At bm555, protecting the personal data of every Filipino member is a legal obligation and a core operational commitment. This Privacy Policy explains in plain terms how we collect your information, what we use it for, who we may share it with, and how you can exercise your rights under Philippine data protection law.
This Privacy Policy ("Policy") is issued by bm555 ("bm555," "we," "us," or "our") and applies to all personal data collected, processed, stored, and used in connection with your registration and use of the bm555 online gaming platform ("Platform"), accessible at bm555.org.
This Policy applies to all individuals who interact with the bm555 Platform in any capacity — including registered Members, prospective registrants who have partially completed the registration process, and visitors who browse the Platform without registering. It covers all personal data processed across all bm555 digital touchpoints, including the website, mobile browser interface, and progressive web application.
This Policy does not apply to third-party websites, payment processors, or service providers linked to or from the bm555 Platform. Those entities operate their own independent privacy policies, and bm555 is not responsible for their data practices. Where bm555 shares your data with third parties as described in this Policy, we do so under data processing agreements that impose equivalent protections on the receiving party.
By registering a bm555 account or continuing to use the Platform after this Policy has been made available to you, you acknowledge that you have read and understood its contents and consent to the processing of your personal data as described herein.
For the purposes of the Philippine Data Privacy Act of 2012 and its Implementing Rules and Regulations, the data controller responsible for the personal data of bm555 Members is:
bm555 has appointed a Data Protection Officer ("DPO") in accordance with the requirements of the National Privacy Commission. The DPO is responsible for overseeing bm555's compliance with applicable data protection law, managing data subject requests, and serving as the primary point of contact for the National Privacy Commission.
bm555 collects the following categories of personal data from Members and Platform users:
| Data Category | Specific Data Points | Required / Optional |
|---|---|---|
| Identity Data | Full legal name, date of birth, nationality, gender, government ID type and number | Required (KYC) |
| Contact Data | Philippine mobile number, email address | Required |
| Financial Data | GCash number, PayMaya number, linked bank account details (BPI, BDO, Metrobank), transaction history, deposit and withdrawal records | Required (withdrawals) |
| Identity Verification Documents | Scanned copies of government-issued ID (PhilSys, UMID, passport, driver's licence, voter's ID) | Required (KYC) |
| Gaming Activity Data | Game session logs, bet amounts, win/loss records, game types played, session duration, responsible gaming tool usage | Automatic (system-generated) |
| Technical Data | IP address, device type and OS, browser type, session tokens, login timestamps, geolocation (country/city level) | Automatic (system-generated) |
| Communication Data | Live chat transcripts, email correspondence, support ticket content, SMS OTP logs | Automatic (when contacting support) |
| Marketing Preference Data | Communication channel preferences, promotional opt-in/opt-out status, bonus redemption history | Optional |
bm555 does not seek to collect special categories of personal data (as defined under Philippine data protection law, including data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data) except where strictly required by applicable AML regulations or responsible gaming obligations — for example, where a Member voluntarily discloses health information in the context of a self-exclusion or responsible gaming request. Such data is processed solely for the stated purpose and is not used for any other commercial or analytical purpose.
bm555 collects personal data through the following channels and mechanisms:
bm555 processes your personal data only where there is a lawful basis for doing so under the Data Privacy Act of 2012. The primary legal bases applicable to bm555's processing activities are: (a) performance of a contract (processing necessary to provide the Platform and gaming services you have registered for); (b) compliance with a legal obligation (processing required by Philippine law, including PAGCOR regulatory requirements and AMLC obligations); and (c) legitimate interests (processing necessary for bm555's legitimate business interests, where those interests are not overridden by your privacy rights); and (d) your consent (for marketing communications and non-essential cookie processing).
| Purpose | Legal Basis |
|---|---|
| Account registration and management | Contract performance |
| Identity verification (KYC) | Legal obligation (PAGCOR / AMLC) |
| Processing deposits and withdrawals | Contract performance |
| Administering bonuses and loyalty programmes | Contract performance |
| Fraud prevention and security monitoring | Legal obligation / Legitimate interests |
| Anti-money laundering screening and reporting | Legal obligation (RA 9160, as amended) |
| Customer support and dispute resolution | Contract performance / Legitimate interests |
| Responsible gaming monitoring and intervention | Legal obligation (PAGCOR) / Legitimate interests |
| Platform analytics and service improvement | Legitimate interests |
| Marketing communications (promotional offers) | Consent |
| Compliance with court orders and regulatory directions | Legal obligation |
bm555 does not sell, rent, or otherwise commercially exploit your personal data to any third party for that party's own marketing purposes. Data sharing described in this section is limited to what is operationally necessary to provide the Platform's services or legally required by Philippine law.
bm555 may share your personal data with the following categories of third parties in the circumstances described:
Some of bm555's third-party service providers — particularly game software providers, cloud infrastructure providers, and certain KYC technology vendors — may be located outside the Philippines. Where personal data is transferred to a recipient in a country that does not provide an equivalent level of data protection to the Philippines, bm555 takes appropriate safeguards to protect that data, including:
You may request information about the specific safeguards applicable to any international transfer of your data by contacting bm555's Data Protection Officer at the contact details provided in Section 16.
bm555 implements technical and organisational security measures designed to protect your personal data against unauthorised access, disclosure, alteration, and destruction. These measures include, without limitation:
Despite these measures, no data transmission over the internet or electronic storage system is completely impenetrable. In the event of a data security incident affecting your personal data, bm555 will notify affected Members and the National Privacy Commission in accordance with the obligations imposed by the Data Privacy Act and the NPC's breach notification guidelines.
bm555 retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable Philippine law. The following retention periods apply:
| Data Category | Retention Period | Basis |
|---|---|---|
| Identity and KYC documents | 5 years from account closure | AMLC regulatory requirement |
| Financial transaction records | 5 years from account closure | AMLC / BIR requirements |
| Gaming activity logs | 3 years from last activity | PAGCOR audit requirements |
| Customer support records | 2 years from last interaction | Dispute resolution / Legitimate interests |
| Technical and security logs | 12 months from generation | Security monitoring |
| Marketing preference records | Until consent withdrawn + 6 months | Consent management compliance |
| Self-exclusion records | Indefinitely (for enforcement purposes) | Responsible gaming obligation |
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in accordance with the NPC's data disposal guidelines. Anonymised data — from which all identifying information has been irreversibly removed — may be retained indefinitely for aggregate statistical analysis.
You may exercise any of the rights described in this section by submitting a written request to bm555's Data Protection Officer at [email protected] with the subject line "Data Rights Request — [Your Registered Name]." bm555 will acknowledge your request within 3 business days and provide a substantive response within 15 business days, or notify you of any extension required for complex requests.
Under the Data Privacy Act of 2012 and its Implementing Rules and Regulations, you have the following rights in respect of your personal data held by bm555:
bm555 uses cookies and similar tracking technologies on its Platform. Cookies are small text files stored on your device that help the Platform recognise your session, maintain your login state, and deliver a personalised experience.
You may control cookies through your browser settings. Most modern browsers allow you to block, delete, or receive notifications about cookies. Note that disabling strictly necessary cookies may prevent you from logging in to your bm555 account or using certain Platform features. bm555 does not currently operate a cookie preference centre, but non-essential cookies may be declined at the point of consent collection when you first visit the Platform.
bm555 is strictly restricted to individuals who are 21 years of age or older. bm555 does not knowingly collect, process, or store personal data from any individual under 21 years of age. If bm555 becomes aware that personal data has been collected from an individual under 21, that data will be deleted immediately and the associated account will be permanently closed.
Age verification is conducted as part of the mandatory KYC process for all bm555 accounts. Government-issued identity documents confirming date of birth are required before any account may access withdrawal functionality. If you are a parent or guardian and believe your child has registered a bm555 account, please contact the Data Protection Officer immediately at the contact details provided in Section 16, providing the registered mobile number or email address associated with the account.
As an operator subject to Philippine anti-money laundering regulations, bm555 is legally required to collect, retain, and in certain circumstances report Member data to the Anti-Money Laundering Council (AMLC) in accordance with Republic Act No. 9160, as amended by RA 10167, RA 10365, and the Anti-Terrorism Act of 2020.
AML-related processing activities include: collection of KYC documentation; transaction monitoring for suspicious patterns; screening of Members against domestic and international watchlists; retention of transaction records for the legally mandated minimum period; and filing of covered transaction reports and suspicious transaction reports with the AMLC where threshold amounts or suspicious indicators are identified.
bm555 is legally prohibited from notifying Members who are the subject of a filed suspicious transaction report that such a report has been made. This restriction is imposed by Philippine AML law and overrides any data rights requests that would require such disclosure. bm555 cannot confirm or deny the existence of any report filed with the AMLC in relation to a specific account.
With your consent, bm555 may send you promotional communications relating to bm555 offers, new game launches, sports betting events, loyalty programme updates, and other Platform news. Marketing communications are sent via SMS to your registered Philippine mobile number and/or to your registered email address, based on your stated channel preferences.
You may withdraw your consent to receive marketing communications at any time, at no cost and without effect on your account status or access to the Platform, by:
Please note that transactional communications — including account security alerts, OTP messages, deposit and withdrawal confirmations, KYC status updates, and support responses — are sent regardless of your marketing communication preferences, as they are necessary for the operation of your account and cannot be disabled.
bm555 reserves the right to amend this Privacy Policy from time to time to reflect changes in applicable law, regulatory requirements, or bm555's data processing practices. Material changes to this Policy — specifically changes that affect your rights or the purposes for which your data is processed — will be communicated to registered Members via notification within the Platform or to the registered email or mobile number on file, with a minimum of 7 days' notice prior to the effective date of the changes.
The current version of this Policy, with its effective date, will always be accessible at bm555.org/privacy-policy. Where changes require the collection of fresh consent (for example, the addition of a new processing purpose not covered by your existing consent), bm555 will seek that consent separately and will not proceed with the new processing until it has been obtained.
Your continued use of the bm555 Platform following the effective date of a revised Privacy Policy constitutes your acknowledgement of the revised terms. If you do not agree with any revision, you may request account closure and withdrawal of your available balance prior to the effective date.
For any inquiry, request, or complaint relating to the processing of your personal data by bm555, please contact the bm555 Data Protection Officer:
If you are not satisfied with bm555's response to your data privacy inquiry or complaint, you have the right to lodge a formal complaint with the National Privacy Commission of the Philippines, which is the supervisory authority responsible for enforcing the Data Privacy Act of 2012. Information on the NPC's complaint procedure is publicly available through official Philippine government channels.
bm555 takes all data privacy complaints seriously and is committed to resolving them fairly and promptly. Before escalating to the NPC, we encourage you to first allow bm555's internal complaint procedure — described in Section 10 and above — to reach a conclusion, as this is the most direct and efficient route to resolution in the majority of cases.
Republic Act No. 10173 gives Filipino data subjects specific, enforceable rights. Here's how each one applies to your bm555 account.
You can request a copy of all personal data bm555 holds about you — identity records, transaction history, gaming logs, and support records. Requests are fulfilled within 15 business days. Contact the DPO with your registered account details to exercise this right.
If any personal data bm555 holds about you is inaccurate or outdated, you have the right to have it corrected. Minor updates (like contact number changes) can be made directly in your account settings. Name or ID corrections require KYC re-verification.
Where bm555 no longer needs your data for the purposes it was collected, you may request its deletion. Note that AML and PAGCOR regulations require bm555 to retain certain records for 5 years after account closure regardless of erasure requests — we will explain any applicable exception when responding to your request.
You can object to bm555 using your data for marketing purposes at any time — reply STOP to any SMS, click unsubscribe in any email, or update preferences in your account settings. Objection to marketing takes effect within 3 business days and does not affect your account access.
You have the right to receive your personal data in a structured, machine-readable format (such as JSON or CSV), allowing you to take your data history with you. Data portability requests are fulfilled within 15 business days subject to identity verification. Contact the DPO to initiate a portability request.
bm555 does not knowingly collect data from individuals under 21. Mandatory KYC age verification at the point of registration and prior to first withdrawal is the structural enforcement mechanism. Any account found to belong to an underage user is immediately closed and all data deleted.
Legal commitments are only meaningful when backed by technical and operational practice. These are the measures bm555 applies to every member account, every day.
Data in transit between your device and bm555 servers uses TLS 1.3 — the current gold standard in transport encryption. Sensitive data at rest is encrypted with AES-256. The same dual-layer approach used by Philippine banks and government systems.
bm555 staff access personal data only where their job function requires it, enforced through role-based access control systems. Every data access event is logged and regularly audited. No bm555 employee can access Member financial or identity data without a documented operational need.
bm555 maintains a documented data breach response plan compliant with the NPC's breach notification requirements. In the event of a breach affecting Member data, bm555 will notify the National Privacy Commission within 72 hours of discovery and affected Members without undue delay.
bm555 processes your data to operate the Platform you use — not to profit from it. Every data point collected has a defined purpose, a defined retention period, and is protected by the measures described in this Policy. Questions? Contact our Data Protection Officer anytime.
Explore related documents: Terms & Conditions, Responsible Gaming, and FAQ. To access your bm555 account, visit the bm555 Login page. bm555 is for adults 21 years and older only.