This Privacy Policy ("Policy") is issued by bf77 ("the Platform," "we," "us," "our") and applies to all personal data collected, processed, stored, and disclosed through the bf77 online gaming platform accessible at bf77.lat. bf77 acts as the Personal Information Controller (PIC) as defined under Republic Act No. 10173, the Data Privacy Act of 2012, and its implementing rules. This Policy should be read together with bf77's Terms and Conditions and Responsible Gaming Policy. By registering an account or otherwise using the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein.
Scope and Application
This Policy applies to all individuals who interact with the bf77 Platform, including registered Members, visitors to bf77.lat who have not registered, and individuals who contact bf77's customer support team. It governs the collection and processing of personal data through the Platform's website, mobile browser interface, live chat support system, email correspondence, and all associated digital touchpoints.
This Policy does not apply to third-party websites or services linked to or integrated within bf77 under separate service arrangements (e.g., game providers, payment processors), each of which operates under its own privacy practices. bf77 is not responsible for the privacy practices of such third parties and encourages Members to review those parties' policies independently.
Philippine Jurisdiction: The bf77 Platform is operated for and directed at users located in the Philippines. The Data Privacy Act of 2012 (RA 10173) and its Implementing Rules and Regulations issued by the National Privacy Commission (NPC) are the primary data protection framework governing this Policy.
Personal Data We Collect
bf77 collects personal data that is necessary, relevant, and not excessive relative to the purposes for which it is processed. The categories of personal data we collect include:
2.1 Registration and Account Data
- Full legal name as appearing on a Philippine government-issued ID
- Date of birth (for age verification — 21+ requirement)
- Residential address in the Philippines
- Valid Philippine mobile number (Globe, Smart, DITO)
- Email address
- Username and encrypted password
2.2 Identity Verification (KYC) Data
- Scanned or photographed copy of a Philippine government-issued photo ID (PhilSys, driver's license, passport, UMID, SSS, PRC, or voter's ID)
- Selfie photograph taken for biometric liveness verification
- Any supplemental documentation requested during enhanced due diligence reviews
2.3 Financial and Transaction Data
- GCash account number or Maya account number used for deposit and withdrawal
- BPI, BDO, or UnionBank account details provided for bank transfer transactions
- Deposit history, withdrawal history, and transaction amounts in PHP
- Betting activity records including game history, wager amounts, and outcomes
2.4 Technical and Usage Data
- IP address and approximate geolocation at time of login
- Device type, operating system, and browser version
- Session logs including login timestamps, session duration, and pages visited
- Cookies and similar tracking data as described in Section 9
2.5 Communications Data
- Records of live chat conversations with bf77 support agents
- Email correspondence between you and bf77
- Feedback, complaints, and dispute correspondence
| Data Category | Examples | Required? |
|---|---|---|
| Registration Data | Name, DOB, email, mobile number | Mandatory |
| KYC / Identity | Gov't ID, selfie photo | Required for withdrawals |
| Financial Data | GCash number, transaction history | Mandatory for transactions |
| Technical Data | IP address, device info, cookies | Automatic / functional |
| Communications | Chat logs, email records | When you contact us |
How We Collect Your Data
bf77 collects personal data through the following channels and mechanisms:
- Directly from you: When you register an account, complete KYC verification, make a deposit or withdrawal, contact customer support, or participate in promotions.
- Automatically through your use of the Platform: Technical data such as IP addresses, session logs, device identifiers, and browser cookies are collected automatically as you navigate and use bf77.lat.
- From payment processors: Transaction confirmation data is received from GCash, Maya, BPI, BDO, UnionBank, and other payment service providers when you complete financial transactions on the Platform.
- From identity verification services: KYC document processing and biometric liveness verification may involve specialized third-party identity verification providers who process your ID and selfie data under strict data processing agreements with bf77.
- From fraud prevention and AML screening services: bf77 may receive information from sanctions screening databases and fraud intelligence services as required under PAGCOR's anti-money laundering compliance obligations.
Lawful Basis and Purpose of Processing
bf77 processes personal data only where a lawful basis exists under the Data Privacy Act of 2012 and its Implementing Rules. The following table sets out the primary purposes of processing and the lawful basis for each:
| Purpose | Lawful Basis |
|---|---|
| Account registration and management | Performance of contract (Terms & Conditions) |
| Age verification (21+ compliance) | Legal obligation (PAGCOR regulations) |
| Identity verification (KYC) | Legal obligation (AMLA, PAGCOR KYC requirements) |
| Processing deposits and withdrawals | Performance of contract; legal obligation (AML reporting) |
| Fraud detection and prevention | Legitimate interest; legal obligation |
| Customer support and dispute resolution | Performance of contract; legitimate interest |
| Responsible gaming monitoring | Legal obligation (PAGCOR responsible gaming requirements) |
| Platform analytics and improvement | Legitimate interest |
| Marketing communications | Consent (opt-in required; withdrawable at any time) |
| PAGCOR regulatory reporting | Legal obligation |
Marketing Consent: bf77 only sends promotional communications to Members who have affirmatively opted in to receive them. You may withdraw your marketing consent at any time through your account settings or by contacting support — withdrawal of marketing consent does not affect the lawfulness of prior processing or the operation of your account.
