1. Personal Information the Company Collects and Method of Collection
A. Personal Information the Company Collects
- Identification numbers provided through the services of Users' Platform Providers, names or nicknames of Users, device serial numbers (Device ID or IMEI), Phone Number, Device Brand Name & Specification, etc.;
- Users' status, time of visit, records of the use of the services, records of improper use, etc.; and
- Credit card information, telecommunications service provider information, purchase details, gift certificate numbers and other payment-related information may be collected. Additional personal information may be collected in certain cases, such as the following: E-mail addresses and confirmation on purchase details may be collected for smooth customer service if a customer requests restoration of paid Contents and refunds, and real name and proof of family relation may be collected in order to verify payment by a different person.
B. Method of Collection
- We collect personal information after the consent of the user.
- Collection through Users' voluntary provision in the course of subscription to or use of the services
- Automatic collection through platforms being in partnership with the Company in relation to the provision of services
- Collection through automatic collection system, etc.
2. Purpose of Collection and Use of Personal Information
A. Performance of Contract and Payment of Fees
- Provision of basic game functions, provision of functions of communication among Users (such as invitation of friends and sending gifts), authentication of User Accounts, product shipping, billing, payment and collection of fees
B. Member Management
- Member authentication for the use of membership services, authentication of Users in relation to the provision of the Game Services, personal identification, prevention of improper members' misuse and unauthorized use, confirmation on the intent to subscribe, restriction on subscription and number of subscription, preservation of records for identity verification and dispute resolution, complaint handling and delivery of notices
C. Marketing and Promotion
- Development of new services, application to marketing/advertising, provision of customized services, provision of services and advertisement display in accordance with statistical characteristics, verification of effectiveness of services, provision of promotional event and advertising information as well as the opportunities to participate therein, and access frequency check and statistics on members' use of services
3. Period of Retention and Use of Personal Information
In principle, after the purpose of the collection and use of personal information is accomplished, the relevant information will be immediately destroyed; provided that in case that there is a need to preserve the information pursuant to the Company's internal policies and applicable laws, the Company will store the information for a certain period set forth in applicable laws as follows:
A. Grounds for Retention of Information Based on the Company's Internal Policies
- Records of improper use (Ground for retention: prevention of misuse, Period of retention: 1 year)
B. Reason for Retention of Information Based on Applicable Laws
- Records relating to contracts, cancellation of subscription or the like (Ground for retention: Korean Act on the Consumer Protection in Electronic Commerce, Etc., Period of retention: 5 years)
- Records relating to payments and provision of goods, etc. (Ground for retention: Korean Act on the Consumer Protection in Electronic Commerce, Etc., Period of retention: 5 years)
- Records relating to customer complaints or dispute handling (Ground for retention: Korean Act on the Consumer Protection in Electronic Commerce, Etc., Period of retention: 3 years)
- Records relating to visits (Ground for retention : Korean Protection of Communications Secrets Act, Period of retention: 3 months)
4. Procedure and Method of Destruction of Personal Information
Personal information of Users will be, in principle, immediately destroyed once the purpose of the collection and use of the personal information is accomplished. The Company's procedure and method of destruction of personal information are as follows:
A. Procedure of Destruction
- The information entered by Users for the subscription to services, etc. will be moved to a separate DB (in case of paper, a separate document box) after the purpose is achieved, and destroyed after being stored for a certain period in accordance with the ground for the information protection under the Company's internal policies and applicable laws (Refer to periods of retention).
- The said personal information will not be used for any purpose other than the purpose of retention unless otherwise prescribed by law.
B. Method of Destruction
- Personal information printed on paper will be destroyed by shredding through a shredder or incineration.
- Personal information stored in the form of an electronic file will be deleted through a non-recoverable technical method.
5. Provision of Personal Information
The Company, in principle, will not provide personal information of Users to a third party except for the following cases:
- In case that Users consent in advance; or
- Pursuant to applicable laws or in case of an investigation authority's request for investigation purposes pursuant to the procedures and methods set forth in laws.
6. Delegation of Collected Personal Information
The Company delegates certain operation to outside entities for the performance of services as follows:
- Delegated entity: IGS Co., Ltd.
- Delegated matters: Customer service and support as well as service operation (such as operation of the relevant community) in relation to the "Hero Sky" game
7. Rights of Users and Their Legal Representatives and Method of Exercise of Such Rights
- Users may review or change their registered personal information at any time and request termination of subscription.
- A User may, after going through the identity verification procedure by clicking "Change of Personal Information" (or "Change of Member Information") in case that the User wants to review and change his or her personal information and "Membership Withdrawal" in case that the User wants subscription termination (revocation of consent), directly review and change his or her personal information or withdraw his or her membership.
- If a User contacts the person responsible for personal information management in writing, by phone or by e-mail, the Company will immediately take proper measures.
- In case that a User requests a correction of an error of the personal information, the relevant personal information will not be used or provided until the correction is completed. Further, if erroneous information is already provided to a third party, the Company will immediately notify the third party of the results of the correction and have the third party make the correction.
- The Company will handle the personal information terminated or deleted per a User's request in accordance with the "Period of Retention and Use of Personal Information the Company Collects" and prevent any review or use of such personal information for other purposes.
8. Installation / Operation of Personal Information Automatic Collection System and Refusal Thereof
The Company may automatically collect device identification numbers (Device ID, UDID or IMEI) when a User runs an Application for Game Services in order to generate account information. Also, in order to provide functions, such as friend registration or friend recommendation, the Company may automatically collect identification numbers of Users from Platform Providers and identification numbers related to a list of friends. If a User does not consent to the automatic collection of those identification numbers or device identification numbers, Game Services including friend invitation and sending gifts cannot be properly provided, and the User will not be able to properly use Game Services of the Company.
9. Measure for Securing Safety of Personal Information
The Company implements the following technical / administrative measures for securing the safety in order for personal information not to be lost, stolen, divulged, altered or damaged in the course of handling personal information of Users:
A. Measures against Possible Hacking, Etc.: The Company makes its efforts to prevent divulgence of or damages to members' personal information due to hacking, computer virus, etc. The Company frequently backs up records against possible damages to personal information, prevents divulgence of or damages to personal information or records of Users, and arranges safe transmission of personal information on the network through encoded communications, etc. Also, the Company controls unauthorized access from the outside through an intrusion blocking system and otherwise makes its efforts to have possible technical equipment for securing systematical safety.
10. Dealing with "Do Not Track" Signals (Regarding Online Personal Information Protection Laws of the State of California of the U.S.A.)
The Company has no particular operation dealing with "do not track" signals or other similar technical mechanisms.
11. Contact Information of Person Responsible for and in Charge of Personal Information Management
You may report a complaint relating to personal information protection which occurs during your use of the Company's services to the person responsible for personal information management or the relevant division. The Company will provide sufficient responses to Users' complaints in a speedy manner.
Responsible Person in Charge: Youn Mi Lee
Team and Title: CEO
Contact Information(e-mail) : email@example.com
If you otherwise need to report or obtain counseling regarding personal information violation, please inquire of the institutions set forth below.
Korean Personal Information Violation Report Center (www.118.or.kr / 82-118)
Korean Information Protection Mark Verification Committee (www.eprivacy.or.kr / 82-2-580-0533~4)
Korean Supreme Prosecutors' Office Cyber Criminal Investigation Department (firstname.lastname@example.org / 82-2-3480-3571)
Korean National Police Agency Cyber Bureau (www.ctrc.go.kr / 82-2-392-0330)