Privacy Policy – m.fb001 Casino Philippines

1. Introduction

1.1 This Privacy Policy ("Policy") is issued by the operator of the m.fb001 platform ("m.fb001", "we", "us", or "our") and applies to all personal data collected from individuals ("you", "your", "Player", or "User") who access, register on, or use the m.fb001 website at mfb001.vip and all associated services.

1.2 m.fb001 is committed to protecting the privacy and personal data of all users in accordance with Republic Act No. 10173, the Data Privacy Act of 2012 of the Philippines ("DPA"), its Implementing Rules and Regulations, and the guidelines of the National Privacy Commission ("NPC").

1.3 By accessing the m.fb001 platform or submitting personal data to us through any channel, you acknowledge that you have read, understood, and agreed to the collection and use of your personal data as described in this Policy. This Policy is incorporated into and should be read together with the m.fb001 Terms & Conditions.

1.4 If you do not agree with any part of this Policy, you should not use the m.fb001 platform and should contact our Data Protection Officer to request Account closure and data deletion where applicable.

m.fb001 treats your personal data with the same seriousness as your PHP balance — it belongs to you, and our job is to protect it. This policy explains exactly what we collect, why, and how we keep it safe under Philippine law.

2. Data Controller

2.1 The data controller responsible for the personal data of m.fb001 Players is the legal entity operating the m.fb001 platform under PAGCOR licensing oversight.

2.2 For the purposes of the Philippine Data Privacy Act of 2012, m.fb001 is the "personal information controller" in respect of the personal data of its Players, and processes this data for the purposes described in Section 5 of this Policy.

2.3 Where m.fb001 engages third-party service providers to process personal data on its behalf (for example, payment processors and KYC verification services), those providers act as "personal information processors" under the DPA. m.fb001 maintains data processing agreements with all such processors requiring compliance with DPA standards.

3. Personal Data We Collect

m.fb001 collects the following categories of personal data in the course of providing its services:

Category	Data Points Collected
Identity Data	Full legal name, date of birth, gender, nationality, government ID number and type (e.g., UMID, Driver's License, Passport, PhilSys ePhilID).
Contact Data	Email address, Philippine mobile number (Smart, Globe, or DITO), residential address (city, province).
Account Data	Username or registered identifier, encrypted password hash, account creation date, login timestamps, session data, account tier and VIP status.
KYC & Verification Data	Copies or photographs of government-issued ID documents, selfie photographs submitted for identity verification, KYC status and review timestamps.
Financial Data	GCash account reference, PayMaya account reference, BPI/BDO/Metrobank account identifiers (last four digits only), deposit and withdrawal amounts, transaction timestamps, PHP wallet balance history.
Gaming Activity Data	Games played, bet amounts and outcomes, session durations, win/loss history, bonus usage records, game preferences.
Technical Data	IP address, device type and model, operating system, browser type and version, geolocation data (city level), cookie identifiers, log data.
Communications Data	Customer support chat transcripts, email correspondence, feedback submitted through the platform.
Responsible Gaming Data	Self-imposed deposit, loss, and session limits; self-exclusion status and period; responsible gaming questionnaire responses where provided.

m.fb001 collects only the minimum personal data necessary for each specific purpose. We do not collect sensitive personal information (as defined under the DPA) beyond what is strictly required for KYC and AML compliance purposes.

4. How We Collect Your Data

m.fb001 collects personal data through the following channels:

Direct Registration: When you create an m.fb001 Account, you provide Identity Data, Contact Data, and set up your Account Data directly.
KYC Submission: When you complete identity verification, you upload KYC & Verification Data including government ID photographs.
Payment Transactions: When you deposit or withdraw funds via GCash, PayMaya, BPI, BDO, or Metrobank, Financial Data is generated and recorded.
Platform Use: Gaming Activity Data and Technical Data are collected automatically as you use the m.fb001 platform, through server logs, session tracking, and in-game event recording.
Customer Support Interactions: When you contact m.fb001 via live chat or email, Communications Data is collected and stored.
Cookies and Tracking Technologies: Technical Data is collected via cookies, local storage, and analytics tools as described in Section 9 of this Policy.
Third-Party Verification Services: m.fb001 may receive Identity and KYC verification results from authorised third-party identity verification providers as part of the KYC process.

5. Purpose & Legal Basis for Processing

m.fb001 processes personal data on the following legal bases under the Data Privacy Act of 2012:

Purpose	Legal Basis (DPA s.12/s.13)
Account registration and management	Fulfilment of contractual obligation (Terms & Conditions); legitimate interests of the Operator.
KYC identity verification	Legal obligation (PAGCOR KYC requirements, AMLA compliance); contractual necessity.
Processing deposits and withdrawals	Performance of contract; legal obligation (BSP and PAGCOR payment requirements).
Anti-money laundering (AML) monitoring	Legal obligation under Republic Act No. 9160 (Anti-Money Laundering Act) and its amendments.
Responsible gaming monitoring	Legal obligation (PAGCOR responsible gaming framework); legitimate interests in player protection.
Fraud prevention and security	Legitimate interests of the Operator in protecting the platform and players from fraudulent activity.
Customer support	Performance of contract; legitimate interests.
Platform improvement and analytics	Legitimate interests of the Operator; consent (where required for non-essential analytics cookies).
Direct marketing communications	Consent (you may withdraw consent at any time by updating your notification preferences).

6. Data Sharing & Disclosure

6.1 No Sale of Data. m.fb001 does not sell, rent, trade, or otherwise transfer your personal data to third-party marketers, data brokers, or advertising networks.

6.2 Authorised Third Parties. m.fb001 may share your personal data with the following categories of recipients, solely to the extent necessary for the stated purpose:

Payment Processors: GCash (Mynt/Globe Fintech Innovations Inc.), PayMaya (Voyager Innovations Inc.), BPI, BDO, Metrobank, and Visa/Mastercard network operators — for deposit and withdrawal processing.
KYC Verification Providers: Authorised identity verification service providers performing document and biometric checks on behalf of m.fb001 for PAGCOR KYC compliance.
Cloud Infrastructure Providers: Hosting and data storage service providers operating under data processing agreements requiring DPA-standard protections.
Analytics and Security Providers: Providers of fraud detection, platform security, and anonymised usage analytics tools.

6.3 Regulatory Disclosure. m.fb001 is required by law to disclose personal data to the following authorities where lawfully requested:

PAGCOR — for gaming licence compliance, player complaints, and regulatory audits.
Anti-Money Laundering Council (AMLC) — for Suspicious Transaction Reports (STRs) and Covered Transaction Reports (CTRs) required under the AMLA.
National Privacy Commission (NPC) — in the event of a data breach notification obligation or NPC investigation.
Philippine National Police / NBI — where lawfully compelled by court order or law enforcement directive.

6.4 Business Transfers. In the event of a merger, acquisition, or sale of all or a portion of m.fb001's business, personal data may be transferred to the acquiring entity, subject to equivalent data protection obligations. m.fb001 will notify affected Players via registered email before any such transfer takes effect.

All third-party service providers with whom m.fb001 shares personal data are bound by contractual data processing agreements requiring compliance with the Philippine Data Privacy Act. m.fb001 performs due diligence on the privacy and security practices of all processors before engagement.

7. Data Retention

7.1 m.fb001 retains personal data for as long as is necessary for the purpose for which it was collected, or as required by applicable law, whichever is longer.

7.2 Retention Periods:

Active Account Data: Retained for the lifetime of the Account plus a minimum of 5 years after Account closure, as required by PAGCOR and AMLA regulations.
KYC Documents: Retained for a minimum of 5 years post-Account closure, consistent with AML record-keeping requirements under the AMLA.
Financial Transaction Records: Retained for a minimum of 5 years, consistent with PAGCOR and BSP record-keeping requirements.
Customer Support Communications: Retained for 3 years from the date of the interaction.
Marketing Consent Records: Retained for 2 years from the date of withdrawal of consent, to evidence prior consent compliance.
Technical and Log Data: Retained for 12 months, unless required for an active fraud or security investigation, in which case until investigation conclusion.

7.3 Upon expiry of the applicable retention period, m.fb001 will securely delete or anonymise personal data in a manner that prevents reconstruction or re-identification.

8. Security Measures

8.1 m.fb001 implements appropriate technical and organisational security measures to protect personal data against unauthorised access, loss, destruction, alteration, or disclosure. These measures include:

Transport Security: All data transmitted between Players and the m.fb001 platform is encrypted using TLS 1.2 or higher with 256-bit encryption.
At-Rest Encryption: Sensitive personal data stored in m.fb001 databases is encrypted at rest using industry-standard AES-256 encryption.
Access Controls: Personal data is accessible only to m.fb001 personnel with a documented business need. Role-based access controls, multi-factor authentication, and access logging are implemented across all data systems.
Password Security: Player passwords are stored as salted cryptographic hashes. No m.fb001 staff member can read your password in plain text.
Intrusion Detection: m.fb001's infrastructure is monitored by automated intrusion detection and prevention systems, with security incident response procedures in place.
Penetration Testing: m.fb001's systems are subject to regular third-party security assessments and penetration tests.

8.2 Data Breach Notification. In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected Players, m.fb001 will notify the National Privacy Commission within 72 hours of becoming aware of the breach, and will notify affected Players without undue delay, in accordance with NPC Circular 16-03.

Security is a shared responsibility. You can protect your m.fb001 account by using a strong, unique password, enabling two-factor authentication, and never sharing your login credentials with anyone — including persons claiming to be m.fb001 support staff.

9. Cookies & Tracking Technologies

9.1 The m.fb001 platform uses cookies and similar tracking technologies (local storage, session tokens, device fingerprinting) to operate the platform, maintain your session, and improve user experience.

