PRIVACY POLICY

CookApps 106 Co., Ltd. (“Company”) values the importance of customers’ personal information and complies with the personal information protection provisions under related laws such as the “Act on the Promotion of Information and Communications Network Utilization and Information Protection, etc.” and the “Personal Information Protection Act.”
The Company informs customers—through the Personal Information Processing Policy—about the purpose for the use of personal information provided by customers, how it is used, and what actions are taken for personal information protection.

When amending the Personal Information Processing Policy, the Company will inform customers through the website notice (or individually sent notices).

1. Personal information collected and collection methods

(1) Items of personal information collected

1) The following information is collected for membership application:
– When using a Facebook account: Open profile (name, age, gender, etc.), e-mail address, nickname
– When using a Google account: Open profile (name, age, gender, etc.), e-mail address, nickname
※ When applying for membership using a Facebook or Google account, the items of personal information collected may differ according to the relevant information disclosure standards.

 

2) In the process of using the services, the following information may be collected:
– Service use record, connection log, IP information, illegal use record, mobile device information (model name, mobile carrier information, OS information, language and country information, unique device identification number, advertising ID, etc.)

3) When providing services requiring age confirmation and self-certification, the following information may be collected:
– i-PIN self-certifier: Name, date of birth, gender, i-PIN number, Duplication Information (DI), Connecting Information (CI), native/resident·foreigner information
– Mobile phone self-certifier: Name, date of birth, gender, Duplication Information (DI), Connecting Information (CI), native/resident·foreigner information
– My-PIN self-certifier: Name, date of birth, My-PIN number, Duplication Information (DI), Connecting Information (CI)
– Children under 14 years and younger users under the age of 18
① Information on the self-certification of a legal representative
• For mobile phone self-certification: Name, date of birth, gender, Duplication Information (DI), Connecting Information (CI)
• For i-PIN self-certification: Name, date of birth, gender, i-PIN number, Duplication Information (DI), Connecting Information (CI)
② Information related to the approval of a legal representative

 

4) The Company may collect additional information with regard to the use of the following customer-related services. In this case, it receives separate consent to personal information collection and use:
– Input of additional information within My Page
– Event participation
– Channeling service subscription
– Guardian’s consent to paid services
– Customer management services such as customer counseling, 1:1 inquiry receipt, etc.

5) For paid services, the following payment information may be collected:
– For payment by a mobile phone: Mobile phone number, mobile carrier, payment certification number, etc.
– For payment by deposit without bankbook and Internet banking: Bank name, depositor’s name
– For refund: Bank name, depositor’s name, account number
– For coupon registration: Contact address, coupon information
– For credit card payment: Card company name, installation period, card number, expiration date, etc.

 

6) For mobile game service membership application, the following information is collected:
① When using a Facebook account
– Open profile (name, age, gender, etc.), list of friends, e-mail address, nickname
② When using a Google account
– Open profile (name, age, gender, etc.), e-mail address, nickname
※ When applying for membership using a Facebook or Google account, the items of personal information collected may differ according to the relevant information disclosure standards.

(2) Personal information collection methods
Personal information is collected through homepage membership application, service use (including mobile services), membership information modification, phone/ fax/ customer center counseling, event application, provision from partner companies, and generated information collection tools.

2. Processing of unique identification information

(1) Unique identification information is the “information prescribed by the Presidential Decree” under the Personal Information Protection Act and its Enforcement Decree such as resident registration number, passport number, driver’s license number, and foreigner registration number.

(2) The Company collects and processes unique identification information in the following cases and collects it through a separate consent:

1) Where taxes and public imposts are imposed on a prize winner
2) Otherwise, where it is required by law

(3) Unless otherwise provided by law, the unique identification information collected is not used for purposes other than those set forth in Paragraph (2), but is encrypted and stored for safe management.

 

3. Purposes of collection and use of personal information
The Company uses the personal information collected for the following purposes:

(1) Performance of contract pertaining to service provision, fee adjustment pursuant to the provision of services, content provision, purchase and payment, refund, goods delivery, self-certification, fee collection

(2) Membership management
ID confirmation pursuant to the use of membership services, personal identification, prevention of illegal use by unqualified members and prevention of unauthorized use, confirmation of intention to become a member, age confirmation, confirmation of a legal representative’s consent in case of collecting personal information on children under 14 years, confirmation of consent in case of membership application by users under 18 years, verification of a legal representative’s identity, grievance handling including complaint handling and customer counseling, etc., document retention for dispute mediation, delivery of notices

(3) Marketing and statistical analysis
Development and specialization of new services, provision of promotional information such as events, etc. service provision and advertising pursuant to demographic characteristics, access frequency checking or statistical analysis of service use by members

 

4. Periods of retention and use of personal information
In principle, the relevant information shall immediately be destroyed after the purposes of collection and use of personal information are attained. (Note, however, that the Company retains personal information for 15 days after membership withdrawal request to minimize damage resulting from account theft, etc.) Moreover, if it is necessary to retain personal information even after the purposes of collection and use are attained in accordance with related laws, the Company shall retain membership information for a specified period under related laws as follows:
– Records on marks/advertisements: 6 months (Act on Consumer Protection in Electronic Commerce, etc.)
– Records on contract termination and order cancellation: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
– Records on payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
– Records on customer complaint and dispute handling: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
– Records on website visit: 3 months (Protection of Communications Secrets Act)

 

5. Procedure and method for destroying personal information
In principle, the relevant information shall immediately be destroyed after the purposes of collection and use of personal information are attained. The destruction procedure and method are as follows:

(1) Destruction procedure
– Information entered by users for membership application, etc. is destroyed after being stored for a certain period (see the periods of retention and use) for reasons of information protection according to the internal policy and other related laws after the attainment of purpose (after a 15-day grace period in case of withdrawal request).

(2) Destruction method
– Destroy personal information stored in the form of electronic files using a technical method that makes it impossible to recover records.
– Shred or incinerate personal information printed on paper.6. Separate storage and management of personal information of long-term non-use accounts
Convert accounts with no records of service use (game use, payment, customer center counseling, etc.) for the last one year into long-term use accounts, and separately store and manage the personal information of the relevant accounts.
In case of personal information separately being stored and managed due to conversion into long-term non-use accounts, it is impossible to use all services including game use. A separate recovery procedure is required to use the services again.
If you use the service again before the expiration date, then conversion into a long-term non-use account will be canceled. Thus, if you do not want your account to be converted into a long-term non-use account, you have to use a game service, etc. even if it’s only for a few minutes.
– Accounts subject to separate storage and management: Accounts with no records of service use for one year
– Expiration date: The point of time when one year has passed with no record of service use
– Items of separately stored and managed personal information: account information, contact address, personal information, service use record, payment record, counseling record, etc.

 

7. Provision of personal information
The Company entrusts an external specialist service provider with service operation.

– Service provider: Amazon Web Services, Inc.
Purpose of entrustment: Cloud service operation and management

For the smooth provision of game services, the Company archives personal information in a foreign country as follows:
– Item: Android ID
Country: US
Transfer time and method: Transfer through a network at the time of service use
Transferee: Amazon Web Services, Inc. (http://aws.amazon.com/ko/compliance/contact/)
Purpose: Cloud service operation and management
Retention and use period: Until the purposes of retention and use of personal information are attained

 

The Company uses the personal information of users within the scope specified in “3. Purposes of collection and use of personal information.” In case of provision of personal information to a third party, the Company receives consent under the laws. Note, however, that this shall not apply to the following cases:
– Where there are requirements of the relevant laws or demand from an investigative agency for investigation purposes pursuant to the prescribed procedure and method under the laws
– Where it is necessary for fee adjustment pursuant to the provision of services
– Where there are special provisions of other laws

 

8. Rights of users and legal representatives and method of exercising the rights
Users and legal representatives may view or edit their personal information or personal information for the relevant children under 14 years at any time and request withdrawal of subscription. To view/edit the personal information of users or personal information for children under 14 years, click “Modify personal information” (or “Edit membership information”). To withdraw subscription (withdrawal of consent), click “Apply for withdrawal of membership.” After verifying the member identity, you can directly view, correct, or withdraw. Otherwise, contact the person in charge of personal information protection in writing, by phone, or e-mail, and we will take action immediately.

