1Introduction
1.1 helslot operates an online gaming platform serving the Philippine market, offering casino games, sports betting, bingo, and related entertainment services to eligible Filipino players. In the course of providing these services, helslot necessarily collects and processes personal information about account holders and platform visitors.
1.2 helslot recognizes the importance of data privacy to Filipino players and is committed to handling all personal information responsibly, transparently, and in full compliance with applicable Philippine data protection law. This Privacy Policy applies to all personal data processed by helslot in connection with the helslot platform, whether collected online, via mobile interface, or through interactions with helslot's customer support team.
1.3 By registering an account on helslot or continuing to use the platform after the effective date of this Privacy Policy, you acknowledge that you have read and understood this Policy and consent to the collection and processing of your personal data as described herein. Where consent is the legal basis for a particular processing activity, you may withdraw that consent at any time, subject to the provisions of Section 12 (Your Data Subject Rights).
1.4 This Privacy Policy should be read in conjunction with helslot's Terms and Conditions, which govern your contractual relationship with helslot as a platform user. In the event of any conflict between this Privacy Policy and the Terms and Conditions with respect to data privacy matters, this Privacy Policy shall prevail.
2Data Controller
2.1 For the purposes of the Philippine Data Privacy Act of 2012 and its Implementing Rules and Regulations, helslot is the personal information controller in respect of all personal data processed in connection with the helslot platform. As personal information controller, helslot determines the purposes and means of processing personal data collected through the platform.
2.2 helslot's designated Data Protection Officer (DPO) oversees compliance with data protection obligations and serves as the primary point of contact for data subject inquiries. Contact details for the helslot DPO are provided in Section 16 of this Policy.
2.3 Where helslot engages third-party service providers to process personal data on its behalf — such as payment processors, KYC verification services, or cloud infrastructure providers — those third parties act as personal information processors under helslot's direction and are contractually required to process personal data only in accordance with helslot's instructions and this Privacy Policy.
3Personal Data We Collect
3.1 helslot collects the following categories of personal data from account holders and platform users, to the extent applicable and necessary for the stated purposes:
| Data Category | Specific Data Points | When Collected |
|---|---|---|
| Identity Data | Full legal name, date of birth, gender, nationality, government ID type and number | Registration and KYC verification |
| Contact Data | Philippine mobile number, email address, residential address | Registration and KYC verification |
| Financial Data | GCash account reference, Maya account reference, bank account name and number (for withdrawal), transaction amounts and history | Deposit and withdrawal processing |
| Verification Documents | Philippine government-issued ID images, selfie photographs, proof of address documents | KYC verification |
| Gaming Activity Data | Game session records, wager amounts, win/loss outcomes, bonus usage, betting history | Throughout platform use |
| Technical Data | IP address, device type and identifier, browser type and version, operating system, session timestamps, login history | Platform access and login |
| Communications Data | Customer support interactions (chat transcripts, email correspondence), complaint records | Support interactions |
| Preference Data | Responsible gaming settings (deposit limits, session controls, self-exclusion status), marketing preferences, language and notification settings | Account settings and responsible gaming tools |
3.2 helslot does not intentionally collect sensitive personal information — such as racial or ethnic origin, political opinions, religious beliefs, or health data — except where directly relevant to responsible gaming assessments conducted at the Player's own instigation (for example, a self-disclosure of a gambling problem submitted when requesting self-exclusion). Such sensitive information is handled with heightened protection and is used solely for the stated responsible gaming purpose.
4How We Collect Personal Data
4.1 helslot collects personal data through the following channels and mechanisms:
4.2 Direct Collection from You
- Information provided during account registration on the helslot platform;
- Identity and address documents submitted during KYC verification;
- Payment information provided during deposit and withdrawal transactions;
- Responsible gaming preferences set within account settings;
- Information submitted through customer support interactions, including live chat, email, and complaint forms;
- Survey responses or feedback submitted voluntarily to helslot.
