).
• Legal Obligation: Processing required to comply with applicable Philippine law, including KYC verification, AML transaction monitoring, and regulatory reporting to PAGCOR and AMLC.
• Legitimate Interests: Processing that is necessary for 77haha's legitimate interests — such as fraud prevention, platform security, and responsible gaming monitoring — provided such interests are not overridden by your fundamental rights and freedoms.

7.1 77haha does not sell, rent, or otherwise commercially exploit your personal data to external parties. Sharing is limited to the categories below and only to the extent necessary for each specific purpose.

7.2 Service Providers (Processors): Third-party vendors who process data on our behalf, including: payment gateways (GCash/Maya, BDO, BPI, USDT processors); KYC and identity verification providers; cloud hosting and infrastructure providers; customer support platform operators; and fraud analytics services. All processors are bound by data processing agreements.

7.3 Regulatory Authorities: Government agencies and regulators where disclosure is required by law, including PAGCOR, AMLC (Anti-Money Laundering Council), NPC (National Privacy Commission), and law enforcement agencies acting pursuant to a valid legal order.

7.4 Business Transfers: In the event of a merger, acquisition, or transfer of all or part of 77haha's business, your personal data may be transferred to the acquiring entity. You will be notified of any such transfer and the privacy terms applicable post-transfer before it takes effect.

7.5 Professional Advisors: Legal counsel, accountants, and auditors who are bound by confidentiality obligations and require access to data in the context of professional advice or audit engagement.

8.1 Some of 77haha's service providers operate servers or infrastructure located outside the Philippines. Where personal data is transferred to a foreign country, 77haha ensures that appropriate safeguards are in place as required by the DPA and applicable NPC issuances.

8.2 Safeguards for cross-border transfers include: contractual clauses consistent with NPC-recognised standards; transfer to countries recognized as providing an adequate level of data protection; and, where required, obtaining prior NPC approval for the transfer.

8.3 You may request details of the safeguards in place for any specific cross-border transfer by contacting our DPO at the address in Section 15.

9.1 77haha uses cookies and similar tracking technologies (session tokens, local storage) on the platform to provide, maintain, and improve the service. The main categories of cookies used are:

• Strictly Necessary Cookies: Required for the platform to function — including session management, authentication, and security. These cannot be disabled without breaking core functionality.
• Functional Cookies: Store your preferences (e.g., language, display settings, "remember this device" selections) to personalise your experience.
• Analytics Cookies: Collect anonymised data about how players navigate and use the platform, helping us improve performance and identify technical issues. No personally identifiable information is included in analytics data sent to third-party analytics tools.
• Fraud Prevention Cookies: Used to identify anomalous behaviour patterns, protect against account takeovers, and detect bot activity.

9.2 You may manage cookie preferences through your browser settings. Disabling strictly necessary cookies will impair or prevent access to the 77haha platform. Disabling functional or analytics cookies will not prevent you from using the platform but may affect the quality of your experience.

10.1 77haha retains personal data for the shortest period necessary to fulfil the purpose for which it was collected, unless a longer retention period is required or permitted by law.

10.2 The following general retention periods apply:

10.3 Upon expiry of the applicable retention period, data is securely deleted using industry-standard deletion methods, or anonymised in a manner that prevents re-identification, and retained in anonymised form for statistical and audit purposes.

As a data subject under the Philippine Data Privacy Act, you hold the following rights with respect to your personal data held by 77haha:

11.1 How to Exercise Your Rights. Submit a written request to our DPO at the contact details in Section 15, clearly identifying your account and the right you wish to exercise. Requests are acknowledged within 3 business days and resolved within 15 business days of receipt, subject to identity verification.

11.2 Limitations. Certain rights may be limited where compliance would: prevent 77haha from fulfilling a legal obligation; obstruct a law enforcement investigation; or disproportionately affect the rights of other individuals. Where a right cannot be exercised in full, we will explain the specific limitation in our response.

11.3 Right to Complain. If you believe your data rights have not been respected, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines. We encourage you to contact our DPO first so we can attempt to resolve the concern directly and promptly.

12.1 77haha implements a multi-layered information security framework to protect your personal data against unauthorised access, disclosure, alteration, or destruction. Key technical and organisational measures include:

• Encryption: 256-bit TLS/SSL encryption on all data in transit; AES-256 encryption for sensitive data at rest.
• Access Controls: Role-based access controls (RBAC) limiting data access to personnel with a genuine need; multi-factor authentication required for all administrative access.
• Network Security: Firewalls, intrusion detection systems (IDS), and DDoS mitigation in place across all production infrastructure.
• Vulnerability Management: Regular penetration testing and vulnerability assessments conducted by independent security firms; a defined patch management process for identified vulnerabilities.
• Staff Training: All 77haha employees with access to personal data receive mandatory data privacy training at onboarding and annually thereafter.
• Incident Response: A documented data breach response procedure including detection, containment, notification, and post-incident review processes.

12.2 Breach Notification. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, 77haha will notify the NPC and affected data subjects within 72 hours of becoming aware of the breach, in accordance with NPC Circular 16-03 and applicable DPA provisions.

13.1 The 77haha platform is strictly restricted to persons who are 21 years of age or older. 77haha does not knowingly collect personal data from individuals under 21.

13.2 If we become aware that personal data has been collected from a person under 21, that account will be immediately closed, the data deleted (subject to any mandatory legal retention obligations), and any funds returned to their verified source.

14.1 77haha reserves the right to amend this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or regulatory guidance from the NPC.

14.2 Material amendments will be communicated to registered players via the email address or mobile number on file and/or through a notice on the platform at least 14 days before the effective date. Minor or non-substantive updates (such as formatting corrections or clarifications that do not affect your rights) may be made without advance notice.

14.3 The version number and effective date at the top of this Policy will always reflect the current version. Previous versions are archived and available upon request from our DPO.

14.4 Your continued use of the 77haha platform following the effective date of an amended Policy constitutes acceptance of the updated version. If you do not accept a material amendment, you may close your account by contacting support.

For all data privacy matters — including rights requests, concerns about data processing, breach reports, or general enquiries about this Policy — please contact the 77haha Data Privacy Officer:

If you believe your rights have not been addressed adequately, you may also contact the National Privacy Commission (NPC) of the Philippines for independent assistance. The NPC oversees compliance with RA 10173 and its implementing regulations.