Privacy Policy

Collection of Personal Information

This website, LUCKYCOLA, collects various types of personal information to provide and improve its services, ensure regulatory compliance, and manage user accounts effectively. The categories of personal information we collect are essential for the operational integrity of our gaming and sports betting platform.

• Identity Verification Data: This includes your full legal name, date of birth, gender, and government-issued identification documents (e.g., passport, driver’s license, national ID card). This information is paramount for Know Your Customer (KYC) processes, age verification to prevent underage gambling, and compliance with Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) regulations. The collection of such data is a legal requirement in the Philippines for licensed gaming operators. We may also collect photographic evidence or require video verification in certain circumstances to further validate identity.
• Contact Information: We collect your email address, telephone number (mobile and/or landline), and residential address. This information is used for communication purposes, such as account notifications, service updates, responses to your inquiries, and, with your explicit consent, marketing communications. Accurate contact information is also vital for password recovery and security alerts.
• Financial Information: To facilitate deposits and withdrawals, we collect payment account details, such as credit/debit card numbers (typically the first six and last four digits, expiry date, and cardholder name, but never the full CVV), bank account information (account number, bank name, branch code), and details of e-wallet accounts. We also maintain records of your transaction history, including wagers, wins, losses, deposits, and withdrawals. It is important to note that sensitive payment details like full credit card numbers are often processed directly by our secure third-party payment processors and are not stored on our primary servers.
• Technical Information: When you access our platform, we automatically collect certain technical data. This includes your Internet Protocol (IP) address, browser type and version, operating system, device type, unique device identifiers, time zone setting, browser plug-in types and versions, and language preferences. This data is collected through cookies, server logs, and similar technologies to ensure platform compatibility, enhance security (e.g., fraud detection, identifying suspicious login attempts), and for analytical purposes to improve user experience.
• Usage Data: We gather information about how you use our services. This encompasses your gaming activity (games played, duration of play, sports betting selections, bet amounts, win/loss records), login/logout times, pages visited, features utilized, site navigation patterns, and interaction with customer support. This data helps us personalize your experience, optimize our game offerings, identify areas for improvement, and monitor for responsible gaming concerns.
• Communication Records: We may retain records of communications between you and our platform, including emails, live chat transcripts, and records of telephone calls with our customer support team. This is done for quality assurance, training purposes, dispute resolution, and to maintain an audit trail of interactions.

The collection of this information occurs through various channels: directly from you when you register an account, complete your profile, make transactions, or contact customer support; automatically through your interaction with our platform (e.g., via cookies and server logs); and occasionally from third-party sources such as identity verification services, payment processors, and publicly available databases, strictly for due diligence and compliance purposes. We ensure that any collection from third parties is conducted lawfully and transparently. We are committed to collecting only the data necessary for the specified purposes and to processing it lawfully, fairly, and transparently.

How We Use Your Personal Information

The personal information collected by this website is utilized for a range of specific, legitimate, and predefined purposes, all of which are integral to providing a secure, efficient, and enjoyable online gaming and sports betting experience, while also ensuring compliance with our legal and regulatory obligations in the Philippines.

• Service Provision and Account Management: Your identity, contact, and financial information are primarily used to establish and manage your user account, process your registrations, verify your identity as required by law (KYC/AML), and facilitate your transactions, including deposits, wagers, and withdrawals. This includes authenticating your access to your account, processing bets in sports betting events, and paying out winnings. Usage data helps us tailor the service to your preferences and troubleshoot any technical issues you might encounter.
• Communication: We use your contact information (email address, phone number) to communicate important service-related information. This includes sending confirmations for transactions, notifications about account activity (e.g., password resets, security alerts), updates to our Terms and Conditions or this Privacy Policy, and information about scheduled maintenance or service interruptions. We also use this information to respond to your inquiries, requests, and complaints submitted through our customer support channels.
• Personalization and Service Improvement: Your usage data, technical information, and any feedback you provide are analyzed to understand user preferences, improve the functionality and design of our platform, develop new games and features, and enhance the overall user experience. This may involve creating aggregated and anonymized statistical data to identify trends in game popularity or betting patterns, allowing us to optimize our offerings. We may also use your preferences to recommend games or sports betting markets that might be of interest to you.
• Marketing and Promotions (with consent): Subject to your explicit consent, we may use your contact information and usage data to send you promotional materials, information about special offers, bonuses, new game releases, and other marketing communications related to our services or those of our carefully selected partners. You will always have the option to opt-out of receiving such communications at any time through your account settings or by using the unsubscribe link provided in the communications.
• Security and Fraud Prevention: We process personal information, particularly identity, technical, and financial data, to maintain the security and integrity of our platform and services. This includes detecting and preventing fraudulent activities, unauthorized access, cheating, money laundering, and other illicit or prohibited uses of our platform. IP addresses, device identifiers, and transaction patterns are monitored for suspicious activities.
• Legal and Regulatory Compliance: A significant portion of our data processing is driven by legal and regulatory requirements applicable in the Philippines. This includes verifying your age and identity to prevent underage gambling and combat financial crime, complying with reporting obligations to regulatory bodies (e.g., PAGCOR), and responding to lawful requests from law enforcement agencies or other government authorities. We also use data to promote responsible gaming, which may involve monitoring player activity for signs of problematic gambling behavior and intervening where necessary.
• Dispute Resolution and Enforcement: In the event of disputes, your personal information, including communication records and transaction history, may be used to investigate and resolve such issues. We may also use this information to enforce our Terms and Conditions and other policies.All processing activities are conducted based on lawful grounds, such as the necessity to perform a contract with you (our Terms and Conditions),

compliance with a legal obligation, our legitimate interests (provided they do not override your rights and interests), or your explicit consent for specific purposes like marketing. We strive to be transparent about these uses and ensure that your data is handled responsibly and ethically.

Sharing of Personal Information

This website operates with a commitment to protecting your privacy, and as such, we limit the sharing of your personal information. However, in certain circumstances and to ensure the seamless provision of our services and compliance with legal obligations, we may share your data with specific categories of third parties. All such sharing is conducted under strict confidentiality agreements and in accordance with applicable data protection laws in the Philippines.

• Third-Party Service Providers: We engage various third-party companies and individuals to perform functions on our behalf. These may include:

• Payment Processors: To facilitate secure deposits and withdrawals, we share necessary financial information (e.g., partial card details, bank account information, transaction amounts) with trusted payment gateways and financial institutions. These processors are typically PCI-DSS compliant and have their own robust security measures.
• Identity Verification Services: For KYC, AML, and age verification purposes, we may share your identity data with specialized third-party services that cross-reference your information against official databases. This is a critical part of our regulatory compliance.
• Game Providers: The games offered on our platform are often developed and hosted by third-party software providers. When you play these games, certain usage data and technical information may be shared with them to ensure game functionality, record game outcomes, and troubleshoot issues. They are contractually bound to use this data only for the provision of their services to us.
• IT and Hosting Providers: We utilize third-party services for data hosting, cloud computing, network infrastructure, and IT security. These providers may have access to your data as part of the services they render, but they are obligated to maintain its confidentiality and security.
• Customer Support Platform Providers: If we use third-party software for our live chat or ticketing system, your communication records and contact details may be stored or processed by these providers.
• Marketing and Analytics Partners: With your consent, or where legally permissible for legitimate business analysis, we may share anonymized or aggregated data with marketing and analytics partners to help us understand user trends, measure the effectiveness of our campaigns, and improve our services. Any sharing of identifiable personal information for direct marketing by third parties will only occur with your explicit prior consent.

• Regulatory and Law Enforcement Authorities: We are obligated to share personal information with governmental bodies, regulatory authorities (such as PAGCOR in the Philippines), law enforcement agencies, and other authorized legal entities if required by law, court order, or other legal process. This includes reporting suspicious transactions, cooperating with investigations related to fraud, money laundering, or other criminal activities, and ensuring compliance with our licensing conditions.
• Business Transfers: In the event of a merger, acquisition, sale of assets, reorganization, or bankruptcy, your personal information may be transferred as part of the business assets. We will notify you of any such transfer and any changes to the privacy practices, and where required by law, we will seek your consent. The acquiring entity will be bound by privacy commitments similar to those in this Policy.
• Professional Advisors: We may share your personal information with our professional advisors, such as lawyers, auditors, and consultants, when necessary for them to provide their professional services to us, subject to strict confidentiality obligations.

This website ensures that all third parties with whom we share personal information have adequate data protection measures in place and are contractually bound to process the data only for the specified purposes and in compliance with our instructions and applicable laws. We do not sell your personal information to third parties for their own independent marketing purposes without your explicit consent. We conduct due diligence on our third-party vendors to ensure they meet our security and privacy standards.

Your Rights

This website is committed to upholding your rights concerning your personal information, in line with the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines and other applicable data protection regulations. You have several fundamental rights regarding the data we hold about you:

• The Right to be Informed: You have the right to be informed whether personal data pertaining to you shall be, are being, or have been processed, including the existence of automated decision-making and profiling. This Privacy Policy serves to fulfill this right by outlining our data processing practices.
• The Right of Access: You have the right to request access to the personal information we hold about you. Upon request, we will provide you with a copy of your personal data, information about the sources from which it was obtained, the purposes for its processing, the manner by which it was processed, and the recipients to whom it has been or may be disclosed.
• The Right to Rectification (Correction): If you believe that any personal information we hold about you is inaccurate, incomplete, or outdated, you have the right to request its correction or supplementation. We will take reasonable steps to verify the accuracy of the new information provided before making amendments.
• The Right to Erasure or Blocking (Right to be Forgotten): You have the right to request the suspension, withdrawal, blocking, removal, or destruction of your personal information from our filing system under certain circumstances. This includes situations where the data is incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes, or is no longer necessary for the purposes for which it was collected. However, this right is not absolute and may be subject to legal or regulatory obligations that require us to retain certain data.
• The Right to Object: You have the right to object to the processing of your personal data, including processing for direct marketing, automated processing, or profiling. If you object, we will cease processing your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
• The Right to Data Portability: Where technically feasible, you have the right to obtain a copy of your personal data that we process by automated means in an electronic or structured format that is commonly used and allows for further use by you. This right applies when processing is based on your consent or for the performance of a contract.
• The Right to Lodge a Complaint: You have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines if you believe that your personal information has been misused, maliciously disclosed, or improperly disposed of, or that any of your data privacy rights have been violated.
• The Right to Damages: You may be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data, taking into account any violation of your rights and freedoms as a data subject.
• The Right to Withdraw Consent: Where we rely on your consent to process your personal information (e.g., for certain marketing communications), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact our Data Protection Officer (DPO) or customer support team using the contact details provided on this website. We will respond to your request within the timeframes stipulated by applicable law, typically within one month of receipt of the request. We may require you to provide proof of your identity to ensure that we are dealing with the correct individual. Please note that certain requests may be subject to legal restrictions or exemptions, for example, data retention obligations for AML purposes. We will inform you if any such restrictions apply.

Security Measures

This website takes the security of your personal information extremely seriously and implements a comprehensive range of technical, administrative, and physical security measures designed to protect your data from unauthorized access, disclosure, alteration, loss, or destruction. Our security framework is continuously reviewed and updated to address emerging threats and industry best practices.

• Technical Measures:

• Encryption: We employ strong encryption protocols, such as Secure Socket Layer (SSL)/Transport Layer Security (TLS), to protect data transmitted between your device and our servers. Sensitive data stored within our databases, such as certain financial details and personal identifiers, is also encrypted at rest.
• Firewalls and Intrusion Detection/Prevention Systems: Our network is protected by industry-standard firewalls and sophisticated intrusion detection and prevention systems (IDS/IPS) to monitor and block malicious traffic and unauthorized access attempts.
• Access Controls: Access to personal information is strictly limited to authorized personnel who require it to perform their job duties. We utilize role-based access controls (RBAC), strong authentication mechanisms (including multi-factor authentication where appropriate), and maintain audit logs of access to sensitive data.
• Secure Software Development: Our platform is developed with security in mind, following secure coding practices to minimize vulnerabilities. We conduct regular vulnerability assessments and penetration testing, both internally and through third-party security experts, to identify and remediate potential weaknesses.
• Data Segregation: Where feasible, personal data is segregated from other data types, and production environments are isolated from development and testing environments to reduce risk.

• Administrative and Organizational Measures:

• Privacy and Security Policies: We have established internal policies and procedures governing the handling of personal information, including data classification, incident response, and data breach notification protocols.
• Employee Training: Our employees and relevant contractors undergo regular training on data protection principles, security best practices, and their responsibilities in safeguarding user data. Confidentiality agreements are in place with all personnel who handle personal information.
• Data Minimization: We adhere to the principle of data minimization, collecting and retaining only the personal information that is necessary for the purposes for which it was collected.
• Third-Party Vendor Management: We conduct due diligence on third-party vendors who may process personal information on our behalf to ensure they have adequate security measures in place and comply with our data protection standards. Contractual agreements include data protection clauses obligating them to safeguard the data.
• Incident Response Plan: We have a documented incident response plan to address any potential data breaches or security incidents promptly and effectively. This includes steps for containment, eradication, recovery, and notification to affected individuals and regulatory authorities as required by law.

• Physical Measures:

• Secure Data Centers: Our servers are located in secure data centers that employ robust physical security controls, including restricted access, surveillance, and environmental controls to protect against physical threats.
• Secure Office Environments: Access to our physical offices where personal data might be processed is controlled and monitored.

Despite these comprehensive measures, it is important to acknowledge that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. You also play a crucial role in protecting your information by keeping your login credentials confidential and by being vigilant against phishing attempts and malware. If you suspect any unauthorized access to your account or a breach of your data, please notify us immediately. We are committed to continuously improving our security posture to protect the integrity and confidentiality of your data.

Updates to This Privacy Policy

This website reserves the right to modify or update this Privacy Policy at any time to reflect changes in our data processing practices, service offerings, technological advancements, or applicable legal and regulatory requirements, particularly those within the Philippines. We are committed to ensuring that this Policy remains current and accurately describes how we handle your personal information.When we make changes to this Privacy Policy, we will take appropriate steps to inform you. The manner of notification will depend on the significance of the changes made:

• Material Changes: For any changes that are deemed material – meaning they significantly alter the way we collect, use, or share your personal information, or affect your rights – we will provide a prominent notice. This may include, but is not limited to, posting a clear and conspicuous notification on our website’s homepage, sending an email notification to your registered email address, or displaying an in-platform message when you log in. We will typically provide such notice in advance of the changes taking effect, allowing you an opportunity to review them.
• Minor Changes: For less significant changes, such as typographical corrections, clarifications, or updates that do not materially impact your privacy rights or our data handling practices, we may update the “Last Updated” date at the top of this Privacy Policy.We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information. The latest version of the Privacy Policy will always be accessible on our website, typically via a dedicated link in the website footer or within your account settings. Your continued use of our services after any changes or revisions to this Privacy Policy have been posted (and, where applicable, after you have been notified of material changes) will constitute your acknowledgment and acceptance of the terms of the revised Policy. If you do not agree with any changes to this Policy, you should discontinue your use of our services and may consider exercising your right to have your account closed, subject to any data retention obligations we may have.

We will maintain an archive of previous versions of our Privacy Policy for your review upon request, where feasible. Any dispute over privacy is subject to this Policy and our Terms and Conditions, including limitations on damages and the resolution of disputes. We understand the importance of transparency, and we endeavor to make our policy updates clear and understandable. Should you have any questions regarding changes to this Policy, you are encouraged to contact our Data Protection Officer or customer support team for clarification. Our commitment is to handle your data responsibly and in accordance with the prevailing legal framework and best practices.

Data Retention Policy

This website adheres to a structured Data Retention Policy that governs how long we keep your personal information. Our retention periods are determined by several factors, including the purposes for which the information was collected, our legal and regulatory obligations (especially under Philippine law), operational requirements, and the need to resolve disputes or enforce our agreements. We are committed to retaining personal data only for as long as it is necessary to fulfill these purposes.

• General Principle: Personal information will be retained for the duration of your active relationship with us (i.e., as long as you maintain an account on our platform) and for a specified period thereafter, as required or permitted by law.
• Account Information: Core account information, including your identity verification data (KYC documents), contact details, and transaction history, is typically retained for a significant period after you close your account. This is primarily to comply with Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) regulations, which often mandate a retention period of at least five (5) to seven (7) years (or longer, if stipulated by specific Philippine regulations or directives from bodies like PAGCOR) following the termination of the business relationship or the date of the last transaction. This data is crucial for potential investigations by law enforcement or regulatory authorities.
• Transactional Data: Detailed records of your wagers, sports betting activities, deposits, and withdrawals are maintained for financial auditing, dispute resolution, and regulatory reporting purposes, generally aligning with the retention period for account information.
• Communication Records: Correspondence with customer support (emails, chat logs) may be retained for a period necessary to address ongoing inquiries, resolve disputes, for quality assurance, and training. The retention period for these records will typically be shorter than that for core account data unless relevant to an ongoing legal or regulatory matter.
• Technical and Usage Data: Information like IP addresses, login logs, and website usage patterns, which are collected for security monitoring, fraud prevention, and analytics, may be retained for a shorter period, often between 6 months to 2 years, unless a longer period is required for a specific investigation or legal reason. Aggregated or anonymized analytical data that does not identify individuals may be kept for longer periods for statistical analysis and service improvement.
• Marketing Preferences and Consent Records: Information related to your marketing preferences and records of consent (e.g., for receiving promotional emails) will be kept as long as your account is active or until you withdraw your consent. If you opt-out of marketing, we will retain a record of your preference to ensure we do not contact you for marketing purposes in the future.
• Data Minimization and Deletion: Once the retention period expires and the personal information is no longer required for any legitimate purpose or legal obligation, we will securely delete or anonymize it. Anonymization involves transforming the data so that it can no longer be used to identify you. Secure deletion methods are employed to ensure data is irretrievable.
• Exceptions: In certain circumstances, we may need to retain your personal information for longer periods than stipulated above. This may occur if:

• There is an ongoing legal claim, investigation, or dispute.
• We are required to do so by a court order or a specific directive from a regulatory authority.
• It is necessary for fraud prevention or to protect the security of our systems.
• For responsible gaming purposes, to manage self-exclusions or identify problem gamblers.

We regularly review our data retention schedules to ensure they remain appropriate and compliant with evolving legal standards and business needs. If you have specific questions about the retention period applicable to your personal information, please contact our Data Protection Officer. This policy ensures we do not hold onto your data indefinitely and manage its lifecycle responsibly.

Legal Compliance

This website is firmly committed to operating in full compliance with all applicable laws and regulations governing data privacy, online gaming, and sports betting within its designated service area of the Philippines. Our legal compliance framework is a cornerstone of our operations, ensuring that we conduct our business ethically, transparently, and responsibly, thereby fostering trust with our users and regulatory bodies.

• Philippine Data Privacy Act of 2012 (Republic Act No. 10173): Our primary data protection standard is the Data Privacy Act (DPA) of 2012 and its Implementing Rules and Regulations (IRR). We adhere to the core principles of the DPA, including transparency, legitimate purpose, and proportionality in the collection, processing, and retention of personal data. We have appointed a Data Protection Officer (DPO) as required, implemented necessary security measures, and established procedures to uphold data subject rights as enumerated in the DPA. This Privacy Policy itself is a testament to our commitment to transparency and informing you about your rights and our practices.
• PAGCOR Regulations: As an online entertainment platform potentially operating under or interacting with entities licensed by the Philippine Amusement and Gaming Corporation (PAGCOR), we are mindful of and strive to comply with all relevant PAGCOR rules, regulations, and directives. This includes requirements related to player registration, age verification, Know Your Customer (KYC) procedures, Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) measures, responsible gaming practices, and reporting obligations. Compliance with these regulations often necessitates the collection and processing of specific personal data as outlined in this Policy.
• Anti-Money Laundering Act (AMLA): We comply with the Anti-Money Laundering Act of the Philippines (Republic Act No. 9160, as amended) and its associated regulations. This involves implementing robust customer due diligence (CDD), monitoring transactions for suspicious activities, and reporting such activities to the Anti-Money Laundering Council (AMLC) when legally required. The data collected for KYC and transaction monitoring is critical for AMLA compliance.
• Consumer Protection Laws: We adhere to consumer protection laws applicable in the Philippines, ensuring fair practices, transparent terms and conditions, and avenues for dispute resolution. This includes providing clear information about our services, odds, and payout procedures.
• Cybercrime Prevention Act: We operate in accordance with the Cybercrime Prevention Act of 2012 (Republic Act No. 10175), taking measures to prevent our platform from being used for illegal online activities and cooperating with law enforcement in the investigation of cybercrimes.
• International Cooperation: While our primary service area is the Philippines, we acknowledge that users may access our services from other jurisdictions (where legally permissible). We strive to be aware of international data protection standards and may incorporate best practices where appropriate, although Philippine law remains the governing legal framework for our operations.
• Regular Audits and Reviews: To ensure ongoing compliance, we conduct regular internal audits and reviews of our data processing activities, security measures, and policies. We also engage with external auditors or consultants as necessary to verify our compliance posture.
• Cooperation with Authorities: We are committed to cooperating fully with regulatory authorities, law enforcement agencies, and other competent government bodies in the Philippines, subject to due legal process. This includes responding to lawful requests for information and assisting in investigations.

Our commitment to legal compliance is unwavering. We continuously monitor changes in the legal and regulatory landscape to ensure our practices remain compliant. Users are encouraged to familiarize themselves with the laws applicable in their own jurisdiction regarding online gaming and sports betting. If you have any questions regarding our legal compliance or specific regulatory obligations, please contact our Data Protection Officer.