4.3 Automated Collection During Platform Use
- Technical data collected automatically when you access the helslot platform, including IP address, device identifiers, browser fingerprint, and session timing data;
- Gaming activity data generated as a natural byproduct of gameplay, including wager records, game outcomes, and session durations;
- Cookie and similar tracking data collected through the platform's cookie mechanism (see Section 11).
4.4 Collection from Third Parties
- Identity verification results from third-party KYC service providers engaged by helslot to assist with document authentication and age verification;
- Transaction confirmation data from payment processors including GCash, Maya, and Philippine banking partners;
- Fraud and risk signals from anti-fraud and compliance service providers engaged by helslot to protect the platform and its players;
- Regulatory data from PAGCOR or other Philippine government bodies where required by applicable regulation.
5Purposes of Data Processing
5.1 helslot processes your personal data for the following specific purposes:
- Account Registration and Management: To create and maintain your helslot account, authenticate your identity at login, and manage your account settings and preferences throughout the lifecycle of your account.
- Age Verification and Eligibility Confirmation: To verify that you meet the 21-year minimum age requirement mandated by PAGCOR regulations before permitting real-money gaming activity on your account.
- Payment Processing: To process deposit transactions from GCash, Maya, BPI, BDO, Metrobank, and other supported Philippine payment methods, and to process verified withdrawal requests to your nominated payment account.
- KYC and Anti-Money Laundering Compliance: To fulfil helslot's obligations under Philippine anti-money laundering law (Republic Act 9160 as amended) and PAGCOR regulatory requirements, including identity verification, transaction monitoring, and suspicious transaction reporting.
- Provision of Gaming Services: To operate the helslot gaming platform, process wagers, calculate outcomes, award winnings, apply bonuses, and deliver the full range of gaming entertainment services available on the platform.
- Responsible Gaming: To administer responsible gaming tools including deposit limits, session controls, reality checks, and self-exclusion — and to monitor gaming activity patterns that may indicate problem gambling behavior warranting proactive intervention.
- Customer Support: To respond to inquiries, resolve disputes, investigate complaints, and provide technical assistance to helslot account holders.
- Security and Fraud Prevention: To detect, investigate, and prevent fraudulent activity, account takeover attempts, collusion, bonus abuse, and other conduct that violates helslot's Terms and Conditions or applicable Philippine law.
- Platform Improvement: To analyze aggregated usage data for the purpose of improving the helslot platform's performance, user experience, and game content offering.
- Legal Compliance and Regulatory Reporting: To comply with helslot's legal obligations under Philippine law, including PAGCOR reporting requirements, court orders, and lawful requests from Philippine law enforcement agencies.
- Marketing Communications (with consent): To send promotional offers, bonus announcements, and gaming updates to Players who have consented to receive marketing communications from helslot. Marketing communications can be opted out of at any time.
6Legal Basis for Processing
6.1 helslot processes personal data on the following legal bases as recognized under the Philippine Data Privacy Act of 2012:
- Contract Performance: Processing necessary to fulfil our contractual obligations to you as a helslot account holder — including account management, payment processing, and provision of gaming services — is carried out on the basis of contractual necessity.
- Legal Obligation: Processing required to comply with helslot's obligations under Philippine law — including PAGCOR regulations, anti-money laundering requirements, and tax reporting obligations — is carried out on the basis of legal obligation compliance.
- Legitimate Interests: Processing conducted for fraud prevention, platform security, responsible gaming monitoring, and internal analytics is carried out on the basis of helslot's legitimate interests, where those interests are not overridden by your fundamental rights and freedoms.
