Effective Date: 2 September 2021
Items of personal information to collect and the method thereof
(1) Items of personal information to collect
① The following information may be generated and collected in the process of service use or business handling.
- Information of the user's mobile phone terminal (model name, OS version, mobile firmware version, device identification number, etc.), IP address, cookie, the latest access location
- Records at the time of using location-based services
- Access time, service use record, faulty use record, etc.
② When information is unavoidably required for the payment in the course of using free/paid service
- Credit card information, wireless carrier information, purchase record and gift card number and/or other payment related information are collected
③ When the user requests the restoration or refund of paid contents
- Email address, purchase record and additional personal information such as the real name and family relations evidence to demonstrate that the purchase was made by a third party are collected.
(2) Personal information collection method: The company collects the personal information of users through the following methods.
- Through the agreement procedures at the time of signing up for the service provided by the company
- Via separate consent procedures for promotions and events
- Automatically through platforms in partnership with the company with regard to the provision of services
- When provided by the users in a voluntary manner or in response to the company's request where necessary at the time of subscribing or using the service
Collection of personal information and intended purpose
(1) The company uses the personal information of users collected for the following purposes.
- To secure communication channels to facilitate the delivery of notifications or the handling of customer complaints
- To handle inquiries about the use of paid information, handle conflicts related to the implementation of contract requirements and obligations, and provide customer services
- To introduce new services as well as new product launch event information
Sharing and provision of personal information
(1) Except for cases with the user's consent or provisions specified in the related laws and regulations, the company will never use the personal information of users beyond the scope of the intended use specified in the "Collection of personal information and intended purpose," or provide such information to other companies, organizations or institutions.
(2) When sharing or providing the personal information of users, for example when the provision of users' personal information within a limited scope is necessary to provide various services to users through partnership with other service providers or business operators, users will be notified of who will receive or share users' personal information, what the main business is, what items in the personal information will be provided or shared, for what purposes users’ personal information is to be provided or shared, etc. through a notice in the application or through a message to users at least 10 days prior to the implementation to obtain consent from users.
(3) In the following cases, provision of a user's personal information without consent from the applicable user is allowed pursuant to the related laws and regulations.
- When such information is required to collect fees for the provision of service(s)
- When the provision of a user's personal information is necessary for statistics, academic or market research purposes, and the personal information provided is processed to ensure that the identification of the user is not possible
- When there has been a request from related authorities for investigation purposes in accordance with related laws and regulations
Delegation of authority to handle personal information
The company may delegate the authority to control the personal information of users to ensure the implementation of service(s). In case of delegation, the company specifies requirements to ensure the safe control of the personal information of users in accordance with the related laws and regulations.
Retention and use period of personal information
(1) In principle, the company retains a user's personal information from the member registration to the termination of membership. If the applicable user withdraws his or her membership or the intended purpose of the collection and use of personal information is achieved, the applicable personal information is disposed of immediately. However, the company will retain the user's personal information for 3 months from the date on which the membership of the applicable user is terminated according to the terms and conditions as well as internal policy to prevent the illegal use of such information. After the aforementioned period, the personal information of the user is completely deleted.
(2) If the personal information of a user must be retained pursuant to the provision(s) of Commercial Act or other related laws even if the purpose of its collection has been achieved, or if there is a reason for retaining such personal information according to the company's internal policy or other related regulations, the company shall retain the personal information of the user for a certain period of time prescribed by related laws and regulations. In this case, the personal information retained will be used only for retention purposes, and the retention periods are as follows:
- Records related to contract or cancellation of subscription
(Reason for retention: Act on Consumer Protection in the Electronic Transactions, Etc., Retention period: 5 years)
- Records on payments and supply of goods
(Reason for retention: Act on Consumer Protection in the Electronic Transactions, Etc., Retention period: 5 years)
- Records on handling of consumer complaints and conflicts
(Reason for retention: Act on Consumer Protection in the Electronic Transactions, Etc., Retention period: 3 years)
- Records on identification
(Reason for retention: Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., Retention period: 6 months)
- Visiting records: access logs, service use records, etc.
(Reason for retention: Protection of Communications Secrets Act, Retention period: 3 months)
(3) For personal information that is retained pursuant to Paragraph (2) above, if the subject of the applicable personal information requests the retrieval of his or her personal information, the company will provide an appropriate measure to enable such retrieval immediately.
Procedures and method for the disposal of personal information
(1) Destruction procedures
- The information of a member input by the member at the time of signing up will be destroyed after the purpose of its collection or use has been achieved after being retained for a certain period of time according to the reason(s) for information protection pursuant to the company's internal policy or other related laws and regulations (refer to the periods of retention and/or use of personal information).
- Personal information will not be used for purposes other than the intended purpose except in the cases specified in the laws and regulations.
(2) Destruction method
- Personal information saved in an electronic file format is deleted using a technical method that disables the recovery of the record.
- Personal information output on paper shall be shredded or incinerated.
Usage of important permission in application
The application uses permissions as below:
(1) Write external storage permission is for storage extension.
(2) Read phone state permission is for ads recommendation by third party ads SDK.
(3) Read logs permission is for game crash analytics.
(4) Access fine location permission is for third party ads SDK
The application will not activate or use permissions without prior consent. Users can choose to reject when meeting the system confirmation window of permission, but will not be able to use the feature.
Rights of a user and his or her legal representative, and method of exercising the rights
(1) The rights can be exercised when the request is received through the platform in partnership with the company related to the provision of services, or when the request is submitted directly via the company's website.
(2) The user and his or her legal representative may retrieve or adjust his or her own personal information or that of an adolescent below the age of 14 years for which he or she is responsible, and may request the cancellation of the subscription at any time.
(3) The adjustment of personal information of the user's own personal information or that of an adolescent below the age of 14 years for which he or she is responsible can be performed on the personal information change page (or Modify My Profile).
(5) If the user requests the correction of errors in the personal information, the applicable personal information will not be used or provided until the correction is completed. In addition, when incorrect personal information has already been provided to a third party, corrected information will be delivered to the third party without delay.
(6) The company handles personal information that has been closed or deleted in response to the request from the user or his or her legal representative in accordance with the provisions specified in the "Retention and use period of personal information," and disables the retrieval or use of information for other purposes.
Protective measures for personal information in technical/administrative terms
The company is developing the following technical/administrative measures to secure safety in order to prevent loss, theft, leakage, alteration or damage to personal information.
Cookies are used to assist users with quick and convenient use of websites and to provide customized services.
(1) Encryption of password
The company does not collect the passwords of members in the platform in partnership with the company for the provision of services.
(2) Restriction and indoctrination of handling personnel
(3) Operation of dedicated privacy protection organization
However, for problems originating from the leak of a user's personal information in the platform in partnership with the company for the provision of services, such as ID, password, nickname, email address, which is due to the user's negligence or a malfunction in the internet connection, the company will not be held responsible.
Civil complaint service about personal information
(1) The company may provide the user with links to the websites of other companies or external data. In this case, as the company does not have any controlling authority over the external websites or data, the company cannot guarantee or take any responsibility for the usefulness of the service or data provided.
(3) Users should keep their personal information up to date in order to prevent unexpected problems. The responsibility for any issue caused by the inaccuracy of information input by the user shall lie with the user. Inputting false information, such as the illegal use of another person's personal information, may lead to the deletion or limitation on the use of the account.
(4) Although a user has rights to be protected for his or her personal information, he or she is obliged not only to protect his or her own personal information, but also to not infringe other's personal or privacy information. Please be careful not to expose your personal information including the password to others, and avoid damaging other users' personal information, including their posts. Failing to fulfill such responsibilities that cause damages to another user's personal information or reputation may lead to a penalty in accordance with related laws and regulations.
(5) The responsibility for any disadvantage in the use of service(s) or property loss caused by the entry of inaccurate or false personal information shall lie with the user.
Children's personal information
We do not collect children's personal information without parental consent, except as permitted under applicable laws such as the U.S. Children's Online Privacy Protection Act (COPPA) and the EU General Data Protection Regulation(GDPR).
TRANSFERS OF PERSONAL DATA OUTSIDE THE EU/EUROPEAN ECONOMIC AREA
We share your personal data with our affiliates and partners in the EU/EEA and outside the EU/EEA. Where a data transfer outside the EU/EEA is not covered by an EU Commission adequacy decision, we rely on lawful safeguards referred to in Art 46 et. seqq. GDPR. This mainly includes EU Commission-approved Standard Contractual Clauses which we enhanced by supplementary security measures such as ancillary individual risk-assessments, additional contractual safeguards and technical safeguards including additional encryption or pseudonymisation, to enable International transfers with PLR affiliates and partners outside the EU/EEA. You will find the full text of the EU Commission-approved Standard Contractual Clauses through this link. Please feel free to contact us for additional information on third country data transfers as well as our safeguards and supplementary security measures.
We share personal data with external vendors or service providers or suppliers that we engage to perform services or functions on our behalf and under our instructions. Where these vendors are located within the EU, we ensure that they are contractually obligated to comply with the EU data protection rules. We also ensure in our contracts with these organisations that they only Process Personal Data in accordance with our instructions and in order to provide the agreed services and protect the integrity and confidentiality of your personal data entrusted to them.
We may also disclose personal data to our advisers, consultants, law enforcement and other public authorities (such as tax and social security bodies), the police, prosecutors, courts and tribunals. All these recipients are themselves responsible to comply with the EU data protection rules.
Some of the vendors that we engage to are located outside the European Economic Area. Where the EU Commission did not recognise them as locations providing adequate protection for personal data, we rely on lawful safeguards as described above.
YOUR RIGHTS UNDER THE GDPR
You are entitled to obtain information from us on how we handle your personal data, to see copies of all personal data held by us and to request that your personal data is amended, corrected or deleted from our systems. You can also limit, restrict or object to the processing of your data.
We do not carry out any decision-making based solely on automated processing, including profiling.
If you gave us your consent to use your data, e.g. so that we can send you marketing emails or display personalised ads, you can withdraw your consent at any time. Please note that even if you withdraw your consent, we can still rely on the consent you gave as the lawful basis for processing your personal data before you withdrew your consent.
You can object to our use of your personal data where we stated we rely on our legitimate business interests to do so. We explained the legitimate interests we rely on in sections ‘Why do we collect your personal data and what are our lawful bases for it?’ above.