smjl Privacy Policy

1 Scope and Data Controller

This Privacy Policy applies to all personal data collected, processed, and stored by smjl in connection with the smjl online gaming platform accessible at smjl.asia (the "Platform") and all related services. It applies to all registered players, prospective players who have commenced but not completed registration, and visitors to the Platform.

smjl acts as the Personal Information Controller (PIC) for all personal data described in this Policy, as that term is defined under the Philippines' Data Privacy Act of 2012 (Republic Act No. 10173). smjl is responsible for determining the purposes and means by which your personal data is processed.

This Policy should be read together with smjl's Terms & Conditions and Responsible Gaming Policy. By registering an account or using the Platform, you acknowledge that you have read and understood this Privacy Policy.

2 Personal Data We Collect

2.1 Registration and Identity Data

When you register an smjl account, we collect your full legal name (as it appears on a government-issued Philippine identification document), email address, Philippine mobile telephone number, date of birth, and a password of your choosing. This information is required to create and operate your smjl account.

2.2 Identity Verification (KYC) Data

To comply with PAGCOR's Know Your Customer (KYC) requirements and the Anti-Money Laundering Act (AMLA), smjl may collect copies of your government-issued Philippine identification documents (such as a Philippine passport, driver's licence, SSS ID, UMID, or voter's ID), proof of residential address, and, where required by applicable law, source of funds documentation. This data is processed solely for identity verification, regulatory compliance, and fraud prevention purposes.

2.3 Financial and Transaction Data

smjl collects records of all deposits, withdrawals, and gaming transactions associated with your account, including the payment methods used (GCash account references, bank account details), transaction amounts in Philippine Peso, timestamps, and transaction identifiers. We do not store complete payment card numbers on our servers. Payment processing is handled by our regulated payment service providers subject to their own security standards.

2.4 Gaming Activity Data

smjl maintains records of all gaming activity conducted through your account, including games played, bet amounts, outcomes, session durations, and bonus utilization. This data is used for account management, dispute resolution, regulatory reporting, and responsible gaming monitoring.

2.5 Technical and Device Data

When you access the Platform, smjl automatically collects certain technical data including your IP address, device type and operating system, browser type and version, screen resolution, and session timestamps. This data is used for security monitoring, fraud detection, platform optimization, and regulatory compliance.

2.6 Communications Data

smjl retains records of all communications between you and smjl's customer support team, including live chat transcripts, email correspondence, and any documentation submitted in connection with a support query or dispute. These records are maintained for quality assurance, dispute resolution, and regulatory compliance purposes.

3 How We Use Your Personal Data

smjl uses your personal data for the following specific purposes:

• Account Management: Creating, maintaining, and administering your smjl account, including processing your login authentication and account security.
• Service Delivery: Processing deposits and withdrawals via GCash, PayMaya, BPI, BDO, Metrobank, and UnionBank; crediting gaming winnings; and operating all gaming products accessible through your account.
• Identity Verification & KYC: Verifying your identity and age (21+ requirement) in compliance with PAGCOR's licensing conditions and Philippine AML regulations.
• Regulatory Compliance: Meeting smjl's obligations under PAGCOR's licensing framework, the Anti-Money Laundering Act, the Data Privacy Act, and all other applicable Philippine laws and regulations, including reporting obligations to the AMLC.
• Fraud Prevention and Security: Detecting, investigating, and preventing fraudulent transactions, account compromise, and other illegal or unauthorized activities on the Platform.
• Responsible Gaming: Monitoring gaming patterns to identify indicators of problem gambling behavior and facilitating the responsible gaming tools available to players, including self-exclusion and deposit limits.
• Customer Support: Responding to and resolving your support queries, account questions, and formal complaints.
• Platform Improvement: Analyzing aggregated, anonymized usage data to improve the performance, features, and user experience of the smjl Platform.
• Marketing Communications: Sending you promotional communications about smjl offers and bonuses, where you have provided your consent. You may withdraw this consent at any time by updating your communication preferences in your account settings.

4 Legal Basis for Processing

smjl processes your personal data on the following legal bases as provided under the Data Privacy Act of 2012 and its implementing regulations:

• Contractual Necessity: Processing of registration data, transaction data, and gaming activity data is necessary for the performance of the contract between you and smjl (the Terms & Conditions), specifically to provide the gaming services you have requested.
• Legal Obligation: Processing for KYC, AML compliance, age verification, and regulatory reporting is required by applicable Philippine law, including the AMLA, PAGCOR regulations, and the Data Privacy Act itself.
• Legitimate Interest: Processing for fraud prevention, platform security, and responsible gaming monitoring is necessary for smjl's legitimate interests as a regulated gaming operator, balanced against your rights and interests as a data subject.
• Consent: Processing for marketing communications is based on your affirmative consent, which you may withdraw at any time without affecting the lawfulness of prior processing.