- Consent: Processing for the purpose of marketing communications and certain optional data sharing arrangements is carried out on the basis of your freely given, specific, informed, and unambiguous consent. You may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
7Data Sharing & Disclosure
7.1 helslot does not sell, rent, or trade your personal data to third parties for commercial purposes. helslot shares personal data only in the following circumstances and with the following categories of recipients:
7.2 Payment Processors
helslot shares transaction data with Philippine payment service providers — including GCash (G-Xchange Inc.), Maya (PayMaya Philippines Inc.), BPI, BDO, Metrobank, Coins.ph, and 7-Eleven's Cliqq payment service — to the extent necessary to process your deposit and withdrawal transactions. These providers are independent data controllers in respect of the payment processing services they render and are governed by their own privacy policies.
7.3 KYC and Compliance Service Providers
helslot engages third-party KYC verification and compliance service providers to assist with identity document authentication, age verification, and anti-money laundering screening. These providers process personal data strictly as personal information processors under helslot's direction and are prohibited from using your data for any other purpose.
7.4 Regulatory and Law Enforcement Bodies
helslot may disclose personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), the Bureau of Internal Revenue (BIR), Philippine law enforcement agencies, or Philippine courts when required to do so by applicable law, a valid court order, or a lawful directive from a competent Philippine authority. helslot will notify you of such disclosures where legally permitted to do so.
7.5 Technology and Infrastructure Providers
helslot uses cloud computing infrastructure, cybersecurity services, and gaming technology platforms provided by third-party technology companies. These providers may process personal data as a technical byproduct of providing infrastructure services to helslot and are required by contract to implement appropriate data security measures and to process personal data only in accordance with helslot's instructions.
7.6 Business Succession
In the event of a merger, acquisition, restructuring, or transfer of helslot's business or assets, personal data held by helslot may be transferred to the successor entity as part of the transaction. Affected players will be notified of any such transfer and of any material changes to this Privacy Policy that result from it.
8International Data Transfers
8.1 helslot primarily stores and processes personal data within the Philippines. Where the use of third-party technology infrastructure or service providers results in personal data being processed or stored in jurisdictions outside the Philippines, helslot ensures that such transfers are conducted in accordance with the requirements of the Philippine Data Privacy Act and its Implementing Rules and Regulations.
8.2 International transfers of personal data by helslot are conducted only where one or more of the following conditions is satisfied: the recipient country provides an adequate level of data protection as recognized under Philippine data privacy law; the transfer is governed by appropriate contractual safeguards including data processing agreements that impose obligations equivalent to those under Philippine law; or the transfer is necessary for the performance of a contract between you and helslot.
8.3 helslot conducts transfer impact assessments for cross-border data flows to ensure that your personal data receives an equivalent level of protection outside the Philippines as it does within it.
9Data Retention
9.1 helslot retains personal data for the period necessary to fulfil the purposes for which it was collected, having regard to the nature of the data, the purposes of processing, and helslot's legal obligations. The following retention periods apply as general guidelines:
- Account Data: Retained for the duration of your active helslot account and for a period of five (5) years following account closure, in accordance with Philippine anti-money laundering record-keeping requirements (Republic Act 9160 as amended by RA 10365).
- KYC Documents: Retained for a minimum of five (5) years following the completion of the relevant transaction or customer relationship, in accordance with PAGCOR and AMLC requirements.
- Transaction Records: Retained for five (5) years in accordance with anti-money laundering and PAGCOR regulatory retention requirements.
- Gaming Activity Records: Retained for a minimum of three (3) years for the purpose of dispute resolution, regulatory audits, and responsible gaming monitoring.
- Customer Support Communications: Retained for three (3) years from the date of the final communication, for the purpose of dispute resolution and quality assurance.
- Marketing Consent Records: Retained for the duration of the consent and for three (3) years following withdrawal of consent, as evidence of consent having been obtained and of its withdrawal.
- Technical Logs: Retained for twelve (12) months for security monitoring and incident investigation purposes.
9.2 Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymized such that it can no longer be attributed to any identifiable individual. helslot's data retention schedule is reviewed periodically to ensure continued compliance with applicable Philippine regulatory requirements.
