kitayamachu Privacy Policy

At kitayamachu, we take the privacy and security of your personal information seriously. This is not just a legal obligation — it is a reflection of our commitment to operating an honest, trustworthy platform for Filipino players.

This Policy covers all personal data processed by kitayamachu in connection with your use of the kitayamachu platform, including the website at kitayamachu.com, the gaming services, payment processing, customer support, and all related account functions. It applies equally to players in Metro Manila, Cebu, Davao, Quezon City, and across the Philippine archipelago.

Please read this Policy carefully. If there is anything you do not understand or wish to clarify, you are welcome to contact our Data Privacy Officer using the details in Section 17 of this Policy.

kitayamachu operates the online gaming and sports betting platform accessible at kitayamachu.com. For the purposes of the Philippine Data Privacy Act of 2012, kitayamachu acts as the Personal Information Controller in relation to the personal data of its registered players and website visitors.

kitayamachu operates in compliance with the regulatory framework established by the Philippine Amusement and Gaming Corporation (PAGCOR), which includes applicable data handling requirements specific to the gaming sector. Our data practices are also subject to Anti-Money Laundering (AML) regulations applicable to gaming operators in the Philippines.

Where kitayamachu engages third-party service providers to process personal data on its behalf (such as payment processors or identity verification services), those providers act as Personal Information Processors under data processing agreements that bind them to equivalent data protection standards.

kitayamachu collects personal data across three broad categories: data you provide directly, data generated by your use of the platform, and data obtained from third parties for verification and compliance purposes.

kitayamachu collects personal data through the following means:

• Directly from you: When you register an account, complete KYC verification, make a deposit or withdrawal, contact customer support, respond to a survey, or update your account settings;
• Automatically: Through standard web technologies including cookies, session logs, and server-side access logs when you visit or use the kitayamachu platform;
• From third-party verification providers: Identity verification (KYC) service providers may return verification results, including data matching confirmation, to kitayamachu as part of the KYC process;
• From payment processors: Transaction confirmation data, including reference numbers and transaction status, is received from GCash, PayMaya, BPI, BDO, Metrobank, and card payment processors;
• From regulatory bodies: kitayamachu may receive data relating to a Player from PAGCOR or other competent authorities in connection with investigations or compliance requirements.

kitayamachu processes personal data only where there is a lawful basis for doing so under the Philippine Data Privacy Act of 2012. The following table summarises the primary processing purposes and their corresponding legal bases:

kitayamachu may share your personal data with the following categories of third parties, strictly limited to what is necessary for each purpose:

• Payment processors (GCash, PayMaya, BPI, BDO, Metrobank, Visa/Mastercard networks): To execute deposit and withdrawal transactions. kitayamachu transmits only the data required to process each specific transaction.
• KYC and identity verification providers: To verify your identity and age in compliance with PAGCOR requirements. These providers receive the identity data you submit during KYC and return a verification result.
• Game software providers: Game providers may receive a pseudonymous player identifier and wager data necessary to operate their games within the kitayamachu platform. Your full name, contact details, and financial data are not shared with game providers.
• PAGCOR and other competent regulatory authorities: kitayamachu is required by law to submit certain player data and transaction records to PAGCOR and, where applicable, to the Anti-Money Laundering Council (AMLC) and other competent Philippine government authorities.
• Law enforcement and courts: Where required by a valid court order, subpoena, warrant, or applicable law, kitayamachu will disclose personal data to law enforcement or judicial bodies.
• Professional advisors: Lawyers, auditors, and financial advisors engaged by kitayamachu may access personal data where necessary to provide their professional services, subject to professional confidentiality obligations.

All third-party data processors engaged by kitayamachu are bound by data processing agreements requiring them to maintain confidentiality and implement appropriate security measures at least equivalent to those maintained by kitayamachu.

Some of kitayamachu's service providers (including certain game software providers and technical infrastructure providers) may be located outside the Philippines and may therefore process your personal data in other jurisdictions. Where this occurs, kitayamachu ensures that appropriate safeguards are in place to protect your personal data, including:

• Contractual clauses requiring the recipient to apply data protection standards equivalent to the Philippine DPA;
• Limiting the scope of data transferred to what is strictly necessary for the service being provided;
• Conducting due diligence on the data security practices of recipients prior to engaging them.