Data Sharing and Disclosure
bf77 does not sell, rent, or trade your personal data to any third party for commercial purposes. Your personal information is shared only in the following circumstances and with the following categories of recipients:
5.1 Service Providers and Data Processors
bf77 shares personal data with third-party service providers who process data on our behalf under binding Data Processing Agreements that require them to maintain confidentiality and implement appropriate security measures. These include:
- Identity verification and KYC service providers
- Payment processors (GCash, Maya, BPI, BDO, UnionBank, and USDT network facilitators)
- Game software providers (for game session data necessary to run the games you play)
- Fraud detection and AML screening service providers
- Cloud hosting and IT infrastructure providers
- Customer support platform providers
5.2 Regulatory and Legal Authorities
bf77 is required by law and PAGCOR regulation to disclose certain data to government authorities including PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and law enforcement agencies when required by a valid legal order, warrant, or regulatory direction. bf77 will notify affected Members of such disclosures to the extent permitted by law.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of all or substantially all of bf77's assets, personal data held by bf77 may be transferred to the acquiring entity. Affected Members will be notified prior to any such transfer, and the acquiring entity will be required to honor this Privacy Policy or provide comparable protections.
No Data Sale: bf77 has never sold and will never sell personal data to data brokers, advertisers, or any commercial third parties for targeting or profiling purposes unrelated to the direct operation of the Platform.
International Data Transfers
Some of bf77's service providers — particularly game software providers, cloud infrastructure providers, and KYC technology partners — may be located outside the Philippines. Where personal data is transferred to recipients in jurisdictions outside the Philippines, bf77 ensures that such transfers are protected by:
- Contractual clauses in data processing agreements that impose data protection obligations equivalent to those required under RA 10173
- Transfers only to jurisdictions assessed to provide an adequate level of data protection
- Use of service providers who are certified under recognized international security standards (e.g., ISO 27001, SOC 2 Type II)
Members who wish to obtain further information about the safeguards applied to international data transfers may submit a request to bf77's Data Protection Officer using the contact details in Section 14.
Data Retention and Deletion
bf77 retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. The following retention principles apply:
| Data Type | Retention Period | Basis |
|---|---|---|
| Account and registration data | Duration of account + 5 years | PAGCOR records requirement |
| KYC identity documents | Duration of account + 5 years | AMLA and PAGCOR obligation |
| Financial transaction records | Duration of account + 5 years | AMLA reporting obligation |
| Betting and game history | Duration of account + 3 years | Regulatory audit requirements |
| Support communications | 2 years from last interaction | Dispute resolution; legitimate interest |
| Marketing preferences / consent | Until consent is withdrawn | Consent basis |
| Technical / session logs | 90 days rolling | Security monitoring; fraud detection |
Upon expiry of the applicable retention period, personal data will be securely deleted or anonymized so that it can no longer be attributed to any identifiable individual. Members who request account deletion will have their data processed for deletion subject to the minimum retention periods mandated by law noted above.
Security Measures
bf77 implements appropriate technical and organizational security measures to protect personal data against unauthorized access, disclosure, alteration, loss, or destruction. These measures include:
- 256-bit SSL/TLS encryption for all data transmitted between your browser and bf77's servers
- Encryption of sensitive stored data including passwords (using industry-standard hashing), payment details, and identity documents
- Role-based access controls limiting internal access to personal data on a strict need-to-know basis
- Multi-factor authentication requirements for internal system access by bf77 staff
- Regular security audits and vulnerability assessments conducted by independent security professionals
- Intrusion detection systems and 24/7 security monitoring of platform infrastructure
- Secure deletion protocols for data at end of retention period
- Incident response procedures that meet the NPC's 72-hour breach notification requirement
Data Breach Notification: In the event of a personal data breach that is likely to result in serious harm to affected Members, bf77 will notify both the National Privacy Commission and affected individuals within 72 hours of becoming aware of the breach, as required under the Data Privacy Act and NPC Circular No. 16-03.
Cookies and Tracking Technologies
bf77.lat uses cookies and similar tracking technologies to operate the Platform, maintain your login session, detect fraud, analyze usage patterns, and (where you have consented) deliver relevant promotional content. The categories of cookies used are:
9.1 Strictly Necessary Cookies
These cookies are essential for the Platform to function. They maintain your login session, store your language preferences, and ensure security features operate correctly. These cookies cannot be disabled without preventing core Platform functions from operating.
9.2 Functional Cookies
These cookies remember your preferences — such as your preferred game category, responsible gaming limit settings, and notification preferences — to provide a more personalized experience. They do not track your activity outside of bf77.lat.
9.3 Analytics Cookies
These cookies collect anonymized information about how Members use the Platform — which pages are visited most frequently, how long sessions last, and what features are used — to help bf77 improve the Platform's design and functionality. The data collected is aggregated and does not identify individual users.
