aaaaopen operates the online casino and sports betting platform accessible at aaaaopen.com. For the purposes of the Data Privacy Act of 2012, aaaaopen acts as the Personal Information Controller (PIC) in relation to the personal data of its Members and website visitors.
As the Personal Information Controller, aaaaopen determines the purposes and means by which your personal data is processed. We are responsible for ensuring that all processing of personal data conducted by aaaaopen or on our behalf by third-party service providers (Personal Information Processors) is compliant with the DPA 2012 and its Implementing Rules and Regulations issued by the National Privacy Commission (NPC) of the Philippines.
aaaaopen has designated a Data Protection Officer (DPO) who is responsible for overseeing this Privacy Policy and its implementation. Contact details for the DPO are provided in Section 15.
aaaaopen collects personal data through several channels, including account registration, platform use, payment transactions, customer support interactions, and compliance processes. The categories of personal data we collect are as follows:
2.1 Account Registration Data
- Full legal name
- Date of birth (for age verification — must be 21 years or older)
- Philippine mobile number
- Email address
- Username and encrypted password
- Preferred language
2.2 Identity Verification (KYC) Data
- Government-issued photo identification (e.g., Philippine National ID, passport, driver's license, SSS ID, PhilHealth ID)
- Selfie or live photograph for identity matching
- Proof of address (e.g., utility bill, bank statement)
- Source of funds documentation, where required by anti-money laundering procedures
2.3 Financial Transaction Data
- GCash account number or Maya account details linked to your aaaaopen wallet
- Bank account details where bank transfer methods are used (BPI, BDO, Metrobank)
- Transaction history: deposit amounts, dates, withdrawal requests, and payment references
- Wallet balance history and bonus credit records
2.4 Gaming Activity Data
- Game session records (game title, date, duration, wager amounts, outcomes)
- Sports betting records (events bet on, odds, stake, outcome)
- Bingo participation records
- Bonus and promotional activity
- VIP tier status and progression data
2.5 Technical & Device Data
- IP address at the time of login and transactions
- Device type, operating system, and browser type
- Mobile network provider (where applicable)
- Session cookies and authentication tokens
- Approximate geolocation (derived from IP address)
2.6 Customer Support Data
- Content of live chat, email, and support ticket communications
- Issue type, resolution history, and timestamps
- Any additional personal information you voluntarily share with our support team
aaaaopen processes your personal data for the following purposes:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account registration and management | Registration data, contact details | Contract performance |
| Age and identity verification (KYC) | KYC documents, date of birth | Legal obligation; legitimate interest |
| Processing deposits and withdrawals | Financial transaction data | Contract performance |
| Anti-money laundering compliance | Transaction data, KYC data | Legal obligation (AMLA) |
| Fraud detection and account security | Device data, IP address, login history | Legitimate interest |
| Providing gaming services | Gaming activity data | Contract performance |
| Responsible gaming monitoring | Gaming activity, deposit history | Legal obligation; legitimate interest |
| Customer support | Support communications, account data | Contract performance |
| VIP and loyalty program management | Gaming activity, account data | Contract performance; consent |
| Promotional communications (opt-in) | Contact details, game preferences | Consent |
| Platform improvement and analytics | Technical data (aggregated/anonymized) | Legitimate interest |
| Regulatory reporting | Account and transaction data | Legal obligation (PAGCOR, NPC) |
aaaaopen processes your personal data on the following legal grounds as recognized under the Data Privacy Act of 2012:
- Contract Performance: Processing is necessary to fulfill the contract between aaaaopen and you as a Member — including account management, payment processing, and service delivery.
- Legal Obligation: Processing is required to comply with applicable Philippine law — including the Anti-Money Laundering Act (RA 9160, as amended), PAGCOR regulatory requirements, and National Privacy Commission directives.
- Legitimate Interests: Processing is necessary for aaaaopen's legitimate business interests — including fraud prevention, account security, and responsible gaming monitoring — where these interests are not overridden by your rights.
- Consent: For specific processing activities — including direct marketing communications and the use of non-essential cookies — aaaaopen relies on your freely given, specific, and informed consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.
aaaaopen uses cookies and similar tracking technologies on the aaaaopen.com website to ensure proper platform functionality, maintain session security, and analyze how Members interact with the Platform.
5.1 Types of Cookies Used
- Strictly Necessary Cookies: Essential for the Platform to function. These include session authentication tokens, CSRF protection cookies, and load-balancing cookies. These cannot be disabled without impairing platform functionality.
