‘SAINTJOYKOREA’ (hereinafter “Company”) takes customers’ privacy seriously and complies with Act on Promotion of Information and Communications Network and Personal Information Protection Act.
1. Personal Information to Be Collected and How It Is Collected
Company collects following personal information to provide service.
1) Items to Be Collected
- When the customer signs up and plays the game: ID, nickname, device information (model, OS version, device ID), communication provider, store, game version, telephone number, record on use of game and service, access record, cookie, payment record, charging information, participation in promotion/event, information to send prizes
- When the customer accesses Facebook-based service: Facebook e-mail ID, profile photo
- When the customer uses customer support: telephone number, name, e-mail address
2) How to Collect Personal Information
- When the customer downloads and runs the game for the first time, accesses the network, purchases cash, signs up, contacts the customer center, participates in content and service promotion/events, accesses the in-house content and service platform, accesses the partner platform, Company collects personal information via the registered or separate approval procedures.
- Even after the customer agrees to additional collection of personal information, only agreed information is collected.
2. Purpose of Collecting Personal Information
Company uses collected personal information only for following purposes. If such purposes are changed, Company will take necessary measures such as gaining additional approval according to Article 18 of Personal Information Protection Act. However, if the customer agrees to sharing his/her personal information with third parties or applicable law permits, Company can provide personal information for third parties.
1) Service provision and billing
2) Notice to event winners, delivery of prizes, billing for content.
3) Member management
Identify members, prevent illegal activities and authorized use, check member’s age, obtain approval from guardians of members who are 14 years or younger, respond to complaints, deliver notices, check the use of in-game content, and customize service for each customer.
4) Marketing, Promotion, Partnership and Commission
Develop new services (products), deliver promotional information on goods and events, provide demographic service and advertisement, check access frequency or collect statistical data on service access or provide promotion/event service.
3. Retention Period of Personal Information
1) Company can retain and use members’ personal information collected with their consent as long as they maintain their membership. When the member makes an unsubscription request, his/her personal information will be irrecoverably destroyed. However, Company can retain personal information for up to 30 days from the date when the member unsubscribes to remedy damage caused by personal information theft and protect victims, and will destroy personal information completely after such period. Also, this does not apply when the member’s consent is obtained or there are legal requirements from Commercial Act, Guidelines for Consumer Protection Electronic Commerce, Etc., and other acts.
2) According to Act on Promotion of Information and Communications Network and its enforcement decree, Company can take necessary measures such as destruction of personal information for those who do not access service for one year in a row (hereinafter “Inactive Account”).
3) According to applicable law, if Company needs to keep personal information, it will store such personal information during the period specified in applicable law. (However, access limit records will be maintained during the service period.)
4. Destruction of Personal Information
Basically, Company will destroy personal information immediately after fulfilling its purposes. Personal information will be destroyed as follows.
If personal information approved by the customer for Company’s collection exceeds its retention period or should be maintained even after its purpose has been fulfilled according to applicable law, Company will move it to the separate database or save it in a difference place for destruction. Company will use personal information only for purposes permitted by applicable law.
Personal information stored in the form of electronic file will be destroyed irrecoverably. Printouts will be shredded or incinerated.
5. Security Measures for Personal Information
Company has taken following measures to protect personal information from loss, theft, leakage, falsification or damage.
1) Administrative Measures: Establish/implement internal management plans, minimize involved staff, provide internal education for staff regularly, and give commissioned education to staff in charge.
2) Technical Measures: Manage access to the personal information processing system, set up the access control system, encode ID information, install the latest vaccine and security program, and back up data.
3) Physical Measures: Approve data storage and control access.
However, Company does not take responsibility for damage which is caused to the member in the area not controlled by Company even when Company has fully fulfilled its obligation in protecting personal information.
6. Sharing Personal Information with Third Parties
Basically, Company does not share customers’ personal information with third parties. However, there are exceptions as follows.
1) When Company obtains customers’ consent in advance
2) When it is necessary to charge for service
3) When investigators make a request according to applicable law
4) When it is necessary for statistics, academic study or market research and personal information is processed so that each member cannot be identified
7. Commissioning of Personal Information Processing
Company can provide personal information for subcontractors to send SMS/LMS, respond to customer calls, provide event prizes, and operate game service, and require them to keep such personal information secure.
8. Rights of Users and Their Legal Representatives, and How to Exercise Them
1) Members and their legal representatives can view or modify their personal information or that of children under 14 (hereinafter “Children”), and make an unsubscription request. If Company needs to collect and use the personal information of children, it will obtain consent from their legal representative. To do this, Company can request legal representatives for their name, address and other minimum information. Personal information of such legal representatives will not be used for other purposes than confirming their consent or will not be shared with third parties.
2) Members and their legal representative can cancel their consent to provide their personal information (unsubscribe) any time. Members and their legal representative can view and correct their personal information by sending mail to the customer center. If such correction request is received, Company will not use or provide such personal information until it is corrected. Also, if wrong personal information is provided for third parties, Company will send corrected one to such their parties without delay.
3) Company will process personal information deleted by a request from members or their legal representatives according to its terms and conditions and will not use it for other purposes.
9. Service on Personal Information
Company continues to improve the privacy protection system along with regular training, and has assigned staff in charge of personal information as follows.
1) Staff in Charge
- Name: Lee Sung Goo
- Department: Operating Team
- E-Mail: firstname.lastname@example.org
- Consignment business and purpose: customer consultation and service operation and event winners information
- Time of retention and use of personal information: upon membership withdrawal or termination of the consignment contract
The member can report any personal information issue to the staff in charge or relevant department. The staff will reply swiftly. For more information on privacy protection, contact following authorities.
- KISA (http://privacy.kisa.or.kr / Tel. 118)
- Personal Information Dispute Mediation Committee (http://kopico.go.kr / Tel. 1833-6972)
- Cyber Investigation Department, Supreme Prosecutor’s Office (http://www.spo.go.kr / Tel. 1301)
- Cyber Security Department, National Police Agency (http://www.ctrc.go.kr / Tel. 182)
11. Rejection to Installation and Implementation of the Automatic Personal Information Collection Device
1) Purpose of the Cookie
Provide tailored service based on customers’ access number and other information collected with cookies.
2) Rejection to Installation and Implementation of Cookies
Customers can choose whether the cookie can be installed or not. By setting options in the web browser, the customer can allow all cookies, confirm when the cookie is saved or reject all cookies.
3) How to Reject the Cookie (For Internet Explorer)
Go to Tools > Internet Option > Personal Information > Personal Information Processing Level.
However, if the cookie is rejected, service can be limited.