9.4 Marketing Cookies
These cookies are only activated where you have given explicit consent to receive personalized marketing communications. They may track your game preferences and promotional engagement to deliver relevant bonus offers. You may withdraw consent for marketing cookies at any time through the cookie preference center accessible from the Platform footer.
Cookie Control: You can manage or disable non-essential cookies through your browser settings at any time. Disabling strictly necessary cookies will impair Platform functionality and may prevent you from logging in or completing transactions. Disabling analytics and marketing cookies will not affect your ability to use the Platform's core features.
Your Rights Under the Data Privacy Act
As a data subject under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data held by bf77. These rights may be exercised by submitting a written request to bf77's Data Protection Officer using the contact information in Section 14:
- Right to be Informed: You have the right to be notified of the manner in which your personal data is being or will be processed, including the purposes, scope, and methods of processing — which is the primary function of this Privacy Policy.
- Right to Access: You have the right to request a copy of the personal data we hold about you, including information about how that data has been used and to whom it has been disclosed.
- Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data. For account data (name, address, contact details), you may update information directly through your account settings for most fields.
- Right to Erasure: You have the right to request the deletion of your personal data where it is no longer necessary for the purpose for which it was collected, subject to bf77's legal obligations to retain data under AMLA and PAGCOR regulations.
- Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes or where processing is based on bf77's legitimate interests, subject to our legal obligations overriding such objection.
- Right to Block or Restrict Processing: You have the right to request that bf77 restrict the processing of your personal data while the accuracy of the data or the legitimacy of the processing is being contested.
- Right to Data Portability: You have the right to receive a copy of the personal data you have provided to bf77 in a structured, commonly used, machine-readable format, where technically feasible.
- Right to Damages: You have the right to seek compensation for damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data, in accordance with RA 10173.
Response Timeframe: bf77 will respond to all valid data subject rights requests within thirty (30) calendar days of receipt. Where additional time is required due to complexity or volume, you will be informed within the initial 30-day period. Identity verification may be required before processing rights requests to ensure we act on genuine instructions from the data subject.
Children's and Minors' Privacy
bf77 does not knowingly collect personal data from individuals under the age of 21. Consistent with PAGCOR's minimum age requirement for online casino-style gambling, the Platform is strictly prohibited to persons under 21 years of age. Registration requires age confirmation, and KYC verification includes date of birth validation against government-issued ID.
If bf77 becomes aware that personal data has been collected from a person under 21 without appropriate consent or in violation of applicable age requirements, that data will be deleted and the associated account closed. If you have reason to believe that a minor has registered or used a bf77 account, please contact our Data Protection Officer immediately using the details in Section 14.
Marketing Communications and Preferences
bf77 sends promotional communications — including bonus offers, new game announcements, VIP tier updates, and platform news — only to Members who have explicitly opted in to receive them. Marketing communications may be delivered via SMS to your registered Philippine mobile number, email, or in-platform notification.
You may manage your marketing preferences at any time through the Notifications section of your bf77 account settings, or by responding to any marketing message with an unsubscribe instruction. Opting out of marketing communications will not affect the operation of your account, your ability to place bets, or the processing of financial transactions.
bf77 does not share your contact details with external advertisers for third-party marketing purposes. All promotional communications sent to you originate from bf77 and relate solely to bf77's own products and services.
Changes to This Privacy Policy
bf77 reserves the right to update or revise this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or regulatory requirements. The most current version of this Policy will always be accessible at bf77.lat/privacy-policy. The "Last Updated" date at the top of this Policy will reflect the date of the most recent revision.
Where changes are material — meaning they significantly alter your rights or the manner in which your personal data is processed — bf77 will notify you by email to your registered address at least fourteen (14) days before the revised Policy takes effect. Your continued use of the Platform after the effective date of a revised Policy constitutes your acceptance of the updated terms, to the extent permitted by the Data Privacy Act.
If you do not agree to the revised Privacy Policy, you should cease using the Platform and may close your account in accordance with the account termination provisions of bf77's Terms and Conditions.
Contact Us and Data Protection Officer
bf77 has designated a Data Protection Officer (DPO) in accordance with the requirements of RA 10173. The DPO is responsible for overseeing bf77's data protection compliance, handling data subject rights requests, and serving as the primary point of contact for the National Privacy Commission on data privacy matters.
To exercise any of your data subject rights under Section 10, to report a suspected privacy concern, or to ask questions about this Privacy Policy, please contact bf77 through the following channels:
- Data Protection Officer: Designated DPO, bf77 Platform — accessible via the email address below for formal data privacy matters.
- Email: [email protected] — use subject line "Data Privacy Request" for rights requests and formal privacy notices.
- Live Chat: Available 24/7 at bf77.lat for general privacy questions and account-related data requests. Response within 5 minutes.
- Regulatory Authority: If you are not satisfied with bf77's response to a data privacy concern, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines at privacy.gov.ph.