Date of effect and last updated date: 2022. 08. 18
[Display shortcut list]
2. Data collected by the Company
The Company collects user information when the user accesses the Company's website, plays the games, or uses the Company's services. A portion of this data may be needed to confirm a contract with the user or to fulfill obligations according to contracts with users. (e.g.: provision of purchased content)
1) Data collected directly from users
When a user plays the games or services, the Company collects the following data from users, and these data may differ according to the service used. These data are necessary for the usage of services and refusing data collection shall result in a limitation of the usage of services.
- a. User identification information from Google, Apple, and Facebook (*)
- b. Registration information such as name, phone number, and email address
- c. Transaction information such as purchase date and purchased items
- d. Demographic information such as date of birth or age, country of residence, language, and nationality
- e. Information disclosed when participating in social features (e.g.: in-game chat) is the information that was made public. The Company may save such information and other users may read, copy, collect or use them without the consent of the user.
- (*) When a user accesses the Company's services using an account for a platform, no information other than user identification information out of the information provided by each platform shall be collected or stored.
2) Automatically collected data
The Company collects certain data automatically when a user plays the games or uses the services. The data automatically collected by the Company generally includes the following.
- a. IP address, MAC address, device model number, OS information, time zone settings, battery status, screen resolution, network type, device serial number, advertisement ID, device information including CPU, memory, storage, and VGA,
- b. game usage-related information including game settings, login records, transaction records and records of imposed restrictions,
- c. and browsing information such as browsing actions while the user uses the website and services.
- The Company uses these data to operate and improve its service. A portion of this data is collected through cookies and related online tools. For more details, please refer to the "Cookie-related Technology" section below.
3. Purpose of the Company using user data
The Company uses the collected data to provide games and services and for quality improvement.
- a. Managing and providing the Company's games and services
- b. Legal requirements, contracts, compliance with and enactment of policies
- c. Development of and quality improvement for new services and bug fixes
- d. Detecting and responding to the illegal or unauthorized use of the Company's games and services
- e. Responding to user inquiries and requests (e.g.: game-related inquiries etc.)
- f. Transmission of other information including marketing, events, and surveys
- g. Analysis of user patterns, use trends, and statistics on game and service usage
- h. Prevention, identification, investigation of, and responses to unlawful and criminal acts
- The Company may also process user data for compliance with relevant legal obligations and may seek approval from users when necessary, for the use of said user data. Users may withdraw their approval anytime through the contact channels listed in this policy.
4. Sharing user data
The Company shares personal data with other companies including service providers that process personal data as an agent for the Company in order to manage the services including customer support and community management for the purpose of providing the games and services.
a. Managing and providing the Company's games and services
For the provision of the services, the Company cooperates with certain service providers (e.g.: payment service providers, customer service companies that process user inquiries and requests, cloud storage service companies, and marketing platform providers), and these service providers may receive and process personal data according to the data processing contract signed following the Company's regulations, the process of providing corresponding services.
b. Regulatory authorities
The Company may disclose user data to the following authorities:
- - To regulatory authorities for data protection
- - Investigations by government organizations
- - Other regulatory authorities with jurisdiction over the Company's activities
In addition, when such disclosures are mandatory for compliance with legal obligations following mergers and acquisitions or with legal data access requests, for the purposes explained in this policy statement, when the subsidiary companies or you have expressed exclusive consent or when data has been provided as per the request of the information principals, the Company may share the data.
5. The Company utilizes cookies and other technology to recognize users' browsers or devices, learn more about user preferences, provide core functions and services and provide to users for additional purposes. Authorized third parties may set up cookies and related technology when users use the sites or the games.
b. Website analysis
c. Technology for the prevention of unlawful acts and fraud
6. International data transmission
The Company provides services all over the world and for the provision of the Company's services, we may transmit user data to countries and locations outside that of the user. When personal data of users are transmitted, saved, or processed by the Company, the Company shall take rational measures to protect the personal data of users. Currently, cases where the said data is processed in other countries for the purpose of provision of the Company's services are as follows:
- a. Customer service providers which process user inquiries and requests: the Republic of Korea, United States of America, Japan, and Taiwan
- b. Cloud storage service: Republic of Korea, Hong Kong Region
7. Holding and deleting personal information
As a rule, the Company deletes the personal information of users after the purpose of collecting personal information has been fulfilled. Physically stored personal information is shredded or burned and electronically stored personal information is deleted through recovery-proof technical measures. However, for the purpose of compliance with the Company's legal obligations, fulfill regulatory requirements, resolve disputes, prevent fraud, unlawful acts, or abuse, and when it is necessary to store the personal information of users to fulfill this policy or other contracts that the Company may sign with users, even after a user deletes their account or the Company ceases the provision of services, we may hold the personal information of users for a set amount of time.
8. The Company's policies concerning minors
Without consent from a verifiable parent or in cases permissible by law, the Company does not intentionally collect, use or share information from minors (the age limit is different for each country of residence). If you are a parent or legal guardian and think that the child may have given their data to the Company, you can contact the Company through the '13. Contact Details' section to request the deletion of the child's information from the Company's system.
9. Links and external services
10. Protection of user information
The Company has taken adequate protective measures to protect the personal data of users including encryption and nonidentifier measures. Furthermore, we limit access to personal data of users to members of the staff and agents who require them for work purposes. These parties shall process the personal information according to the orders and in adequate circumstances, have the obligation of confidentiality. However, data transmittal through the Internet is not 100% safe and thus we cannot assure you of the complete security of the information that we collect and use.
11. Grounds for personal user data processing
The grounds for the Company processing the personal data of users are as follows:
- a. Fulfillment of the service provision contract of the Company
- b. Guaranteeing legal benefits for the business and the clients via improving services using the information on service usage and detecting and preventing malicious use for the protection of user information
- c. Approval from the user as a principal of personal data
- d. Compliance with other legal obligations
12. User rights to personal information protection
According to limitations of relevant laws, users have the right to object to or request limitations to personal user data processing and have the right to request access, modification, deletion, and transferal of personal user data. Should you have requests or other inquiries about user rights, please send an email to the address listed under the '13. Contact Details' section to contact the Company. According to the relevant data protection acts, the Company responds to the requests of users who wish to exercise their data protection rights.
The Company may amend portions of this policy at the Company's discretion at any time by posting or marking the amended policy on the Company website. By continuing to use the services, users are deemed to have expressed consent to the amended policy. As such, we advise you to review it frequently.
14. Contact Details
Should you have any inquiries about this policy or the Company's personal data usage, please direct the inquiries via email to the data protection manager at email@example.com.
[Supplementary conditions – by jurisdiction]
Additional terms pertinent to the jurisdiction of users using the games and services - should there be discrepancies or conflicts between a particular jurisdiction and the remaining portions of the policy, the corresponding jurisdiction's additional terms - particular jurisdiction shall take precedence.
1. EEA, Switzerland, UK
If you are a resident of EEA, Switzerland, or the UK, you have additional rights.
1) International data transmission
If the Company transmits the data to a country outside EEA not acknowledged by the European Commission as ensuring an adequate level of data protection, the Company must strive to undertake adequate measures to protect the personal data following the applicable data protection and personal information protection laws. These protective measures may include a data transmission contract that actualizes the latest standard contract terms (a type of data transmission contract approved beforehand by the European Commission as providing adequate protective measures for personal data). As stated in this policy, you may contact the Company and request a copy of said adequate measures. Aside from this, the Company transmits personal data to obtain convincing and lawful benefits in a method that does not involve seeking user approval, violation of fulfillment of contracts with you, or obstruction of the rights and freedom.
2) User rights to personal information protection
Should users have doubts about the methods through which the Company processes the personal data, they have the right to raise complaints to corresponding data protection authorities. In particular, the data protection authorities to which you may direct the complaints may be in the area you work in or the area where the Company has been established in.
3) EU agent
GDPR (for residents of the EU) for controllers or processors not based in the EU must have an agent in the EU, designated via a written form. The contact details and address of the Company's agency in the EU—VeraSafe—are as follows. Please direct the inquiries on personal data processing to VeraSafe.
