20jl — Privacy Policy

Introduction

This Privacy Policy ("Policy") is issued by the operator of the 20jl online casino platform ("20jl," "we," "us," or "our"), accessible at 20jl.vip. It describes how we collect, process, store, use, and disclose personal data when you visit our website, register a player account, or use any of our services, including casino games, sports betting, e-sabong, bingo, and wallet services.

By accessing the 20jl platform or submitting your personal information during registration, you acknowledge that you have read, understood, and consented to the data processing practices described in this Policy. If you do not agree with any part of this Policy, you should not register an account or continue using 20jl's services.

20jl is the data controller responsible for your personal data as described in this Policy. We operate within the Philippine online gambling regulatory framework overseen by PAGCOR (Philippine Amusement and Gaming Corporation) and are subject to the data privacy obligations applicable to PAGCOR-regulated operators.

This Policy applies to all personal data we process in connection with the 20jl platform, regardless of how it is provided — whether through the registration form, KYC verification process, customer support interactions, payment transactions, or through the use of cookies and tracking technologies on our website.

Personal Data We Collect

20jl collects personal data from and about you in the following categories, depending on how you interact with the platform:

2.1 Registration and Account Data

When you register a 20jl account, we collect the information you provide during that process, including:

• Philippine mobile number (used as your primary account identifier).
• Username (if selected in lieu of or in addition to mobile number).
• Date of birth (to verify you meet the 21+ age requirement).
• Account password (stored in encrypted, one-way hashed form — we cannot read your password).
• Email address (where provided during registration or subsequently added to your account).

2.2 KYC and Identity Verification Data

Prior to processing any withdrawal, 20jl is required by PAGCOR's KYC requirements to verify your identity. KYC verification involves collection of:

• Full legal name as it appears on your government-issued identification.
• Date of birth.
• A scanned copy or photograph of a valid Philippine government-issued photo ID (e.g., PhilSys National ID, Driver's License, Passport, UMID, SSS ID, GSIS ID, or Voter's ID).
• A selfie photograph taken by you for identity confirmation.
• Proof of payment method ownership, where applicable.

2.3 Financial Transaction Data

We collect data related to your financial transactions on the platform, including deposit amounts, withdrawal amounts, transaction timestamps, payment method identifiers (GCash reference numbers, bank transaction codes, etc.), and transaction history. We do not store full card numbers or GCash PINs.

2.4 Gaming Activity Data

We collect data about your use of games on the platform, including game sessions, bet amounts, game outcomes, wagering history, bonus utilization, and platform navigation patterns. This data is used for account management, bonus calculation, fraud detection, responsible gaming monitoring, and regulatory reporting to PAGCOR.

2.5 Technical and Device Data

When you access the 20jl platform, our servers automatically collect certain technical information, including:

2.6 Customer Support Data

When you contact 20jl's support team via live chat or email, we collect the content of your communications, including any personal information you provide in the course of your support inquiry. Support interactions are retained for quality assurance, dispute resolution, and audit purposes.

How We Use Your Data

20jl processes your personal data for the following purposes:

• Account creation and management: Creating and maintaining your 20jl player account, enabling login, managing account settings, and processing account closure requests.
• KYC and age verification: Verifying your identity and confirming that you meet the 21+ age requirement as mandated by PAGCOR.
• Payment processing: Processing deposits and withdrawals via GCash, Maya, BPI, BDO, Metrobank, Coins.ph, and USDT. Verifying that deposit and withdrawal accounts are held in your name.
• Game services: Enabling access to and operation of all games on the platform, calculating and crediting winnings, managing bonus wagering requirements, and processing tournament entries and results.
• Fraud prevention and security: Detecting and investigating fraudulent account activity, preventing money laundering, identifying unauthorized access, and protecting the integrity of the platform and other players.
• Regulatory compliance: Meeting obligations under PAGCOR's licensing requirements, the Anti-Money Laundering Act (RA 9160 as amended), the Data Privacy Act (RA 10173), and other applicable Philippine laws and regulations.
• Responsible gaming: Monitoring player activity to identify patterns consistent with problem gambling and administering responsible gaming tools including deposit limits, session reminders, cooling-off periods, and self-exclusion.
• Customer support: Responding to support inquiries, resolving account disputes, and providing platform assistance to registered players.
• Platform improvement: Analyzing aggregated and anonymized usage data to improve platform performance, game offerings, and user experience.
• Marketing communications: Sending promotional emails or SMS messages about bonuses and platform updates, subject to your communication preferences and applicable opt-in/opt-out requirements.

Legal Bases for Processing

Under the Data Privacy Act of 2012 (RA 10173), 20jl processes your personal data on the following legal bases:

• Contractual necessity: Processing your account data, payment data, and gaming activity data is necessary to perform the contract between you and 20jl — namely, providing you with access to the platform and its services.
• Legal obligation: Processing your KYC data, AML-related records, and certain transaction data is necessary to comply with PAGCOR licensing requirements, RA 9160 (Anti-Money Laundering Act), and other applicable Philippine legal obligations.
• Legitimate interests: Processing technical data for fraud prevention, security monitoring, and platform integrity is necessary for 20jl's legitimate interests in operating a secure and fair gaming environment, provided those interests are not overridden by your fundamental rights.
• Consent: Where we send marketing communications by SMS or email, we rely on your consent as the legal basis. You may withdraw consent at any time by following the opt-out instructions in any marketing message or by contacting [email protected].