9.2 Cookie Types Used:

Strictly Necessary Cookies: Required for the platform to function — including session authentication tokens, security cookies, and load balancing identifiers. These cannot be disabled without breaking core functionality.
Functional Cookies: Remember your preferences such as language settings, game lobby view, and notification preferences. These improve your experience but are not essential to platform operation.
Analytics Cookies: Collect anonymised data about how Players use the m.fb001 platform to help us understand usage patterns and improve the service. These are used with your consent.
Security Cookies: Support fraud detection and prevention systems by identifying unusual session behaviour patterns.

9.3 You may manage cookie preferences through your browser settings. Note that disabling strictly necessary cookies will impair your ability to use the m.fb001 platform. m.fb001 does not use third-party advertising cookies or retargeting pixels.

10. Protection of Minors

10.1 The m.fb001 platform is strictly for users aged 21 years and above. m.fb001 does not knowingly collect personal data from individuals under the age of 21.

10.2 Age verification is enforced through the mandatory KYC process. Where m.fb001 discovers that an Account has been registered by a person under 21 years of age, the Account will be immediately suspended, any deposits returned net of withdrawn winnings, and the matter reported to PAGCOR as required by its regulations on underage gambling prevention.

10.3 If you are a parent or guardian and believe your child has registered on the m.fb001 platform without authorisation, please contact our Data Protection Officer immediately using the contact details in Section 13.

11. Your Data Subject Rights

Under the Philippine Data Privacy Act of 2012, you have the following rights in respect of your personal data held by m.fb001:

Right to Be Informed: The right to be informed of how your personal data is being processed, as provided by this Privacy Policy.
Right to Access: The right to obtain a copy of your personal data processed by m.fb001, including the categories of data held, purposes of processing, and recipients.
Right to Correction: The right to request correction of any inaccurate, incomplete, or outdated personal data held by m.fb001.
Right to Erasure: The right to request deletion of your personal data where processing is no longer necessary, subject to legal retention obligations under PAGCOR regulations and the AMLA.
Right to Object: The right to object to processing of your personal data for direct marketing purposes. Such objections will be honoured immediately upon receipt.
Right to Data Portability: The right to receive a copy of personal data you have provided to m.fb001 in a structured, commonly used, machine-readable format.
Right to Lodge a Complaint: The right to lodge a complaint with the National Privacy Commission if you believe your data rights have been violated. The NPC can be reached at privacy.gov.ph.

To exercise any of the above rights, submit a written request to the m.fb001 Data Protection Officer at the contact address in Section 13. m.fb001 will respond within 15 business days of receiving a verified request, consistent with NPC timeframe guidelines.

12. Cross-Border Data Transfers

12.1 Some m.fb001 service providers — particularly cloud infrastructure and analytics providers — may process personal data on servers located outside the Philippines. Where such transfers occur, m.fb001 ensures that appropriate safeguards are in place consistent with NPC requirements for cross-border data transfers under the DPA.

12.2 Safeguards for cross-border transfers include: binding contractual clauses requiring the receiving party to maintain data protection standards equivalent to those required by Philippine law; or transfer to jurisdictions recognised by the NPC as providing adequate data protection.

12.3 Personal data will not be transferred to countries or territories that do not provide adequate protection without your explicit consent or a valid legal basis under the DPA.

13. Data Protection Officer

m.fb001 has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with the Data Privacy Act of 2012 and this Privacy Policy. To exercise your data subject rights, report a privacy concern, or ask any question about this Policy, contact the m.fb001 DPO:

Email: [email protected] (subject line: "Data Privacy Request") — displayed as plain text only
Live Chat: Available via the m.fb001 platform, Mon–Sun, 8:00 AM – 12:00 AM PHT

m.fb001 will verify your identity before processing any data subject rights request. Identity verification is required to protect the security of your personal data and prevent fraudulent access requests from third parties.

Response timeframe: m.fb001 will acknowledge your data request within 2 business days and provide a substantive response within 15 business days. If your request requires additional time due to its complexity, m.fb001 will inform you of the extended timeframe in the acknowledgement.

14. Changes to This Privacy Policy

14.1 m.fb001 reserves the right to amend this Privacy Policy at any time to reflect changes in applicable law, PAGCOR regulations, NPC guidelines, or our data processing practices.

14.2 For material changes — those that meaningfully affect how we use your personal data or your data subject rights — m.fb001 will provide at least 14 days' advance notice by posting the updated Policy on this page and notifying registered Account holders via email to their registered address.

14.3 The "Last Reviewed" date at the top of this Policy reflects the date of the most recent update. Your continued use of the m.fb001 platform after an update takes effect constitutes your acceptance of the revised Policy.

14.4 If you have any questions about changes to this Policy, contact the m.fb001 Data Protection Officer as described in Section 13 before continuing to use the platform.

This Privacy Policy was last reviewed on 1 January 2026. This version supersedes all prior versions of the m.fb001 Privacy Policy. For archived versions, contact our DPO.

m.fb001 Privacy Policy

How m.fb001 Protects Your Data

256-Bit SSL Encryption

We Never Sell Your Data

Philippine Data Privacy Act

Purpose Limitation

Retention & Deletion

Your Rights, Respected

Table of Contents