Privacy Policy – sg7 Casino Philippines

1. Introduction & Scope

This Privacy Policy is issued by sg7 (the "Company," "we," "us," "sg7"), the licensed operator of the online gaming platform accessible at sg7.one. sg7 operates as a Personal Information Controller under the Philippine Data Privacy Act of 2012 (Republic Act No. 10173, hereinafter "DPA") and its Implementing Rules and Regulations, as overseen by the National Privacy Commission (NPC) of the Republic of the Philippines.

This Policy applies to all personal data collected, processed, stored, or shared by sg7 in connection with: (a) your registration and maintenance of a sg7 account; (b) your use of any sg7 gaming product, including live casino, slots, sportsbook, bingo, and specialty games; (c) your financial transactions on the sg7 Platform including deposits and withdrawals via GCash, PayMaya, BPI, BDO, Metrobank, and UnionBank; (d) your interactions with sg7's customer support team; and (e) your browsing of the sg7 website (sg7.one).

By registering an account on sg7, you acknowledge that you have read and understood this Privacy Policy and you consent to the collection and processing of your personal data as described herein. If you do not agree to this Policy, you must not create or use a sg7 account.

Note for Filipino Players: This Policy is written in English in accordance with sg7's operating standards. If you need any provision explained in Filipino, sg7's support team is available 24/7 and can assist you in your preferred language. Your rights under the Data Privacy Act are fully enforceable regardless of the language in which this Policy is written.

2. Personal Data We Collect

sg7 collects the following categories of personal data from Account Holders and Platform visitors. The specific data collected from you at any given time depends on the nature of your interaction with sg7:

Data Category	Specific Data Points	Collection Trigger
Identity Data	Legal full name, date of birth, nationality, gender, government ID type and number	Account registration and KYC verification
Contact Data	Email address, Philippine mobile number, residential address (city and province level)	Account registration and account settings updates
Identity Document Data	Photo or scan of valid Philippine government ID (PhilSys, driver's license, passport, UMID, SSS, PRC, or similar)	KYC verification before first withdrawal
Financial Transaction Data	Deposit and withdrawal amounts, payment method identifiers, transaction timestamps, transaction reference numbers	Each financial transaction on the Platform
Gaming Activity Data	Game history, bet amounts, wager outcomes, session durations, game categories accessed	All wagering activity on the Platform
Technical Data	IP address, device type, browser type and version, operating system, screen resolution, session cookies	All Platform access sessions
Communications Data	Support chat transcripts, emails sent to sg7, complaint records, feedback submissions	Interactions with sg7 support team
Responsible Gaming Data	Deposit limits set, self-exclusion requests, session limit configurations, cool-down period records	Use of responsible gaming tools in Account Settings

sg7 does not collect sensitive personal data beyond what is strictly required for identity verification, fraud prevention, and PAGCOR/AMLC regulatory compliance. sg7 does not collect biometric data, genetic data, health records, or religious and political affiliations from Account Holders.

3. How We Collect Your Data

sg7 collects personal data through the following channels and mechanisms:

Directly from you: Information you provide when completing the sg7 registration form, updating your account settings, submitting KYC documents, initiating deposit or withdrawal transactions, contacting sg7 support, or submitting feedback.
Automatically through Platform interaction: Technical data including your IP address, device identifiers, browser characteristics, and session behavior is automatically recorded by sg7's server infrastructure when you access sg7.one or interact with any sg7 game or service.
Through cookies and similar tracking technologies: sg7 uses session cookies, persistent cookies, and similar technologies to maintain your login session, remember your preferences, and monitor Platform performance. Further detail is provided in Section 7 (Cookies & Tracking).
From payment processors: When you make a deposit or withdrawal via GCash, PayMaya, or a Philippine bank, sg7 receives transaction confirmation data from the payment processor sufficient to verify the transaction and credit or debit your account balance.
From regulatory and fraud prevention databases: To comply with PAGCOR's KYC requirements and Philippine AML regulations, sg7 may cross-reference the identity information you provide against appropriate identity verification and sanctions screening databases.

4. Legal Basis for Processing

Under the Philippine Data Privacy Act, sg7 processes your personal data on the following legal bases:

Contractual necessity: Processing required to register your sg7 account, verify your identity, process your deposits and withdrawals, settle your bets, and deliver sg7's gaming services to you. Without this processing, sg7 cannot provide the services described in the Terms and Conditions.
Legal obligation: Processing required to comply with sg7's legal obligations under PAGCOR's licensing requirements, the Philippine Anti-Money Laundering Act (AMLA), the Terrorism Financing Prevention and Suppression Act, Republic Act No. 10173 (Data Privacy Act), and other applicable Philippine laws and regulations.
Legitimate interests: Processing necessary for sg7's legitimate business interests, including fraud prevention, account security monitoring, Platform performance improvement, and responsible gaming program administration, provided such interests are not overridden by your fundamental rights and freedoms.
Your consent: Processing for marketing communications and personalized promotional offers, which sg7 undertakes only where you have provided explicit, informed, and freely given consent. You may withdraw this consent at any time without affecting your account status or access to sg7's services.

5. How We Use Your Personal Data

sg7 uses the personal data it collects for the following specific purposes:

Account registration and management: Creating your sg7 account, verifying your email and mobile number, managing your account settings, and maintaining your account security including Two-Factor Authentication.
Identity verification (KYC): Verifying your identity and age in compliance with PAGCOR's KYC requirements before activating withdrawal privileges on your account. This process is a legal obligation under Philippine gaming regulations and cannot be waived.
Financial transaction processing: Processing your PHP deposits and withdrawals via GCash, PayMaya, BPI, BDO, Metrobank, UnionBank, and any other accepted payment method. Maintaining your account balance and transaction history accurately.
Gaming service delivery: Facilitating your participation in sg7's casino games, sportsbook, live dealer tables, bingo, and specialty games, recording game outcomes and bet settlements, and maintaining your complete gaming history.
Fraud prevention and AML compliance: Monitoring transactions and account activity for suspicious patterns indicative of fraud, money laundering, or other financial crimes, as required by Philippine AMLC regulations and PAGCOR's operator standards.
Responsible gaming program: Administering the deposit limits, session limits, cool-down periods, and self-exclusion requests that you configure in your account settings. Processing self-exclusion requests and registering excluded players with PAGCOR's exclusion registry.
Customer support: Responding to your account inquiries, complaint submissions, technical issues, and any other support requests. Maintaining records of support interactions for quality assurance and dispute resolution purposes.
Platform security and technical maintenance: Monitoring sg7's technical infrastructure for security incidents, unauthorized access attempts, and performance issues. Investigating and responding to security events affecting Account Holder data.
Marketing communications (consent-based only): Sending promotional emails or SMS messages about sg7 bonuses, new games, and platform features — but only where you have explicitly opted in to receive such communications.

6. Sharing Your Personal Data

sg7 does not sell, rent, or trade your personal data to unaffiliated third parties. sg7 shares your personal data only with the following categories of recipients and only to the extent strictly necessary for the specified purpose:

Payment processors and e-wallet providers: GCash (Mynt / G-Xchange), PayMaya (Voyager Innovations), and Philippine banking partners (BPI, BDO, Metrobank, UnionBank) receive transaction-relevant data necessary to process your deposits and withdrawals.
Identity verification and fraud prevention services: Accredited third-party identity verification and sanctions screening service providers receive the minimum personal data necessary to verify your identity and screen against applicable watchlists in compliance with AML requirements.
Game content providers: sg7's licensed game content providers may receive anonymized session and gameplay data for game performance monitoring and technical troubleshooting purposes. These providers do not receive your personal identity data.
PAGCOR and Philippine regulatory authorities: sg7 is legally obligated to share player data with PAGCOR and other relevant Philippine government agencies (including the AMLC) upon lawful request or as required by ongoing regulatory reporting obligations.
Philippine law enforcement: In compliance with applicable Philippine law, sg7 may disclose personal data to law enforcement authorities where required by lawful legal process, court order, or subpoena.
Professional advisors: sg7's legal counsel, auditors, and compliance consultants may access personal data to the minimum extent necessary for the provision of professional services to sg7, subject to strict confidentiality obligations.

Important: All third parties with whom sg7 shares personal data are required to maintain the confidentiality of that data and to process it only for the specified purpose under data processing agreements consistent with the requirements of the Philippine Data Privacy Act. sg7 remains responsible for ensuring that third-party data processors handle your data in accordance with this Policy and applicable law.

7. Cookies & Tracking Technologies

sg7 uses cookies and similar tracking technologies on the sg7.one website and Platform for the following purposes:

Strictly necessary cookies: Session cookies that are essential for maintaining your logged-in state on the Platform, preserving your game session continuity, and enabling core security features. These cookies cannot be disabled without rendering the Platform non-functional for authenticated users.
Functional cookies: Persistent cookies that remember your Platform preferences, including language settings, display preferences, and responsible gaming tool configurations. These improve your experience on return visits.
Analytics cookies: Anonymized cookies that collect aggregate data about Platform usage patterns — which game categories are most accessed, typical session lengths, navigation flows — to help sg7 improve Platform performance and user experience.
Security cookies: Cookies used to detect fraudulent activity, unauthorized access attempts, and bot traffic patterns. These are a component of sg7's account security infrastructure.

sg7 does not use third-party advertising or cross-site tracking cookies. You can manage cookie preferences through your browser settings. Note that disabling strictly necessary cookies will impair or prevent your ability to use the sg7 Platform.

8. Data Retention

sg7 retains your personal data for the minimum period necessary to fulfill the purpose for which it was collected, or as required by applicable Philippine law, whichever is longer. The following retention periods apply:

Data Category	Retention Period	Basis
Identity and KYC documents	Minimum 5 years from account closure	PAGCOR licensing requirement and AMLA
Financial transaction records	Minimum 5 years from transaction date	AMLC reporting obligations
Gaming activity history	Minimum 3 years from account closure	PAGCOR regulatory record-keeping
Account registration data	Duration of account plus 5 years	Contractual and regulatory necessity
Support communications	3 years from interaction date	Dispute resolution and quality assurance
Marketing consent records	Duration of consent plus 1 year	Proof of lawful processing basis
Self-exclusion records	Indefinite (permanent exclusion)	PAGCOR responsible gaming requirements
Website analytics (anonymized)	24 months rolling	Platform improvement — legitimate interest

Upon expiry of the applicable retention period, personal data will be securely deleted or anonymized in accordance with National Privacy Commission guidance. Data that has been anonymized beyond re-identification is no longer considered personal data under the DPA and may be retained indefinitely for analytical purposes.

9. Data Security

sg7 implements a comprehensive suite of technical and organizational security measures to protect your personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. These measures include:

256-bit SSL/TLS encryption for all data transmitted between your device and sg7's servers
Encryption of personal data and identity documents stored in sg7's databases
Cryptographic hashing of all account passwords — sg7 never stores passwords in recoverable form
Two-Factor Authentication (2FA) available to all Account Holders as an additional account access control
Role-based access controls restricting sg7 employee access to personal data on a strict need-to-know basis
Continuous monitoring of sg7's infrastructure for anomalous access patterns and potential security incidents
Regular security assessments and penetration testing of sg7's Platform and data systems
Employee data privacy and security training consistent with NPC requirements

In the event of a personal data breach that poses a real risk of harm to affected Account Holders, sg7 will notify the National Privacy Commission and affected individuals within 72 hours of discovery, in accordance with NPC's mandatory breach notification requirements.

Your Role in Data Security: While sg7 implements robust technical security measures, the security of your account also depends on you maintaining a strong, unique password, enabling Two-Factor Authentication, and logging out of your account when using shared devices. Never share your sg7 login credentials with anyone — sg7 staff will never ask for your password.

10. Your Data Rights Under Philippine Law

Under the Philippine Data Privacy Act of 2012, you have the following rights in relation to your personal data held by sg7. sg7 will respond to all verified data rights requests within 30 calendar days of receipt:

Right to Access

You may request a copy of all personal data sg7 holds about you, including the purposes for which it is processed and the categories of third parties with whom it has been shared.

Right to Correction

You may request correction of inaccurate, incomplete, or outdated personal data in your sg7 account. Some corrections may require re-verification of your identity through the KYC process.

Right to Erasure

You may request deletion of your personal data where processing is no longer necessary, where you withdraw consent, or where processing is unlawful — subject to sg7's overriding legal retention obligations under PAGCOR and AMLC requirements.

Right to Object

You may object to processing of your personal data for direct marketing purposes at any time. You may also object to processing based on sg7's legitimate interests where your fundamental rights override those interests.

Right to Data Portability

You may request that sg7 provide your personal data in a structured, commonly used, and machine-readable format, allowing you to transmit it to another personal information controller where technically feasible.

Right to Lodge a Complaint

If you believe sg7 has processed your personal data in violation of the Data Privacy Act, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines at privacy.gov.ph.

To exercise any of the above rights, contact sg7's Data Protection Officer (DPO) using the contact details in Section 14. Requests must include sufficient information to verify your identity before sg7 can process them. sg7 does not charge fees for good-faith data rights requests.

11. Children's Privacy

The sg7 Platform is strictly limited to persons aged 21 years and above, in accordance with PAGCOR's minimum age requirements for Philippine online gaming platforms. sg7 does not knowingly collect, process, or retain personal data from individuals under the age of 21.

If sg7 discovers that an account has been registered by or on behalf of a person under 21, sg7 will immediately close the account, delete the associated personal data to the extent not required for regulatory reporting purposes, and report the incident to PAGCOR as required under our licensing conditions.

If you are a parent or guardian and believe that a person under 21 in your care has registered a sg7 account without authorization, please contact sg7 support immediately via live chat on sg7.one. sg7 will investigate and close the account without delay.

12. Cross-Border Data Transfers

sg7 is a Philippines-based operator and processes the majority of its data within Philippine jurisdiction. However, some of sg7's service providers — including certain game content providers, cloud infrastructure partners, and identity verification services — may process data in jurisdictions outside the Philippines.

Where sg7 transfers personal data to a jurisdiction outside the Philippines, sg7 ensures that adequate data protection safeguards are in place consistent with the National Privacy Commission's requirements for cross-border data flows. These safeguards include: (a) transfers to jurisdictions that the NPC has recognized as providing adequate data protection; (b) contractual clauses requiring recipient entities to comply with data protection standards equivalent to Philippine law; or (c) other transfer mechanisms recognized by the NPC.

sg7 does not transfer KYC identity documents or sensitive financial data to jurisdictions that do not meet the NPC's adequacy standards, except where required by Philippine law for specific regulatory compliance purposes.

13. Amendments to This Privacy Policy

sg7 reserves the right to update, amend, or revise this Privacy Policy from time to time to reflect changes in applicable law, NPC guidance, PAGCOR regulatory requirements, or sg7's data processing practices.

Where a material amendment is made — particularly any change that reduces your data rights or expands the categories of data sg7 collects or the purposes for which it is used — sg7 will provide no less than 14 days' advance notice to Account Holders via the email address registered on their account, or via a prominent notice on the sg7 Platform, before the amendment takes effect.

Your continued use of the sg7 Platform following the effective date of any amended Privacy Policy constitutes your acknowledgment of the revised Policy. If you do not accept the amended Policy, you must discontinue use of the Platform and request account closure before the effective date.

The current version of this Privacy Policy is always accessible at sg7.one/privacy-policy. The effective date displayed at the top of this document identifies the version currently in force.

14. Contact Us & Data Protection Officer

sg7 has designated a Data Protection Officer (DPO) in compliance with Section 21 of the Philippine Data Privacy Act. The DPO is responsible for overseeing sg7's compliance with the DPA, its Implementing Rules and Regulations, and NPC issuances, and serves as the primary point of contact for data rights requests and privacy inquiries.

sg7 Data Protection Officer
Platform: sg7.one
Email (DPO inquiries): support at sg7.one — Subject line: "DPO / Privacy Inquiry"
Support (general): Available 24/7 via live chat on sg7.one — English and Filipino
Regulatory Oversight: National Privacy Commission (NPC) — privacy.gov.ph
Gaming Regulator: Philippine Amusement and Gaming Corporation (PAGCOR)

For all data rights requests (access, correction, erasure, objection, portability), please contact sg7's DPO via the email address above, including your registered sg7 account email and a description of your request. sg7 aims to acknowledge all privacy requests within 48 hours and provide a substantive response within 30 calendar days.

This Privacy Policy was last reviewed and updated by sg7's Data Protection Officer on the effective date shown above. The English-language version is the authoritative text of this Policy.

sg7 Privacy Policy

Your Privacy at a Glance

Your Data Is Encrypted

We Don't Sell Your Data

You Control Your Data

PAGCOR KYC Compliance

You Can Opt Out of Marketing

Philippine Law Protects You