By using the kitayamachu platform, you acknowledge that your personal data may be transferred to and processed in jurisdictions other than the Philippines. kitayamachu takes all reasonable steps to ensure that such transfers are conducted in a manner consistent with the DPA and this Policy.

kitayamachu retains personal data for as long as necessary to fulfill the purpose for which it was collected, subject to minimum retention periods imposed by law or regulatory requirements. The following retention guidelines apply:

• Active account data: Retained for the duration of the account's active status plus any mandatory post-closure retention period;
• KYC documents and identity verification records: Retained for a minimum of five (5) years following account closure, in compliance with PAGCOR and AMLC record-keeping requirements;
• Transaction and financial records: Retained for a minimum of five (5) years following each transaction, in compliance with applicable AML regulations;
• Customer support and dispute records: Retained for three (3) years following resolution of the matter;
• Marketing consent records: Retained for the duration of the consent plus three (3) years, to demonstrate compliance;
• Technical and access logs: Retained for twelve (12) months for security monitoring purposes, after which they are deleted or anonymised.

Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised. Anonymised data may be retained indefinitely for statistical and product improvement purposes, as it can no longer be linked to any individual.

kitayamachu implements a comprehensive set of technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, and destruction:

• Encryption in transit: All data transmitted between your browser or device and kitayamachu's servers is encrypted using TLS (Transport Layer Security), providing 256-bit encryption;
• Encryption at rest: Sensitive personal data stored in kitayamachu's databases is encrypted at rest using industry-standard encryption algorithms;
• Access controls: Internal access to personal data is restricted on a strict need-to-know basis. Staff with access to personal data are subject to confidentiality obligations and receive regular data privacy training;
• Password security: Player account passwords are stored in hashed, salted form — the original password is never stored or accessible in readable form;
• Session security: Account sessions are protected by secure session tokens and terminate automatically after a period of inactivity;
• Security monitoring: kitayamachu conducts regular security assessments and monitors systems for anomalous activity that may indicate a data breach or attack;
• Vendor security: Third-party service providers are assessed for security compliance before engagement and are required to maintain equivalent security standards under their data processing agreements.

Notwithstanding these measures, no internet-based system is completely immune to security risks. kitayamachu cannot guarantee the absolute security of data transmitted over the internet and encourages all players to take their own precautions, including using strong unique passwords and logging out of their accounts on shared devices.

kitayamachu uses cookies and similar tracking technologies on the kitayamachu.com website for the following purposes:

• Strictly necessary cookies: Required for the platform to function, including session authentication, security tokens, and shopping cart equivalents (game state). These cannot be disabled without rendering core platform functions inaccessible.
• Functional cookies: Remember your preferences such as language settings, last played games, and account dashboard layout preferences. These improve your experience but are not essential to platform function.
• Analytics cookies: Used to collect aggregated, anonymised data about how users navigate and use the platform, helping kitayamachu identify usability improvements. IP addresses used for analytics are anonymised.
• Marketing cookies: Used only where you have given explicit consent to receive personalised promotional content. These cookies help kitayamachu deliver relevant bonus offers and promotions. They can be disabled through your browser settings or by withdrawing your marketing consent in your account settings.

You may control cookie settings through your browser. Note that disabling non-essential cookies will not impair your ability to play games or manage your kitayamachu account, though some preference-based features may not function as expected.

kitayamachu sends promotional communications — including bonus offers, new game announcements, and tournament invitations — to players who have given their explicit consent to receive such communications at registration or through their account settings.

You may withdraw your consent to receive marketing communications at any time by:

• Updating your communication preferences in the Notifications section of your kitayamachu account dashboard; or
• Clicking the unsubscribe link included in any marketing email sent by kitayamachu; or
• Contacting the kitayamachu support team and requesting to be removed from marketing communications.

Withdrawal of marketing consent does not affect your right to continue using the kitayamachu platform or to receive transactional and account-related communications (such as deposit confirmations, withdrawal notifications, and security alerts), which are sent regardless of marketing preferences as they are necessary for the operation of your account.

kitayamachu requires all registered players to confirm that they are 21 years of age or older at the time of registration, and implements age verification checks as part of the KYC process for all accounts prior to the processing of any withdrawal.

If kitayamachu becomes aware that a registered account belongs to a person under 21 years of age, the account will be immediately suspended, all balances will be frozen pending investigation, and the matter will be reported to the relevant authorities in accordance with PAGCOR requirements. Any winnings accumulated during the period of underage access will not be paid out.

If you are a parent or guardian and believe your child has accessed or registered on the kitayamachu platform, please contact our support team and Data Privacy Officer immediately using the contact details in Section 17.

Under Republic Act No. 10173 (the Data Privacy Act of 2012) of the Philippines, you have the following rights in relation to your personal data held by kitayamachu: