tayazone Privacy Policy

This Privacy Policy ("Policy") describes how tayazone ("tayazone," "we," "us," or "our") collects, uses, stores, discloses, and protects the personal information of individuals ("you," "your," or "Player") who access or use the tayazone website, mobile platform, and all associated services (collectively, the "Platform").

tayazone is committed to protecting the privacy and personal data of all its players in accordance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, as enforced by the National Privacy Commission (NPC) of the Philippines.

By registering an account, accessing the Platform, or otherwise providing your personal information to tayazone, you acknowledge that you have read and understood this Policy and consent to the collection and processing of your personal data as described herein. If you do not agree with any part of this Policy, you should discontinue use of the Platform immediately.

This Policy should be read alongside tayazone's Terms and Conditions and Responsible Gaming Policy, both of which form part of the overall agreement between you and tayazone.

tayazone collects the following categories of personal data, depending on how you interact with the Platform:

tayazone collects personal data through the following means:

• Direct Interactions: When you register an account, complete identity verification, make a deposit or withdrawal, contact customer support, or respond to a survey or promotion, you directly provide us with personal data.
• Automated Technologies: As you navigate the Platform, we automatically collect technical and usage data through cookies, web beacons, server logs, and similar tracking technologies. Please refer to Section 07 (Cookies & Tracking) for full details.
• Third-Party Sources: We may receive personal data about you from third-party identity verification providers, payment processors (such as GCash and PayMaya), fraud prevention services, and regulatory databases, where permitted by applicable law.
• Publicly Available Sources: In limited circumstances, tayazone may supplement your profile with information from publicly available sources, such as government sanction lists or court records, for AML and fraud prevention purposes.

tayazone uses your personal data for the following purposes:

• Account Management: To create, maintain, and administer your tayazone account, including processing your registration, verifying your identity and age, and managing your account settings.
• Service Delivery: To provide you with access to the games, betting features, promotions, and other services available on the Platform.
• Financial Transactions: To process deposits, withdrawals, and bonus payments, and to maintain accurate financial records in compliance with applicable regulations.
• Legal and Regulatory Compliance: To comply with our obligations under Philippine law, including the Data Privacy Act, PAGCOR regulations, the Anti-Money Laundering Act (AMLA), and related legislation. This includes conducting Know Your Customer (KYC) checks and filing mandatory reports with the AMLC where required.
• Fraud Prevention and Security: To detect, investigate, and prevent fraudulent activity, money laundering, collusion, and other prohibited conduct on the Platform.
• Responsible Gaming: To monitor your gaming activity for signs of problem gambling, to enforce self-exclusion requests, and to administer deposit and session limits you have set.
• Customer Support: To respond to your enquiries, resolve disputes, and provide technical assistance.
• Marketing Communications: To send you promotional offers, bonus notifications, and news about tayazone, where you have provided your consent to receive such communications. You may withdraw this consent at any time.
• Platform Improvement: To analyse usage patterns, conduct research, and improve the functionality, performance, and user experience of the Platform.

tayazone processes your personal data on the following legal bases, as recognised under the Philippine Data Privacy Act of 2012:

• Contractual Necessity: Processing is necessary to perform the contract between you and tayazone — specifically, to provide you with access to the Platform and its services in accordance with our Terms and Conditions.
• Legal Obligation: Processing is required to comply with tayazone's legal obligations under Philippine law, including KYC verification, AML reporting, and regulatory record-keeping requirements.
• Legitimate Interests: Processing is necessary for tayazone's legitimate business interests, including fraud prevention, platform security, and service improvement, provided that such interests are not overridden by your rights and freedoms.
• Consent: For certain processing activities — particularly the sending of marketing communications and the use of non-essential cookies — tayazone relies on your freely given, specific, and informed consent. You have the right to withdraw this consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

tayazone does not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may share your personal data with the following categories of recipients, strictly on a need-to-know basis:

• Regulatory and Law Enforcement Authorities: tayazone is required by law to disclose certain personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other competent Philippine authorities upon lawful request or as mandated by applicable regulations.
• Payment Service Providers: We share financial data with payment processors such as GCash, PayMaya, BPI, BDO, and Metrobank solely for the purpose of processing your deposits and withdrawals.
• Identity Verification Providers: We engage third-party KYC and age verification service providers to assist in verifying your identity and age in compliance with regulatory requirements.
• Technology and Infrastructure Providers: We work with cloud hosting, data analytics, and cybersecurity service providers who process data on our behalf under strict data processing agreements that prohibit them from using your data for any purpose other than providing services to tayazone.
• Game Content Providers: Certain game providers may receive limited technical data (such as session tokens and bet data) necessary to deliver their games on the Platform. These providers are contractually bound to handle such data in accordance with applicable privacy laws.
• Professional Advisers: We may share data with lawyers, auditors, and other professional advisers where necessary for legal, compliance, or financial purposes, subject to professional confidentiality obligations.

tayazone uses cookies and similar tracking technologies to enhance your experience on the Platform, maintain session security, and gather analytics data. The following types of cookies are used:

• Strictly Necessary Cookies: These cookies are essential for the Platform to function correctly. They enable core features such as account login, session management, and security. These cookies cannot be disabled without significantly impairing your ability to use the Platform.
• Performance and Analytics Cookies: These cookies collect anonymised information about how players use the Platform — such as which pages are visited most frequently and how long sessions last — to help us improve the Platform's performance and user experience.
• Functional Cookies: These cookies remember your preferences (such as language settings and display preferences) to provide a more personalised experience.
• Marketing Cookies: With your consent, we may use cookies to deliver relevant promotional content and to measure the effectiveness of our marketing campaigns. You may opt out of marketing cookies at any time through your account settings or browser controls.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform. For detailed information on the specific cookies used by tayazone, please refer to our Cookie Notice, available within the Platform settings.

