gopaldo Privacy Policy – How We Handle Your Data

1. Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings set out below:

• "Personal Data" means any information relating to an identified or identifiable natural person, as defined under Republic Act No. 10173 (Data Privacy Act of 2012).
• "Processing" means any operation performed on Personal Data, including collection, recording, storage, use, disclosure, erasure, or destruction.
• "Data Controller" means gopaldo, which determines the purposes and means of Processing Personal Data collected through the Platform.
• "Data Processor" means any third party that Processes Personal Data on behalf of gopaldo under a data processing agreement.
• "NPC" means the National Privacy Commission of the Philippines, the regulatory body responsible for administering and enforcing the Data Privacy Act.
• "Platform" means the gopaldo website accessible at gopaldo.app and all associated services.

2. Personal Data We Collect

2.1 Registration Data

When you create a gopaldo Account, we collect: full legal name, date of birth (to verify age eligibility of 21 years or older), email address, mobile phone number, and chosen username and password (stored in encrypted form — we do not store plain-text passwords).

2.2 KYC and Identity Verification Data

To comply with PAGCOR requirements and Philippine AML obligations, we collect: government-issued identification documents (e.g., Philippine Passport, SSS ID, UMID, Driver's License, PhilSys National ID), selfie photographs for identity verification, proof of address documents, and in certain cases, source-of-funds documentation for high-volume transactions.

2.3 Financial Data

We collect transaction records including deposit amounts, withdrawal requests, GCash and PayMaya account references (mobile numbers), BPI/BDO/Metrobank account details provided for bank transfers, and complete wagering history. We do not store full card numbers or other payment instrument credentials directly — these are handled by our payment service providers under their own security standards.

2.4 Technical and Usage Data

We automatically collect: IP address, device type and operating system, browser type and version, pages visited on the Platform, session duration, login timestamps, geolocation data (country and city level), and clickstream data relating to your navigation of the Platform.

2.5 Communication Data

We retain records of communications you initiate with gopaldo support, including live chat transcripts, email correspondence, and any feedback or complaints submitted through the Platform.

3. How We Collect Your Data

gopaldo collects Personal Data through the following means:

• Directly from you — during registration, KYC verification, deposit/withdrawal requests, support interactions, and any voluntary submission of information through the Platform.
• Automatically — through server logs, cookies, and similar tracking technologies when you access and navigate the Platform.
• From third parties — including identity verification service providers, payment processors (GCash, PayMaya, BPI, BDO, Metrobank), fraud detection services, and, where applicable, PAGCOR regulatory databases.

4. How We Use Your Personal Data

gopaldo uses the Personal Data we collect for the following purposes:

• To create and manage your Account and authenticate your identity at login.
• To verify your age eligibility (21 years and above) and comply with PAGCOR KYC requirements.
• To process deposits, withdrawals, and wagers — including GCash and bank transfer settlement.
• To detect and prevent fraud, money laundering, and other illegal activity in compliance with Republic Act No. 9160 (AMLA) and its amendments.
• To communicate with you regarding your Account, including transaction confirmations, security alerts, and support responses.
• To send promotional communications where you have given explicit consent — you may withdraw this consent at any time.
• To personalise your experience on the Platform, including game recommendations and relevant bonus offers.
• To comply with legal obligations, including reporting duties to PAGCOR, the NPC, and the Anti-Money Laundering Council (AMLC).
• To enforce the gopaldo Terms & Conditions and resolve disputes.
• To operate responsible gaming safeguards, including monitoring for at-risk play patterns and processing self-exclusion requests.

5. Legal Basis for Processing

Under the Data Privacy Act of 2012, gopaldo processes your Personal Data on the following legal bases:

• Contractual necessity: Processing required to perform the Account agreement with you — including registration, game access, and payment processing.
• Legal obligation: Processing required to comply with PAGCOR regulations, the AMLA, the Data Privacy Act, and other applicable Philippine laws.
• Legitimate interests: Processing for fraud prevention, security monitoring, and Platform improvement, where these interests are not overridden by your data protection rights.
• Consent: Processing for marketing communications and non-essential cookies, where you have provided explicit, freely given, and withdrawable consent.

6. Data Sharing and Disclosure

6.1 Service Providers

gopaldo shares Personal Data with carefully selected third-party service providers that assist in operating the Platform. These include: identity verification providers, payment processors, cloud hosting providers, fraud detection services, and customer support platform providers. All processors are bound by data processing agreements requiring them to protect your data to standards equivalent to this Policy.

6.2 Regulatory Authorities

gopaldo will disclose Personal Data to PAGCOR, the NPC, the AMLC, and other Philippine government authorities where required by law, court order, or regulatory directive. We will notify you of such disclosure to the extent permitted by law.

6.3 Game Providers

Third-party game providers integrated into the Platform receive limited technical data (such as Account identifiers and session tokens) necessary to operate games. They do not receive your full personal profile or financial details unless separately required for regulatory compliance by those providers.