10Data Security
10.1 helslot implements a comprehensive set of technical, organizational, and physical security measures designed to protect personal data against unauthorized access, accidental loss, destruction, alteration, disclosure, or misuse. These measures are regularly reviewed and updated in line with evolving security best practices and the risk profile of the helslot platform.
10.2 Technical Measures
- SSL/TLS encryption for all data transmitted between your device and helslot's servers, including login credentials, payment information, and personal data submitted via the platform;
- Encryption of sensitive data fields — including passwords and payment account references — at rest using industry-standard cryptographic algorithms;
- Multi-factor authentication options for account access, including OTP verification via registered Philippine mobile numbers;
- Firewall protection, intrusion detection systems, and continuous security monitoring of helslot's server infrastructure;
- Regular security vulnerability assessments and penetration testing conducted by qualified security professionals.
10.3 Organizational Measures
- Role-based access controls limiting access to personal data to helslot personnel who require such access for their specific job functions;
- Mandatory data privacy and security training for all helslot personnel who handle personal data;
- Documented incident response procedures for handling personal data breaches, including notification protocols consistent with National Privacy Commission requirements;
- Data processing agreements with all third-party processors requiring equivalent security standards.
10.4 Notwithstanding the foregoing security measures, no online platform can guarantee absolute security against all possible threats. helslot encourages all Players to use strong, unique passwords for their helslot accounts, to enable two-factor authentication, and to notify helslot immediately upon becoming aware of any unauthorized activity on their account.
11Cookies & Tracking Technologies
11.1 helslot uses cookies and similar tracking technologies on the helslot platform for the purposes described in this Section. A cookie is a small text file stored on your device by your web browser that enables the platform to recognize your browser or device on subsequent visits.
11.2 Categories of Cookies Used by helslot
- Strictly Necessary Cookies: These cookies are required for the helslot platform to function correctly. They enable core functionality such as session management, authentication state maintenance, and security features. These cookies cannot be disabled without impairing platform functionality.
- Functional Cookies: These cookies remember your preferences — such as language settings, responsible gaming limit configurations, and game display preferences — to provide a more personalized experience. They are set on the basis of your choices within account settings.
- Analytics Cookies: helslot uses analytics cookies to understand how players interact with the platform, which features are most used, and where performance improvements can be made. Analytics data is aggregated and anonymized where possible. Players may opt out of analytics cookies via the platform's cookie preference center.
- Security Cookies: These cookies are used by helslot's fraud detection and security infrastructure to identify suspicious activity, unusual login patterns, and potential account compromise attempts.
11.2 helslot does not use third-party advertising or behavioral targeting cookies. No personal data collected through helslot's cookie mechanisms is shared with advertising networks or used to serve targeted advertising.
12Your Data Subject Rights
12.1 As a data subject under the Philippine Data Privacy Act of 2012 (Republic Act 10173), you have the following rights with respect to your personal data held by helslot. These rights may be exercised by submitting a request to the helslot Data Protection Officer using the contact details in Section 16.
Right to Access
You have the right to obtain confirmation of whether helslot holds personal data about you and to receive a copy of that data, along with information about how it is processed.
Right to Rectification
You have the right to request correction of inaccurate personal data held about you by helslot. Certain account data can be updated directly in your account settings without contacting support.
Right to Erasure
You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to helslot's legal retention obligations under Philippine law.
Right to Object
You have the right to object to the processing of your personal data on grounds of legitimate interests or for direct marketing purposes. An objection to direct marketing processing will always be honored.
Right to Data Portability
You have the right to receive a copy of your personal data provided to helslot in a structured, machine-readable format, and to request its transmission to another controller where technically feasible.
Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.
Right to File a Complaint
You have the right to lodge a complaint with the Philippine National Privacy Commission (NPC) if you believe helslot has violated your data privacy rights under RA 10173.
Right to Be Informed
You have the right to be informed of the existence of processing of your personal data, the purposes and manner of processing, and the basis on which data is being processed — all of which are addressed in this Privacy Policy.
12.2 helslot will respond to data subject rights requests within thirty (30) calendar days of receipt of a valid request. Where a request is complex or involves multiple data subject rights, helslot may extend this period by a further thirty (30) days, with notification to the requestor. helslot reserves the right to request proof of identity before processing a data subject rights request to protect against unauthorized requests from third parties claiming to act on your behalf.
13Minors & Age Policy
13.1 The helslot platform is strictly prohibited for use by individuals under the age of 21 years, in accordance with PAGCOR regulations governing online gaming in the Philippines. helslot does not knowingly collect personal data from individuals under the age of 21.
13.2 Age verification is conducted as part of the registration process and, where required, through formal KYC document submission. Where helslot becomes aware that personal data has been collected from an individual who was under 21 years of age at the time of collection, that data will be deleted immediately and the associated account will be closed. Any winnings generated during the period of underage access will be forfeited as required by PAGCOR regulations.
13.3 Parents and guardians who become aware that a minor under their care has registered an account or is accessing the helslot platform should contact helslot's support team or Data Protection Officer immediately so that the account can be closed and the associated personal data deleted. helslot takes underage access extremely seriously and will act promptly on all such notifications.
14Third-Party Services & Links
14.1 The helslot platform integrates third-party payment services operated by GCash, Maya, Philippine banking partners, and other payment providers to facilitate deposits and withdrawals. These third-party payment services are subject to the privacy policies of the respective providers. helslot is not responsible for the data processing practices of these independent third-party service operators.
14.2 helslot's gaming content library includes games provided by third-party software studios. Game session data generated during play is recorded by helslot's platform systems. helslot's content studio partners may also receive aggregated, anonymized gaming performance data for the purposes of game optimization and RTP certification.
14.3 helslot does not embed social media tracking pixels, advertising network tags, or third-party analytics code that transmits identifiable personal data to external commercial entities without your knowledge. helslot's analytics capabilities are operated as first-party tools under helslot's direct control.
15Amendments to This Privacy Policy
15.1 helslot reserves the right to update and amend this Privacy Policy from time to time to reflect changes in our data processing practices, evolving Philippine data privacy law, updates to PAGCOR regulations, or improvements to our privacy governance framework. The effective date at the top of this Policy indicates when the current version was last updated.
15.2 For material changes to this Privacy Policy — particularly those that affect your data subject rights or the purposes for which we process your personal data — helslot will provide advance notice through one or more of the following channels: a notification to your registered email address, an in-platform notification upon your next login, or a prominent notice on the helslot website.
15.3 Continued use of the helslot platform after the effective date of an updated Privacy Policy constitutes acknowledgment of the updated Policy. If you do not agree with any material change to this Policy, you may close your helslot account by contacting the support team. Account closure does not affect helslot's lawful obligation to retain certain records under Philippine law for the applicable retention periods.
15.4 The current version of this Privacy Policy is always accessible at helslot.app/privacy-policy. helslot recommends that all Players review this Policy periodically to stay informed of how their personal data is being handled.
16Contact & Data Protection Officer
16.1 For all matters relating to data privacy, data subject rights requests, privacy complaints, or inquiries about this Privacy Policy, Filipino players and platform visitors may contact helslot's Data Protection Officer using the following contact details:
- Role: Data Protection Officer, helslot
- Platform: helslot.app
- Email: [email protected] (plain text — not clickable; copy and paste into your email client)
- Live Chat: Available 24/7 through the helslot platform
16.2 helslot will acknowledge receipt of a data subject rights request or privacy complaint within five (5) business days. The DPO will investigate the matter and provide a substantive response within thirty (30) calendar days, or within an extended period where the complexity of the request warrants it.
16.3 If you are not satisfied with helslot's response to a privacy complaint, you have the right to escalate the matter to the Philippine National Privacy Commission (NPC), the national authority responsible for administering and enforcing the Data Privacy Act of 2012. The NPC operates a formal complaints procedure for data subjects who believe their privacy rights have been violated.