kitayamachu Privacy Policy

Introduction

kitayamachu ("we," "us," "our") respects the privacy of every individual who interacts with our platform. We are committed to handling personal data responsibly, transparently, and in full compliance with the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, the issuances of the National Privacy Commission (NPC), and any other applicable Philippine laws governing data protection and privacy.

This Privacy Policy sets out in clear, plain language: what personal data kitayamachu collects from players and visitors, the legal basis on which we process it, the purposes for which it is used, with whom it may be shared, how long we retain it, the technical and organisational measures we employ to protect it, and the rights available to you as a data subject under Philippine law.

kitayamachu serves Filipino players across the Philippines — from Metro Manila, Cebu, Davao, Cagayan de Oro, Iloilo, Zamboanga, and beyond. Our data handling practices are designed to reflect the trust our players place in us and the legal obligations owed to them as Filipino citizens protected by RA 10173.

Who We Are — Data Controller

For the purposes of the Data Privacy Act of 2012, kitayamachu is the Personal Information Controller (PIC) in respect of all personal data collected and processed through the kitayamachu platform. A Personal Information Controller is the entity that determines the purposes and means by which personal data is processed.

kitayamachu has appointed a Data Privacy Officer (DPO) responsible for overseeing compliance with RA 10173 and this Privacy Policy. The DPO is the primary point of contact for all data privacy inquiries, requests to exercise data subject rights, and breach-related notifications. Contact details for the DPO are provided in Section 15 of this Policy.

Personal Data We Collect

kitayamachu collects the following categories of personal data from players, depending on the nature of their interaction with the platform:

kitayamachu does not intentionally collect sensitive personal information as defined under Section 3(l) of RA 10173 (such as racial origin, health information, or political affiliations) beyond what is strictly necessary for identity verification and legal compliance purposes.

How We Collect Personal Data

kitayamachu collects personal data through the following means:

• Directly from you: When you register an account, complete the KYC verification process, make a deposit or withdrawal request, contact customer support, participate in promotions, or update your account profile settings.
• Automatically through platform use: When you access kitayamachu, technical data — including IP addresses, device identifiers, browser data, and session behaviour — is collected automatically through server logs, cookies, and similar tracking technologies. See Section 8 for details on cookies.
• From third-party identity verification providers: When you submit government-issued identification for KYC purposes, kitayamachu may use third-party identity verification services to validate the authenticity of your documents. These providers operate under strict confidentiality obligations.
• From payment processors: Transaction confirmation data (including GCash transaction references, bank transfer confirmations, and Maya payment records) is received from our integrated payment processing partners to record deposits and withdrawals accurately.
• From fraud detection and security systems: kitayamachu's platform uses automated systems that analyse login behaviour, device fingerprints, and transaction patterns to detect suspicious activity and protect accounts from unauthorised access.

Legal Basis for Processing Personal Data

Under RA 10173, personal data may only be processed when there is a lawful basis for doing so. kitayamachu processes your personal data on the following legal grounds:

• Performance of a contract: The majority of kitayamachu's data processing activities are necessary to perform the contractual obligations we have to you as a registered player — including operating your Account, processing deposits and withdrawals, delivering gaming services, and administering bonuses.
• Legal obligation: Certain processing activities are required by Philippine law, including KYC and identity verification under anti-money laundering regulations, age verification, and the retention of transaction records for regulatory and tax compliance purposes.
• Legitimate interests: kitayamachu processes certain data on the basis of legitimate interests — including fraud prevention, account security, platform integrity, and responsible gaming monitoring — where those interests are not overridden by your rights and freedoms under RA 10173.
• Consent: Where required by law, kitayamachu will seek your explicit consent before processing certain categories of data or using your data for specific purposes such as direct marketing communications. You may withdraw consent at any time by contacting our DPO.

How We Use Your Personal Data

kitayamachu uses your personal data for the following purposes:

• Account creation and management: To register your Account, maintain account records, authenticate your login sessions, and process Account closure or self-exclusion requests.
• Identity and age verification (KYC): To verify that you are at least 21 years of age as required by PAGCOR's regulations, and to verify your identity in compliance with Philippine anti-money laundering (AML) obligations under Republic Act No. 9160 (Anti-Money Laundering Act) as amended.
• Payment processing: To process deposits from and withdrawals to your registered GCash, Maya, bank, or other payment accounts, and to maintain accurate financial transaction records.
• Delivering gaming services: To provide you access to kitayamachu's game catalog — including live casino, slots, bingo, Fortune Dragon, and sports betting — and to maintain your gaming history and account balance.
• Bonuses and promotions: To administer promotional offers, verify eligibility, track wagering requirements, and detect bonus misuse.
• Customer support: To respond to your inquiries, resolve disputes, process complaints, and maintain communication records for quality assurance.
• Fraud prevention and platform security: To detect, prevent, and investigate cheating, money laundering, account takeover, and other fraudulent or malicious activities on the kitayamachu platform.
• Responsible gaming: To monitor gaming behaviour for indicators of problem gambling and to administer deposit limits, cooling-off periods, and self-exclusion tools.
• Legal and regulatory compliance: To comply with legal obligations under Philippine law, respond to lawful requests from government agencies or courts, and cooperate with PAGCOR's licensing and compliance oversight functions.
• Service improvement: To analyse aggregated and anonymised platform usage data to improve the performance, usability, and content of the kitayamachu platform.