5 Sharing Your Personal Data

5.1 Service Providers (Personal Information Processors)

smjl engages third-party service providers who process personal data on smjl's behalf as Personal Information Processors (PIPs) under the Data Privacy Act. These include: payment processing companies (including GCash's operator G-Xchange, Inc., and other Philippine banking institutions); identity verification and KYC service providers; game software providers who access gaming activity data for technical support and audit purposes; customer support platform providers; and IT infrastructure and cloud services providers. All PIPs are contractually bound to process personal data only on smjl's instructions and to implement appropriate data security measures.

5.2 Regulatory and Law Enforcement Authorities

smjl may disclose personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), the Bureau of Internal Revenue (BIR), or other competent Philippine government authorities where required by law, court order, or valid legal process. smjl will, to the extent permitted by law, notify you of such a disclosure unless prohibited from doing so by applicable law or by order of a competent authority.

5.3 No Sale of Personal Data

smjl does not sell, rent, trade, or otherwise commercially exploit your personal data to third parties for their own marketing, advertising, or other commercial purposes. This prohibition applies regardless of the form of consideration offered.

5.4 Business Transfers

In the event of a merger, acquisition, sale of assets, or other corporate transaction involving smjl, personal data held by smjl may be transferred to the relevant successor entity. smjl will take reasonable steps to ensure that any such transfer is conducted in compliance with the Data Privacy Act and that the successor entity is bound by substantially equivalent data protection obligations.

6 Data Retention

smjl retains your personal data for as long as is necessary for the purposes described in this Policy, taking into account the following considerations:

• Active Account Data: Personal data associated with an active smjl account is retained for the duration of the account's existence plus an additional period of five (5) years following account closure, in compliance with PAGCOR record-keeping requirements and Philippine AML regulations.
• Transaction Records: Financial transaction records are retained for a minimum of five (5) years from the date of the transaction, as required by the AMLA and applicable BIR regulations.
• KYC Documents: Identity verification documents are retained for the period required by PAGCOR and AMLC regulations, which is a minimum of five (5) years from the date of the last transaction or account closure, whichever is later.
• Support Communications: Customer support records are retained for a period of three (3) years from the date of the last interaction.
• Marketing Data: Where processing is based on consent, marketing-related data is retained until you withdraw your consent or request erasure, subject to applicable legal retention obligations.

Upon expiry of the applicable retention period, personal data is securely deleted or anonymized in accordance with smjl's data disposal procedures.

7 Security Measures

smjl implements a layered set of technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and smjl's servers;
• Encryption of sensitive data fields (including passwords and KYC document data) at rest using industry-standard encryption;
• Role-based access controls ensuring that smjl personnel can access personal data only to the extent required for their specific functions;
• Regular internal and third-party security audits and penetration testing of smjl's platform infrastructure;
• Multi-factor authentication requirements for smjl personnel accessing systems that process personal data;
• Automated monitoring and alerting for suspicious access patterns or anomalous data access activity;
• Formal incident response and data breach management procedures aligned with NPC notification requirements.

8 Cookies and Tracking Technologies

8.1 What We Use

smjl uses cookies and similar tracking technologies on the Platform for the following purposes: session management (maintaining your logged-in state during a Platform session); security (detecting and preventing session hijacking and cross-site request forgery); performance analytics (measuring page load times and identifying technical issues); and, where you have provided consent, personalization (remembering your language and display preferences).

8.2 Essential Cookies

Certain cookies are strictly necessary for the Platform to function and cannot be disabled. These include session authentication cookies that maintain your logged-in state and security cookies that protect against common web application attacks. These cookies do not track your activity across other websites.

8.3 Analytics and Performance

smjl uses analytics tools to collect aggregated, anonymized data about how the Platform is used. This data helps smjl identify performance bottlenecks, high-traffic pages, and areas where the user experience can be improved. Where such tools involve setting cookies, smjl configures them to minimize data collection and to avoid cross-site tracking.

8.4 Managing Cookies

You may control and manage cookie settings through your browser's privacy settings. Disabling essential cookies will impair the functionality of the Platform, including your ability to remain logged in. smjl's cookie implementation does not rely on third-party advertising networks or behavioral tracking cookies.

9 Minors

The smjl Platform is strictly for adults aged twenty-one (21) years and above, in accordance with PAGCOR's minimum age requirements for casino-style gaming. smjl does not knowingly collect personal data from individuals under the age of 21. All accounts undergo age verification as part of the KYC process.