- a. Company name: VeraSafe Netherlands BV
- b. Address: Keizersgracht 391 A 1016 EJ Amsterdam The Netherlands
- c. Inquiries: https://verasafe.com/public-restheces/contact-data-protection-representative
In the case of GDPR UK, the contact details and address of the Company's agency in the United Kingdom, VeraSafe, are as follows. Please direct the inquiries on personal data processing to VeraSafe.
- a. Company name: VeraSafe United Kingdom Ltd.
- b. Address: 37 Albert Embankment London SE1 7TL United Kingdom
- c. Inquiries: https://verasafe.com/public-restheces/contact-data-protection-representative
The Company complies with the Consumer Privacy Act of the state of California.
1) Collected information
The Company collects information that may distinguish and identify the service user or the user's device and relevant connecting information. During the last 12 months, the Company has collected the following personal information from users.
- a. Identifier - Username, exclusive identifier, online ID, IP, email address, account name, or a comparable ID
- b. Commercial information - Records on items of purchase/obtainment/collection or services, records of other purchases, purchase history or trends
- c. Geographical location data - Geolocational data such as country of residence
2) Purpose of data collection
The information collected from users is used and shared for the following purposes
- a. Resolution of technical problems and improvement of the Company service quality
- b. Identification of users for the purpose of service provision
- c. Technical protection against non-authorized program usage in regard to the provided services
- d. Prevention of inappropriate game usage that may have a negative effect on the service and other users
- e. Customer support includes collecting and replying to customer inquiries
- f. Provision of the Company's services such as games and websites
- g. Provision of information on events, surveys, and opportunities of participation thereto, advertisement, and other marketing purposes
- h. Analysis of user trends and calculation of service usage statistics
3) Prohibition of sales
The Company does not sell the information of the Company's users for financial profits or particular gains of the Company.
4) Prohibition of discrimination
Some features of the Company's services may be archived or no longer provided, but the Company does not discriminate against users who exercise their CCPA rights.
5) User rights
CCPA provides particular rights to individuals (residents of the state of California) on their personal information, and these rights may be exercised through the following methods.
a. Access to certain information and data transferal rights
You have the right to request disclosure of information on user data collection and usage during the past 12 months. The Company shall verify the user identity for the user request according to procedures and shall disclose the following information.
- The scope of personal data the Company has collected from you
- The scope of the personal data source the Company has collected from you
- Business or commercial purposes for collecting personal data or for sales
- The range of third parties with which the Company shares the subject's personal data with
- Particular personal data the Company has collected from you
- If the Company has shared the personal data for business purposes, an explanation on to what extent personal data is collected through what means and how they are used by the shared party
b. Rights to request deletion
According to special exemptions, you have the right to request the deletion of the personal information that the Company has collected from you and is holding. After receiving a request from an identifiable user and having the request confirmed, aside from exempted cases, your personal information shall be deleted.
However, in exceptional cases involving security breaches, prosecution for illegal use, prior consent being provided beforehand, the impossibility of deletion, or compliance with relevant legal obligations, the information shall not be subject to deletion.
c. Exercising rights
You can exercise your rights as a user by drawing up the following form and submitting it through one of the following channels.
- Email: firstname.lastname@example.org
- Form: California Consumer Privacy Act Request Form
Only you or an authorized agent of you may exercise the rights and you may exercise the rights on behalf of a minor child.
User requests may be submitted twice within a 12-month period and must meet the following conditions.
- Sufficient information that allows the rational verification of the identity of the user themselves or their authorized agent
- Sufficient and detailed explanation to allow for adequate understanding, evaluation, and response to requests for the exercising of rights
d. Response format
When a request from a verified user has been received, the Company strives to give a response within 45 days. If more time is needed (90 days maximum), we will notify you in writing about the reason and the length of the delay. All information disclosed by the Company shall only be from the 12 months immediately preceding the date of receipt of the user request.
No commission shall be charged for processing or responding to the requests of a verified user aside from excessive or repetitive cases or cases without clear grounds. When commissions must be charged, information on the reason and the expected fee shall be provided.