- Functional Cookies: Remember your preferences — such as language settings and previously selected game categories — to personalize your aaaaopen experience.
- Analytics Cookies: Collect aggregated, anonymized data about how Members use the Platform. This data helps aaaaopen improve game lobby design, load performance, and navigation. Analytics data is processed in aggregated form and cannot identify individual Members.
- Security Cookies: Detect and prevent fraudulent login attempts, bot activity, and suspicious navigation patterns. These are classified as strictly necessary for platform integrity.
5.2 Managing Cookies
You can manage non-essential cookie preferences through your browser settings. Most modern browsers allow you to block or delete cookies; however, disabling strictly necessary cookies may prevent you from logging in or using core Platform features. aaaaopen does not use third-party advertising or retargeting cookies.
aaaaopen does not sell, rent, or commercially disclose your personal data to third parties. We share your data only in the specific circumstances described below, and solely to the extent necessary for each stated purpose.
6.1 Third-Party Service Providers (Personal Information Processors)
aaaaopen engages the following categories of service providers who process personal data on our behalf, subject to binding data processing agreements:
- Payment Processors: GCash (Mynt — Globe Fintech Innovations Inc.), Maya (PayMaya Philippines Inc.), and partner banks process payment transactions. They receive only the minimum data necessary to authenticate and complete your transaction.
- KYC & Identity Verification Partners: Third-party identity verification services may process your ID documents and biometric data to confirm your identity in compliance with PAGCOR and AMLA requirements.
- Game Providers: Game providers (e.g., JILI Games, PG Soft, Pragmatic Play) receive session identifiers and wager data to operate the games you play. They do not receive your full registration or payment details.
- Cloud Infrastructure & Security: aaaaopen uses cloud hosting and cybersecurity service providers who may have technical access to server data under strict confidentiality agreements.
- Customer Support Tools: Live chat and helpdesk platform providers may process support communication data to facilitate ticket management and resolution.
6.2 Legal and Regulatory Disclosure
aaaaopen may disclose personal data to Philippine government authorities — including PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and law enforcement — where required by law, court order, or regulatory directive. aaaaopen will, where legally permitted, notify affected Members of such disclosures.
6.3 Business Transfers
In the event of a merger, acquisition, restructuring, or sale of aaaaopen's business or assets, personal data held by aaaaopen may be transferred to the relevant successor entity. In such circumstances, aaaaopen will provide notice to affected Members and ensure that the successor entity continues to process personal data in accordance with this Privacy Policy and applicable law.
aaaaopen's primary data processing infrastructure is located within the Philippines or in jurisdictions that maintain data protection standards compatible with the DPA 2012. Where personal data is transferred to servers or processors located outside the Philippines — for example, in connection with cloud infrastructure or game provider integration — aaaaopen ensures that such transfers are governed by appropriate contractual safeguards, including data processing agreements that impose DPA 2012-equivalent obligations on the receiving party.
aaaaopen will not transfer your personal data to jurisdictions that do not provide an adequate level of data protection without first implementing appropriate safeguards and, where required, obtaining your consent.
aaaaopen retains personal data for the minimum period necessary to fulfill the purposes for which it was collected, subject to applicable legal minimum retention requirements.
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | AMLA, PAGCOR requirements |
| KYC identity documents | 5 years from date of collection or account closure | AMLA (RA 9160 as amended) |
| Financial transaction records | 5 years from transaction date | AMLA; tax regulations |
| Gaming activity records | 3 years from session date | PAGCOR compliance; dispute resolution |
| Customer support communications | 2 years from ticket closure | Legitimate interest |
| Marketing consent records | Duration of consent + 3 years | DPA 2012 — demonstrating consent |
| Security logs (IP, login history) | 90 days (rolling) | Fraud prevention |
Upon expiry of the applicable retention period, aaaaopen will securely delete or anonymize your personal data. Where data cannot be immediately deleted due to backup schedules or system constraints, it will be isolated from active processing until deletion is complete.
aaaaopen implements comprehensive technical and organizational security measures to protect your personal data against unauthorized access, accidental loss, destruction, alteration, or unauthorized disclosure.