tayazone implements a comprehensive set of technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include:

• Encryption: All data transmitted between your device and the tayazone Platform is encrypted using industry-standard SSL/TLS protocols. Sensitive data stored on our servers, including financial information and identity documents, is encrypted at rest.
• Access Controls: Access to personal data is restricted to tayazone personnel and authorised third parties who have a legitimate need to access it. All staff with access to personal data are subject to confidentiality obligations and receive regular data privacy training.
• Firewalls and Intrusion Detection: tayazone's infrastructure is protected by enterprise-grade firewalls and intrusion detection systems that monitor for and respond to suspicious activity in real time.
• Regular Security Audits: We conduct periodic security assessments and penetration testing to identify and remediate vulnerabilities in our systems.
• Incident Response: In the event of a personal data breach that poses a risk to your rights and freedoms, tayazone will notify the National Privacy Commission and affected players in accordance with the requirements of the Data Privacy Act.

tayazone retains your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following general retention periods apply:

• Account Data: Retained for the duration of your account and for a period of five (5) years following account closure, in accordance with PAGCOR record-keeping requirements and the Anti-Money Laundering Act.
• Financial Transaction Records: Retained for a minimum of five (5) years from the date of the transaction, as required by the AMLC and applicable tax regulations.
• KYC and Identity Verification Documents: Retained for a minimum of five (5) years following account closure or the completion of the relevant transaction, whichever is later.
• Customer Support Records: Retained for three (3) years from the date of the last interaction, to support dispute resolution and quality assurance.
• Marketing Preferences: Retained until you withdraw your consent or request deletion, subject to any overriding legal retention obligations.
• Technical and Usage Data: Typically retained in identifiable form for up to twelve (12) months, after which it may be anonymised and retained for analytical purposes.

Upon expiry of the applicable retention period, personal data will be securely deleted or anonymised in accordance with tayazone's data disposal procedures.

Under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data held by tayazone:

• Right to Be Informed: You have the right to be informed about how your personal data is collected, used, and processed. This Policy fulfils that obligation.
• Right of Access: You have the right to request a copy of the personal data that tayazone holds about you, along with information about how it is being processed.
• Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data that tayazone holds about you.
• Right to Erasure: You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to tayazone's legal retention obligations.
• Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes at any time. You may also object to processing based on legitimate interests, subject to tayazone's overriding legal or regulatory obligations.
• Right to Data Portability: You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format, and to request that it be transmitted to another data controller where technically feasible.
• Right to Lodge a Complaint: If you believe that tayazone has processed your personal data in violation of the Data Privacy Act, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines.

To exercise any of the above rights, please contact tayazone's Data Protection Officer using the contact details provided in Section 14 of this Policy. tayazone will respond to all verified data subject requests within fifteen (15) business days of receipt.

The tayazone Platform is strictly intended for adults aged 21 years and above, in accordance with Philippine gaming regulations. tayazone does not knowingly collect personal data from individuals under the age of 21.

If tayazone becomes aware that personal data has been collected from a person under 21 years of age, we will take immediate steps to delete that data and close the associated account. If you believe that a minor has registered an account on the Platform, please contact our support team immediately.

tayazone primarily processes and stores personal data within the Philippines. However, in certain circumstances, your personal data may be transferred to and processed in countries outside the Philippines — for example, where tayazone engages cloud infrastructure providers or game content suppliers whose servers are located abroad.

Where such international transfers occur, tayazone ensures that appropriate safeguards are in place to protect your personal data, including:

• Entering into data processing agreements with recipient organisations that impose data protection obligations equivalent to those required under Philippine law.
• Transferring data only to countries or organisations that have been assessed as providing an adequate level of data protection.
• Implementing additional technical safeguards, such as encryption, where the level of protection in the recipient country is assessed as insufficient.

By using the tayazone Platform, you acknowledge and consent to the transfer of your personal data to countries outside the Philippines where necessary for the purposes described in this Policy, subject to the safeguards described above.

tayazone reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or regulatory requirements. When material changes are made, we will notify registered players by posting a prominent notice on the Platform and, where practicable, by sending a notification to your registered email address.

The updated Policy will take effect from the date of publication on the Platform. Your continued use of the tayazone Platform following the publication of an updated Policy constitutes your acknowledgement of the changes. We encourage you to review this Policy periodically to stay informed about how tayazone protects your personal data.

The date of the most recent update is displayed at the top of this page. If you have any questions about changes to this Policy, please contact our Data Protection Officer using the details in Section 14.

tayazone has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with this Policy and the Philippine Data Privacy Act of 2012. If you have any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact our DPO:

Data Protection Officer — tayazone

Email: support@tayazone.app

Subject Line: Data Privacy Request / [Your Full Name]

tayazone aims to acknowledge all data privacy enquiries within three (3) business days and to resolve them fully within fifteen (15) business days. For complex requests, we will keep you informed of progress throughout the process.

If you are not satisfied with tayazone's response to your data privacy concern, you have the right to escalate your complaint to the National Privacy Commission (NPC) of the Philippines, which is the competent supervisory authority for data protection matters in the Philippines.