Data Sharing and Disclosure

kitayamachu does not sell, rent, or trade personal data. We share personal data only in the limited circumstances described below, and only to the extent necessary for the stated purpose:

• Payment processors and e-wallet providers: GCash, Maya (PayMaya), GrabPay, BPI, BDO, Metrobank, InstaPay, and other payment partners receive transaction data necessary to process your deposits and withdrawals. These partners operate under their own privacy policies and applicable financial regulations.
• Identity verification providers: Third-party KYC and document verification service providers may receive copies of your identity documents to perform authentication checks on behalf of kitayamachu. These providers are bound by strict confidentiality and data security obligations.
• Fraud detection and analytics services: kitayamachu uses secure, privacy-compliant fraud prevention tools that may process technical data such as device fingerprints and IP addresses to identify suspicious behaviour patterns.
• Regulatory authorities: kitayamachu may disclose personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), or other Philippine government agencies where required by law, regulation, or lawful order.
• Law enforcement: Personal data may be disclosed to Philippine law enforcement agencies where required by a valid court order, subpoena, or equivalent legal process.
• Professional advisors: kitayamachu may share data with legal advisors, auditors, and compliance consultants on a strictly need-to-know basis and under binding confidentiality agreements.

Cookies and Tracking Technologies

The kitayamachu platform uses cookies and similar tracking technologies to ensure the platform functions correctly, to maintain your login session, to detect fraud, and to analyse anonymous usage patterns. The following categories of cookies are used:

• Strictly Necessary Cookies: These are essential to the operation of the kitayamachu platform. They enable core functions such as login session management, security token validation, and load balancing. These cookies cannot be disabled without impairing the functionality of the platform. No consent is required for strictly necessary cookies under applicable law.
• Security Cookies: Used to detect and prevent fraudulent login attempts, account takeover, and other security threats. These cookies record device fingerprints and session data to identify anomalous activity patterns.
• Preference Cookies: Store your platform preferences such as language settings and display options to provide a more personalised experience on subsequent visits.
• Analytics Cookies: kitayamachu uses anonymised, aggregated analytics data to understand how players navigate the platform, which features are most used, and where technical issues may be occurring. These cookies do not identify individual players.

Most web browsers allow you to control cookies through browser settings. You may block or delete cookies; however, disabling strictly necessary cookies may prevent you from logging in to or using the kitayamachu platform. kitayamachu does not use third-party advertising cookies or retargeting cookies that track your activity across external websites.

Data Security

kitayamachu implements comprehensive technical and organisational security measures to protect personal data against unauthorised access, accidental loss, alteration, disclosure, or destruction. Our security infrastructure includes:

• Transport Layer Security (TLS 1.3): All data transmitted between your device and kitayamachu's servers is encrypted using TLS 1.3, the current industry standard for transport-layer encryption.
• 256-bit AES Encryption: Sensitive data stored on kitayamachu's servers, including financial records and identity documents, is encrypted at rest using AES-256 encryption.
• Password Hashing: Player passwords are never stored in plaintext. They are processed through a cryptographic hashing algorithm with salt, ensuring that even in the unlikely event of a server compromise, raw passwords cannot be recovered.
• SMS Two-Factor Authentication (2FA): Players are strongly encouraged to activate SMS 2FA on their kitayamachu Accounts. 2FA significantly reduces the risk of Account takeover by requiring a one-time code sent to a registered Philippine mobile number in addition to the Account password.
• Access Controls: Internal access to player personal data at kitayamachu is restricted on a strict need-to-know basis. Staff with access to sensitive player data are subject to background checks, confidentiality agreements, and regular data privacy training.
• Intrusion Detection and Monitoring: kitayamachu's platform and server infrastructure are monitored continuously for unauthorised access attempts, anomalous traffic patterns, and other security threats.

While kitayamachu employs industry-standard security measures, no data transmission over the internet or electronic storage method can be guaranteed to be 100% secure. Players are encouraged to contribute to their own account security by using strong, unique passwords and enabling 2FA. See the kitayamachu Terms & Conditions for account security obligations.

Data Retention

kitayamachu retains personal data for the minimum period necessary to fulfil the purpose for which it was collected, subject to the retention obligations imposed by applicable Philippine law and regulatory requirements. The following general retention guidelines apply:

• Active Account data: Personal data associated with an active kitayamachu Account is retained for the duration of the Account's existence on the platform.
• Closed Account data: Following Account closure — whether voluntary or for cause — kitayamachu retains personal data for a minimum of five (5) years from the date of closure, in compliance with Philippine AML record-keeping requirements under RA 9160, as amended.
• Financial transaction records: Deposit, withdrawal, and betting transaction records are retained for a minimum of five (5) years from the date of the transaction, as required by applicable Philippine financial regulations.
• KYC documents: Identity verification documents submitted during KYC are retained for the minimum period required by PAGCOR's licensing conditions and RA 9160, not to exceed ten (10) years from last active use, unless a longer period is required by law.
• Customer support records: Communications submitted through support channels are retained for three (3) years from the date of the interaction to facilitate complaint resolution and quality assurance.
• Self-exclusion records: Records of player self-exclusion requests are retained indefinitely to prevent re-registration by self-excluded individuals, in the interest of responsible gaming.

When retention periods expire and no legal obligation to retain the data further exists, kitayamachu will securely delete or anonymise the data using methods that prevent recovery or reconstruction.

Your Rights as a Data Subject

Under the Data Privacy Act of 2012, Filipino players have the following rights with respect to their personal data held by kitayamachu. These rights may be exercised by submitting a written request to our Data Privacy Officer at the contact details in Section 15.

• Right to be Informed: You have the right to be informed that your personal data is being collected and processed, the purposes for which it is being processed, and the scope of the processing — which this Privacy Policy provides.
• Right of Access: You have the right to obtain a copy of the personal data we hold about you, together with information about the purposes for which it is being processed, the categories of data involved, and with whom it has been shared.
• Right to Rectification: You have the right to request correction of inaccurate, incomplete, outdated, false, or unlawfully obtained personal data held by kitayamachu. You may update certain account details directly through Account Settings after login.
• Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal data where: the data is no longer necessary for the purposes for which it was collected; you withdraw consent; the data has been unlawfully processed; or erasure is required by law. This right is subject to kitayamachu's overriding legal obligations to retain certain data as described in Section 10.
• Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interests and your specific situation warrants an objection.
• Right to Data Portability: Where processing is based on consent or contractual necessity, you have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Lodge a Complaint: If you believe kitayamachu has processed your data in violation of RA 10173, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines.

Children's Privacy and Underage Access

The kitayamachu platform is strictly intended for individuals who are at least twenty-one (21) years of age, in accordance with PAGCOR's minimum legal gambling age requirements for the Philippines. kitayamachu does not knowingly collect personal data from individuals under the age of 21.

Age verification is a mandatory component of the kitayamachu registration and KYC process. All Accounts are required to be verified against a valid, government-issued Philippine identification document confirming the Account holder is 21 years of age or older before any real-money gaming or withdrawal activity is permitted.

If kitayamachu becomes aware — through its verification processes, reports from third parties, or any other means — that an Account has been registered by an individual under the age of 21, the Account will be immediately suspended and closed. Any funds on deposit attributable to real-money deposits (excluding bonus credits) will be returned to the payment source following a compliance review.

Parents and guardians who believe that a minor in their household has accessed or registered on kitayamachu should report this immediately to our support team at [email protected]. We take underage access concerns extremely seriously and will act promptly on all credible reports.

Personal Data Breach Notification

A personal data breach is any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored, or otherwise processed by kitayamachu.

In the event that kitayamachu becomes aware of a personal data breach that is reasonably likely to give rise to a real risk of serious harm to affected data subjects, we will take the following steps in accordance with RA 10173 and NPC Circular No. 16-03:

• Immediately contain the breach and prevent further unauthorised access or loss.
• Conduct an assessment of the nature, scope, and likely consequences of the breach.
• Notify the National Privacy Commission (NPC) of the breach within seventy-two (72) hours of becoming aware of it, where the breach is likely to result in serious harm to data subjects.
• Notify affected players directly via their registered email address and/or mobile number, informing them of the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences, and the measures taken or proposed to address the breach and mitigate its effects.
• Document the breach, its effects, and all remedial actions taken, and retain such documentation for review by the NPC or other regulatory authorities.

kitayamachu maintains a dedicated incident response team trained to identify, escalate, and respond to data security incidents promptly and effectively.

Updates to This Privacy Policy

kitayamachu may update this Privacy Policy from time to time to reflect changes in our data processing practices, amendments to applicable Philippine data privacy law, new NPC issuances, changes in our service offering, or for any other legitimate business reason.

The "Last Updated" date at the top of this Policy indicates when the most recent revision was made. Where updates are material — meaning they represent a significant change in how we collect, use, or share personal data — kitayamachu will provide advance notice to registered players via their registered email address and/or a prominent notice on the kitayamachu platform.

Your continued use of the kitayamachu platform following the effective date of a revised Privacy Policy constitutes your acknowledgment of the update. It is your responsibility to review this Policy periodically. If you do not agree with a material change to this Policy, you may request Account closure by contacting our support team.

Contact Information and Data Privacy Officer

For all privacy-related inquiries, requests to exercise data subject rights, concerns about kitayamachu's data handling practices, or reports of suspected data breaches, please contact the kitayamachu Data Privacy Officer:

• Email: [email protected]
• Subject Line: Use "Data Privacy Request" or "Data Subject Rights Request" as applicable
• Acknowledgement: Within 72 hours of receipt
• Response: Within 30 days from receipt of a complete request, or as required by RA 10173
• Languages: English and Filipino

If you are not satisfied with kitayamachu's response to your privacy inquiry or complaint, you have the right to escalate the matter to the National Privacy Commission (NPC) of the Philippines, the government agency responsible for administering and enforcing RA 10173.