Technical Measures
- 256-bit SSL/TLS encryption on all data in transit between your device and aaaaopen's servers
- AES-256 encryption for sensitive data at rest (passwords, payment details, KYC documents)
- Multi-factor authentication (2FA via SMS OTP) available for all Member accounts
- Intrusion detection and prevention systems monitoring server infrastructure
- Automated alerts for unusual login patterns, multiple failed attempts, and geographic anomalies
- Regular penetration testing and vulnerability assessments by independent security professionals
Organizational Measures
- Role-based access controls — staff access to Member personal data is limited to those with a documented operational need
- Data processing agreements in place with all third-party service providers
- Staff training on data privacy obligations under DPA 2012
- Documented data breach response procedure, including NPC notification within 72 hours of a qualifying breach
aaaaopen's platform is strictly restricted to individuals aged 21 years and older, in accordance with Philippine law applicable to casino-style gaming. aaaaopen does not knowingly collect personal data from individuals under 21 years of age.
If aaaaopen discovers that personal data has been collected from a person under 21 years of age — whether through registration, gameplay, or any other means — the associated account will be immediately suspended and all collected personal data will be deleted as promptly as technically feasible, except where retention is required by applicable law.
Parents and guardians who have reason to believe that a minor in their care has registered on aaaaopen should contact support immediately at [email protected]. aaaaopen will investigate the matter and take appropriate action, including account closure and data deletion, without delay.
aaaaopen may send promotional communications — including bonus offers, tournament notifications, VIP tier updates, and seasonal promotions — to Members who have given express consent to receive such communications during registration or through account settings.
11.1 Consent and Opt-Out
Consent to receive marketing communications is entirely optional and voluntary. You may withdraw marketing consent at any time without consequence to your ability to use aaaaopen, by:
- Updating your communication preferences in account settings;
- Clicking the "unsubscribe" link in any marketing email;
- Sending a request to [email protected] with the subject line "Unsubscribe – Marketing."
11.2 Service Communications
Certain communications are not marketing communications and will be sent regardless of your marketing preferences. These include: transaction confirmation messages, security alerts, account verification codes, responsible gaming notifications, and material changes to these policies. These are classified as service communications and are sent on the basis of contract performance and legal obligation.
The aaaaopen platform integrates with third-party services — most notably GCash and Maya for payment processing — which have their own independent privacy policies. When you use these payment integrations, you are subject to the privacy terms of the respective third-party service. aaaaopen is not responsible for the privacy practices of any external platform or service.
aaaaopen does not include external advertising links, affiliate tracking links, or third-party content widgets on the Platform that would result in your data being shared with advertisers or data brokers.
aaaaopen reserves the right to update this Privacy Policy at any time to reflect changes in our data processing practices, legal requirements, or regulatory guidance from the National Privacy Commission. The date of the most recent revision is displayed at the top of this page.
When material amendments are made to this Privacy Policy — particularly those that affect your rights or the purposes for which your data is processed — aaaaopen will notify you via the email address or Philippine mobile number registered on your account, and/or through a prominent notice on the Platform, prior to the changes taking effect.
Continued use of aaaaopen after the effective date of an amended Privacy Policy constitutes your acknowledgment of the updated terms. Where a material amendment requires fresh consent — for example, a new purpose for processing — aaaaopen will obtain that consent explicitly before proceeding.
If you have concerns about how aaaaopen has handled your personal data and are not satisfied with our response, you have the right to lodge a complaint with the National Privacy Commission of the Philippines (NPC) — the government authority responsible for enforcing the Data Privacy Act of 2012.
Before submitting a complaint to the NPC, aaaaopen encourages you to first contact our Data Protection Officer (see Section 15) to allow us the opportunity to resolve the matter directly. Most data-related concerns can be addressed promptly through internal resolution.
The NPC handles complaints from Filipino data subjects relating to violations of the DPA 2012. Information about the NPC's complaint process is available on the NPC's official government website. aaaaopen cooperates fully with NPC investigations and responds to all official NPC inquiries within mandated timeframes.
For any questions, concerns, requests, or complaints relating to this Privacy Policy or aaaaopen's handling of your personal data, please contact our Data Protection Officer:
Email: [email protected]
Subject Line: "Privacy / DPO Request – [Nature of Matter]"
Response Time: Acknowledgment within 3 business days; full response within 30 calendar days
Hours: Customer Support available 24/7; DPO matters addressed during Philippine business hours
When contacting the DPO, please include your registered email address or Philippine mobile number, the nature of your request or concern, and any relevant reference numbers (e.g., transaction IDs, account numbers) where applicable. This helps us locate your records and respond accurately.
aaaaopen is committed to resolving all data privacy matters with transparency, promptness, and respect for your rights under Philippine law.