If smjl becomes aware that personal data has been collected from a person under 21 years of age, smjl will immediately suspend the relevant account, delete the associated personal data to the extent permitted by applicable law (subject to any mandatory retention obligations), and take appropriate remedial action. If you believe that smjl may have inadvertently collected information from a minor, please notify smjl immediately at [email protected].

10 Your Data Subject Rights

Under the Data Privacy Act of 2012 and its implementing regulations, you have the following rights with respect to your personal data held by smjl. You may exercise any of these rights by submitting a request to smjl's Data Protection Officer at the contact details in Section 15.

* Erasure rights are subject to mandatory retention periods under PAGCOR, AMLA, and BIR regulations. Where legal retention requirements prevent immediate erasure, smjl will restrict processing of the data to the extent permitted by law.

smjl will acknowledge receipt of your data rights request within five (5) business days and will provide a substantive response within thirty (30) days, extendable by a further thirty (30) days where the complexity or volume of your request requires additional time, with prior notice to you.

11 Cross-Border Data Transfers

smjl's primary data processing infrastructure is based in the Philippines. Where smjl engages service providers whose infrastructure is located outside the Philippines — for example, certain cloud computing or game technology providers with international operations — personal data may be transferred to and processed in jurisdictions outside the Philippines.

smjl ensures that any cross-border transfer of personal data is conducted only: (a) to countries or organizations that have been assessed as providing an adequate level of data protection; (b) pursuant to approved cross-border transfer mechanisms recognized under the Data Privacy Act and NPC implementing regulations; or (c) subject to contractual clauses that impose data protection obligations on the recipient equivalent to those applicable in the Philippines. smjl does not transfer personal data to jurisdictions that lack adequate data protection safeguards without implementing appropriate protective mechanisms.

12 Data Breach Management

smjl maintains a formal data breach management and incident response procedure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, smjl will notify the National Privacy Commission (NPC) within seventy-two (72) hours of becoming aware of the breach, in accordance with the NPC's data breach notification requirements under Circular No. 16-03.

Where the breach is likely to result in a high risk to your rights and interests, smjl will also notify you directly without undue delay, providing information about the nature of the breach, the personal data affected, the likely consequences, and the measures smjl has taken or proposes to take to address the breach, including any measures to mitigate its effects.

13 Third-Party Services and Links

The smjl Platform may contain references to third-party payment service providers (including GCash, operated by G-Xchange, Inc., a wholly-owned subsidiary of Globe Telecom, Inc.) whose services you may use to fund your smjl account. When you interact with these third-party services, their own privacy policies govern the collection and use of your personal data. smjl is not responsible for the privacy practices of third-party service providers. We encourage you to review the privacy policies of any third-party services you use in connection with your smjl account.

smjl's own game software providers may have access to limited gaming activity data for the purpose of providing technical support, conducting game audits, and ensuring RNG certification compliance. These providers are contractually bound to process such data only for specified technical purposes and to implement appropriate data security measures.

14 Policy Amendments

smjl reserves the right to amend this Privacy Policy from time to time to reflect changes in applicable law, regulatory requirements, or smjl's data processing practices. Where amendments are material, smjl will notify you by posting a notice on the Platform and, where practicable, by sending a notification to your registered email address, at least seven (7) days before the amended Policy takes effect.

Your continued use of the Platform after the effective date of any amendment constitutes your acknowledgment of the revised Policy. If you do not agree to the amended Policy, you should discontinue use of the Platform and may request account closure in accordance with the smjl Terms & Conditions. The most current version of this Privacy Policy is always available at smjl.asia/privacy-policy.

15 Data Protection Officer and Contact

smjl has designated a Data Protection Officer (DPO) as required by the Data Privacy Act and NPC Circular No. 17-01. The DPO is responsible for overseeing smjl's compliance with the Data Privacy Act and this Privacy Policy, and for serving as the point of contact for data subjects wishing to exercise their rights or raise data privacy concerns.

To exercise your data subject rights, lodge a privacy complaint, or make any enquiry regarding smjl's processing of your personal data, please contact:

• Data Protection Officer, smjl
• Platform: smjl.asia
• Email: [email protected] (marked: Attention DPO / Privacy Enquiry)
• Live Chat: Available on the Platform 24/7

smjl will acknowledge all privacy-related communications within five (5) business days. If you are not satisfied with smjl's response to your privacy concern, you have the right to lodge a complaint with the National Privacy Commission of the Philippines at privacy.gov.ph.