Cookies & Tracking Technologies

20jl uses cookies and similar tracking technologies to operate and improve the platform. Cookies are small data files placed on your device when you visit our website. We use the following categories of cookies:

• Essential cookies: Strictly necessary for the platform to function. These include session authentication cookies that keep you logged in during your visit and security tokens that protect your account from cross-site request forgery. These cannot be disabled without impairing platform functionality.
• Functional cookies: Used to remember your preferences, such as your preferred language settings or last-visited game categories. These are not strictly necessary but improve your experience on the platform.
• Analytics cookies: Used to collect aggregated, anonymized data about how players use the platform, including pages visited, time spent, and navigation paths. This data helps us identify performance issues and improve the platform experience. Analytics data is not linked to individual identities.
• Security and fraud detection cookies: Used to identify suspicious activity patterns, detect bot traffic, and protect the platform from abuse. These may collect device fingerprint data for security purposes.

Most web browsers allow you to control cookie settings through the browser's privacy or settings menu. Disabling certain cookies may affect the functionality of the 20jl platform, including your ability to stay logged in during a session. Essential security and authentication cookies cannot be disabled without impacting your ability to use the platform.

20jl does not use third-party advertising or behavioral targeting cookies. We do not share cookie data with advertising networks.

Third-Party Data Sharing

20jl does not sell, rent, or trade your personal data to third parties for commercial or marketing purposes. We share personal data with third parties only in the following circumstances, and only to the minimum extent necessary:

• Payment service providers: GCash (GXI), Maya (Voyager Innovations / PayMaya Philippines), BPI, BDO, Metrobank, Coins.ph, and USDT gateway providers receive the transaction data necessary to process your deposits and withdrawals. These providers are independent data controllers subject to their own privacy policies and applicable BSP regulations.
• Game providers: JILI, PG Soft, Pragmatic Play, CQ9, and other licensed game providers receive only the data necessary to provide game services — typically a pseudonymous player identifier and session token. They do not receive your full KYC identity data.
• Regulatory authorities: PAGCOR and other competent Philippine regulatory or law enforcement authorities may receive player data where required by law, regulatory direction, court order, or as part of PAGCOR's monitoring and audit functions. 20jl is legally obligated to comply with such requests.
• AML compliance services: Transaction data may be processed by third-party AML screening tools to fulfill 20jl's obligations under RA 9160. These providers operate under strict data processing agreements.
• Customer support platforms: Where a third-party live chat or ticketing system is used to provide customer support, support interaction data may be processed by that provider under a data processing agreement with 20jl.
• Professional advisers: Lawyers, auditors, and accountants engaged by 20jl may access player data on a need-to-know basis under confidentiality obligations.

Data Security

20jl implements appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. These measures include, but are not limited to:

• SSL/TLS encryption: All data transmitted between your device and 20jl's servers is encrypted in transit using industry-standard SSL/TLS protocols. The padlock icon in your browser's address bar confirms that your connection to 20jl is encrypted.
• Password hashing: Account passwords are stored using one-way cryptographic hashing. 20jl employees cannot read your password. In the event of a data breach, hashed passwords cannot be reversed to recover plain-text passwords.
• Access controls: Internal access to personal data is restricted on a need-to-know basis. Staff with access to personal data are subject to confidentiality obligations and receive data protection training.
• Database encryption: Sensitive data fields — including KYC document data — are stored in encrypted form within 20jl's database systems.
• Security monitoring: 20jl's systems are subject to ongoing security monitoring to detect and respond to potential unauthorized access attempts or anomalous activity.
• Incident response: 20jl maintains data breach incident response procedures in accordance with RA 10173's breach notification requirements. In the event of a personal data breach that poses a real risk to data subjects, affected individuals and the National Privacy Commission (NPC) will be notified within the timeframes prescribed by the DPA IRR.

While 20jl implements reasonable security measures, no digital system is entirely immune from security risks. You are responsible for maintaining the confidentiality of your account login credentials and for notifying [email protected] immediately if you suspect unauthorized access to your account.

Data Retention

20jl retains your personal data for as long as is necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by applicable law. The following general retention principles apply:

• Active account data: Personal data associated with an active 20jl account is retained for the duration of the account's active status.
• Closed account data: Following account closure, 20jl retains account and transaction records for a minimum of five (5) years, in accordance with PAGCOR's record-keeping requirements and RA 9160's AML retention obligations.
• KYC documents: Identity verification documents are retained for a minimum of five (5) years following the end of the business relationship, as required by PAGCOR and AML regulations.
• Customer support records: Support interaction records are retained for a minimum of two (2) years for dispute resolution, quality assurance, and audit purposes.
• Marketing data: Where you have consented to marketing communications, your contact details used for marketing are retained until you withdraw consent. Consent records themselves are retained for a period sufficient to demonstrate compliance.
• Technical and analytics data: Anonymized or aggregated analytics data may be retained indefinitely, as it no longer constitutes personal data once appropriately anonymized.

At the end of any applicable retention period, personal data is securely deleted or irreversibly anonymized. Secure deletion procedures are applied to both digital and physical records containing personal data.

Your Data Rights

Under the Data Privacy Act of 2012 (RA 10173), you as a data subject have the following rights in relation to your personal data held by 20jl:

To exercise any of the above rights, you may submit a written request to 20jl's Data Protection Officer at [email protected] (subject line: "Data Subject Request — [Your Request Type]"). 20jl will acknowledge your request within three (3) business days and will respond substantively within thirty (30) days of receipt, in accordance with the DPA IRR.

Please note that certain data rights are subject to limitations where retention is required by law or where the exercise of the right would conflict with 20jl's obligations under PAGCOR's licensing requirements or applicable AML legislation. In such cases, 20jl will explain the limitation in its response to your request.

If you believe that 20jl has not handled your personal data in accordance with this Policy or applicable law, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines through its official channels.

Children & Minors

The 20jl platform and all its services are strictly intended for individuals who are at least 21 years of age, as required by PAGCOR's regulations for online casino-style gambling in the Philippines. 20jl does not knowingly collect personal data from any person under the age of 21.

If 20jl discovers or has reasonable grounds to believe that personal data has been collected from an individual under the age of 21, it will take the following steps:

• Immediately suspend the associated account.
• Notify the account holder of the suspension and the reason for it.
• Delete or return any deposited funds in accordance with PAGCOR's underage gambling policy.
• Permanently delete the personal data collected in connection with the underage account, except where retention is required for legal compliance purposes.
• Where appropriate, report the incident to PAGCOR and/or relevant Philippine authorities.

Adults who share devices with minors are strongly encouraged to implement parental control software to prevent minors from accessing the 20jl platform.

Marketing Communications

With your consent, 20jl may send you promotional communications via SMS to your registered Philippine mobile number or email to your registered email address. These communications may include information about new promotions, bonus offers, tournament announcements, and platform updates.

You may opt out of marketing communications at any time by:

• Replying "STOP" to any promotional SMS from 20jl.
• Clicking the unsubscribe link included in any promotional email from 20jl.
• Contacting [email protected] and requesting removal from marketing communications.
• Updating your communication preferences within your 20jl account settings.

Opting out of marketing communications will not affect the delivery of service-related and transactional communications — including deposit confirmations, withdrawal notifications, account security alerts, and responses to customer support inquiries. These communications are necessary for the operation of your account and cannot be disabled.

20jl does not engage in third-party data brokering and does not share your contact details with external marketing companies.

Cross-Border Data Transfers

20jl's primary data processing operations are conducted within the Philippines. Where personal data is transferred to third-party service providers whose infrastructure is located outside the Philippines — such as certain cloud hosting or analytics platforms — 20jl ensures that such transfers comply with the cross-border data transfer requirements of RA 10173 and its IRR.

In practice, this means that 20jl will only transfer personal data to recipients outside the Philippines if:

• The recipient country has been determined to provide an adequate level of data protection; or
• Appropriate safeguards are in place, such as contractual clauses that require the recipient to protect the data to a standard equivalent to that required by Philippine law; or
• The transfer is necessary for the performance of a contract to which you are a party (such as processing a payment via an international payment gateway).

In all cases, 20jl remains responsible for the protection of your personal data and will take appropriate steps to ensure that cross-border transfers are conducted in a manner consistent with this Policy and applicable law.

Changes to This Policy

20jl reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, updates to Philippine law or PAGCOR requirements, or improvements to our data protection procedures.

Where amendments to this Policy are material — meaning they involve a significant change to how your personal data is collected, used, or disclosed — 20jl will notify registered players through one or more of the following channels: a notice on the platform's login or landing page; an in-account notification visible upon next login; or a direct communication to your registered mobile number or email address.

Non-material amendments, such as typographical corrections or clarifications that do not alter the substance of any provision, may be made without prior notice. The "Last Updated" date at the top of this Policy will always reflect the most recent revision date.

Your continued use of the 20jl platform following the effective date of any amendment to this Policy constitutes your acceptance of the amended Policy. If you do not agree to the amendments, you should cease using the platform and may request account closure in accordance with 20jl's Terms and Conditions.

Contact & Data Protection Officer

20jl has designated a Data Protection Officer (DPO) as required by the Data Privacy Act of 2012. The DPO is responsible for overseeing 20jl's data protection compliance, handling data subject requests, and serving as the point of contact for the National Privacy Commission (NPC).

If you have any questions about this Privacy Policy, wish to exercise your data subject rights, or have a concern about how 20jl handles your personal data, you may contact us through the following channels:

• Email (Data Subject Requests): [email protected] — Subject line: "Privacy / Data Request"
• General Support Email: [email protected]
• Live Chat: Available 24/7 through the platform after login.
• Response Timeframe: Data subject requests acknowledged within three (3) business days; substantive response within thirty (30) days.