6.4 No Sale of Data

gopaldo does not sell, rent, or trade your Personal Data to any third party for their own marketing or commercial purposes. Any data sharing is limited to what is strictly necessary for the purposes described in this Policy.

7. Data Retention

gopaldo retains your Personal Data for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law. Specifically:

• Account and KYC data is retained for a minimum of five (5) years after Account closure, as required under Philippine AML legislation.
• Transaction records are retained for a minimum of five (5) years from the date of the transaction.
• Support communications are retained for three (3) years from the date of the last interaction.
• Technical and usage logs are retained for twelve (12) months from collection, unless required for an ongoing investigation or legal matter.

Upon expiry of the applicable retention period, Personal Data is securely destroyed or anonymised so that it can no longer be associated with an identifiable individual.

8. Cookies and Tracking Technologies

8.1 Types of Cookies Used

gopaldo uses the following categories of cookies on the Platform:

• Strictly necessary cookies: Required for core Platform functionality such as session management, authentication, and security. These cannot be disabled without impairing basic use of the Platform.
• Performance cookies: Collect anonymous data about how users interact with the Platform (page load times, navigation paths) to help us improve user experience.
• Functionality cookies: Remember your preferences such as language settings and previously selected filters to provide a personalised experience.
• Analytics cookies: Used to understand aggregate usage patterns on the Platform. Data is processed in anonymised or pseudonymised form.

8.2 Managing Cookies

You may control non-essential cookies through your browser settings. Disabling certain cookies may affect the functionality of the Platform. Strictly necessary cookies cannot be disabled through browser settings without impacting your ability to use the Platform.

9. Data Security

gopaldo implements a comprehensive set of technical and organisational security measures to protect your Personal Data against unauthorised access, disclosure, alteration, and destruction. These include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and our servers.
• Encrypted storage of sensitive data fields, including passwords (salted and hashed) and KYC documents.
• Role-based access controls ensuring that only authorised personnel with a legitimate business need can access Personal Data.
• Regular penetration testing and security audits by independent third-party security professionals.
• Incident response procedures with notification protocols in compliance with NPC breach notification requirements under the Data Privacy Act.

While gopaldo takes all reasonable precautions, no method of electronic transmission or storage is 100% secure. You are encouraged to use strong, unique passwords and enable two-factor authentication on your Account to reduce the risk of unauthorised access.

10. Your Data Subject Rights

Under the Data Privacy Act of 2012, as a Filipino data subject you have the following rights in relation to your Personal Data held by gopaldo:

• Right to be Informed: The right to be notified of how your Personal Data is collected and processed — fulfilled by this Policy.
• Right of Access: The right to request a copy of the Personal Data we hold about you and information about how it is being processed.
• Right to Rectification: The right to request correction of inaccurate or incomplete Personal Data.
• Right to Erasure / Right to be Forgotten: The right to request deletion of your Personal Data where it is no longer necessary for the purpose for which it was collected, subject to overriding legal retention obligations.
• Right to Object: The right to object to the Processing of your Personal Data for direct marketing purposes or where Processing is based on legitimate interests.
• Right to Data Portability: The right to receive a structured, commonly used copy of your Personal Data for transmission to another data controller, where technically feasible.
• Right to Lodge a Complaint: The right to lodge a complaint with the National Privacy Commission if you believe your data rights have been violated.

To exercise any of the above rights, please contact our Data Protection Officer at [email protected] with the subject line "Data Subject Rights Request." We will respond within thirty (30) days as required under the Data Privacy Act.

11. Minors and Age Restriction

The Platform is strictly for users aged 21 years and above. gopaldo does not knowingly collect Personal Data from persons under 21 years of age. If we discover that Personal Data has been collected from a person below the minimum age, we will immediately terminate the associated Account and delete the data. If you believe a minor has created a gopaldo Account, please contact us immediately at [email protected].

12. International Data Transfers

Some of gopaldo's service providers and game technology partners operate infrastructure located outside the Philippines. Where Personal Data is transferred to countries that may not have an equivalent level of data protection to Philippine law, gopaldo ensures that appropriate safeguards are in place — including contractual data transfer clauses aligned with NPC standards — to protect your data to the same standard as required under the Data Privacy Act.

13. Changes to This Privacy Policy

gopaldo reserves the right to update or modify this Privacy Policy at any time. Where changes are material, we will notify you via the Platform or by email to your registered address at least seven (7) days before the changes take effect. Your continued use of the Platform after the effective date of any revised Policy constitutes your acceptance of those changes. We encourage you to review this Policy periodically to stay informed about how gopaldo protects your data.

14. Contact – Data Protection Officer

For any queries, requests, or concerns relating to this Privacy Policy or the Processing of your Personal Data, please contact the gopaldo Data Protection Officer:

• Email: [email protected] — please use subject line "Privacy / DPO Inquiry"
• Live Chat: Available 24/7 on the Platform — for urgent account data issues

If you are not satisfied with our response, you have the right to escalate your complaint to the National Privacy Commission (NPC) of the Philippines through official NPC channels.