If a user requests correction for a personal information error, the relevant information will not be used or provided until correction is completed. Likewise, if erroneous personal information has already been provided to a third party, correction results will immediately be sent to a third party. Personal information terminated or deleted by request from a user or a legal representative will be processed pursuant to the provisions of “3. Retention and use period of personal information collected” and cannot be viewed or used for other purposes.

 

9. Matters concerning the installation and operation of a device that automatically collects personal information such as Internet access information files, etc. and refusal thereof
The Company operates cookies, etc. to store and find out users’ information from time to time. Cookies are stored on a user’s computer hard disk as a very small text file sent to the user’s browser from the server that is used for operating the Company’s website. The Company uses cookies for the following purposes:

(1) Purpose of use of cookies, etc.
To provide customized services by analyzing members’ and non-members’ access frequency and visit time, etc., understand users’ preferences, track their traces, check the number of visits, etc.

(2) How to refuse cookie setting
Users have the right to choose their cookie settings. Therefore, users can allow all cookies, check every time a cookie is saved, or refuse all cookies by choosing the corresponding option.

 

[How to set cookies]
① Internet Explorer: [Tool] → [Internet option] → [Personal information] → [Advanced] at the top of your web browser
② Chrome: [⋮] → [Settings] → [Display advanced settings] → Personal information [Content settings] at the upper right-hand side of your web browser. If you refuse to save a cookie, however, some services may not be provided.

 

10. Matters concerning ensuring the safety of personal information
(1) Technical measures for personal information protection
The Company takes the following safety measures to prevent personal information from being lost, stolen, leaked, tampered with, or damaged when processing the personal information of users:
– Users’ personal information is protected by a password. The password for a user account shall be known only to the relevant user. Personal information shall only be checked and edited by the user who knows the password.
– To protect against outside invasion such as hacking, etc. and prevent personal information from being leaked, the Company is currently using a device that blocks such invasions. Especially, the Company maintains the highest level of security on the server that has all users’ personal information by separately managing it without being connected directly to the external Internet line.
– The Company can back up the system and data in case of emergency.
– The Company uses anti-virus programs to prevent damage caused by computer viruses. Anti-virus programs are updated on a regular basis. In case of the abrupt appearance of a computer virus, the Company provides anti-virus software as soon as it is available.

 

(2) Managerial measures for personal information protection
– The Company limits persons having access to users’ personal information to the minimum number of personnel. The minimum number of persons is as follows:
1) Persons involved in marketing that deals directly with users
2) Persons involved in personal information management such as persons in charge of personal information grievance handling, etc.
3) Persons whose duties require personal information processing
–The Company provides the personnel involved in personal information processing with regular internal training and externally commissioned education with respect to new security technology acquisition and personal information protection obligation, etc.
– The Company receives a written security pledge from new employees to proactively prevent information leaks and implements internal procedures for conducting audits to ensure that personnel comply with the personal information processing policy.
– Transfer of duties of persons involved in personal information processing is done with the highest possible security, and responsibilities after entry into and resignation from the Company are clearly stipulated.
– The Company controls access to the data processing room, data archiving room, etc. by setting these areas up as a protection zone.
– The Company is not responsible for personal information leaks caused by users’ personal mistakes or dangers inherent to the Internet. Users should appropriately manage their accounts and passwords to protect their personal information and should assume responsibility therefor.

 

11. Changes to the personal information processing policy
In case of any change (addition, deletion, and modification) to the personal information processing policy, the Company lets customers know through the website notice. In addition, the changed part of the personal information processing policy is made public by comparing it with previous matters for the convenience of customers.

Personal information processing policy version no.: 9.1.2018
Enforcement date of personal information processing policy: 9.1.2018