[EN] Bigradar privacy policy

쇼호스트
2020-10-20
조회수 41

Big Radar Co., Ltd. (hereinafter referred to as the “Company”) complies with regulations on the personal information protection and guidelines of the Republic of Korea, which must be obeyed by the provider of information and communications services defined in “Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.,” “Personal Information Protection Act,” “Protection of Communications Secrets Act” and “Telecommunications Business Act.” The Company is doing its utmost to protect users' rights and interests with the privacy policy established based on relevant Acts and subordinate statutes. The Company discloses the privacy policy on the customer center within the game and the website's first screen for users to access the policy easily. This privacy policy may change from time to time due to changes in relevant Acts and subordinate statutes, guidelines, or changes in the Company’s internal policy. When the Company’s privacy policy is revised, the reason and details of the change will be announced through the customer center or the website's first screen.


This privacy policy includes the following contents:


1. Personal information items to be collected and collecting methods

2. Purpose of collection and use of personal information

3. Sharing and provision of personal information

4. Outsourcing of personal information

5. Period of retention and use of personal information

6. Procedure and method of destruction of personal information

7. Rights of users and legal representatives and exercising the rights

8. Matters related to installation/operation and rejection of device automatically collecting personal information

9. Technical/administrative/physical measures to protect personal information

10. Contact information of the privacy officer and manager

11. Duty of notification

12. Others


1. Personal Information Items to be Collected and Collecting Methods

A. Personal information items to be collected

1) The following personal information is collected for membership, customer service, and other services:

- Nickname, device information (model name, OS version, IMEI, etc.), telecommunications service provider information, store information, game version, game and service use history, access history, cookie, payment history, paid service information, history of participation in promotions/events and information related to shipping goods, IP address

2) The following personal information may be collected while using services based on external platforms.

- Google: User identification information, profile picture, profile name

- Apple: User identification information, profile picture, profile name

- Facebook: User identification information, profile picture, profile name, list of Facebook friends

- KakaoTalk: User identification information, profile picture, profile name, list of Kakao friends

- Line: User identification information, profile picture, profile name, list of Line friends

3) Where identity verification is required due to age verification in some services or related laws, the connecting information (CI) is processed via an authorized institution.

4) Your e-mail address, mobile number, and address may be processed to handle customer inquiries and send promotional goods.

5) Your name and resident registration number may be processed to handle taxes and the public utilities’ charge.


B. Method of collecting personal information

1) Collected when the user consents to provide the personal information to signing-up for the Company’s services

2) Collected when the user consents to the collection for separate use for promotions and events

3) Collected automatically via platforms associated with the Company for the provision of services

4) Collected through the voluntary provision of the user while attending to the customer during signing-up or use of services, or, if necessary, collected upon request


C. Rejection of collection and use of personal information

Users may reject the collection and use of the above personal information. Provided, however, that the use of some or all services may be restricted upon rejection of the collection and use of personal information.



2. Purpose of Collection and Use of Personal Information

The Company will not disclose the personal information collected without prior consent by the user, and the collected information will not be used for purposes other than the following:

A. Fulfillment of the agreement on provision of services and settlement of fees that arise out of the provision of services

Provision of contents, the announcement of selection in events, shipping goods or invoices, identity verification, purchase and payment, fee collection (Provided, however, that when signed up and consent given through mobile platforms such as Google, Apple, Facebook, Kakao, Line, etc., some of the above items fall under functions served by the above mobile platforms)

 

B. Member protection

Personal identification due to use of membership service, individual identification, prevention of improper usage and unauthorized usage of improper members (members whose use is restricted or agreement has been terminated due to breach of provisions), confirmation of the user’s will to sign up, limiting signing-up and the number of signing-up, record retention for dispute conciliation, handling complaints, an announcement of notifications


C. Use in development of new services, marketing, and advertising

Development of new services and provision of customized services, provision of services and insertion of advertisements according to demographic features, verification of the validity of service, provision of event and advertisement information and opportunities to participate, identification of frequency of visit, statistics based on members and service use, provision of promotion/event services



3. Sharing and Provision of Personal Information

The Company uses the user’s personal information within the scope stipulated in the “Purpose of collection and use of personal information,” and does not, in principle, use the user’s personal information or disclose the user’s personal information with any third party beyond the foregoing scope without the prior consent of the user. Provided, however, that the same will not apply in the following cases:

- When the user consents to disclose or provide in advance

- When disclosure is required by special regulations in the law of the Republic of Korea, such as the “Act on Real Name Financial Transactions and Confidentiality,” the “Credit Information Use and Protection Act,” the “Framework Act on Telecommunications,” the “Telecommunications Business Act,” the “Local Tax Act,” the “Consumer Protection Law,” the “Bank of Korea Act,” the “Criminal Procedure Act,” etc., and required by courts, investigative agencies, and other administrative agencies according to procedures prescribed in the Acts and subordinate statutes for investigative purposes

- When disclosure made in a form that makes it impossible to identify a specific individual even if combined with other information is required for statistics, academic research, or market research purposes



4. Outsourcing of Personal Information

The Company outsources the following personal information to third parties for professional customer support and service improvement. According to relevant Acts and subordinate statutes, the Company prescribes matters necessary to safely protect personal information when entering agreements to outsource the personal information. Outsourced agencies with personal information and outsourced affairs are as follows:


[Outsourcer]

Outsourcee

Details of outsourced affairs

Period of retention and use of personal information

NHN Co., Ltd.

Operation/management of infrastructure for the provision of game services
Operation/management of infrastructure for the operation of customer center

Until withdrawal of membership or consent, or until termination of the outsourced agreement

AFI Co., Ltd.

Operation/management of infrastructure for the provision of game services
Operation/management of infrastructure for the operation of customer center

Until withdrawal of membership or consent, or until termination of the outsourced agreement

sentience Inc.

In-game log analysis for service operation and user propensity analysis

Until withdrawal of membership or consent, or until termination of the outsourced agreement


In addition to the above companies, log analysis tools - Google Analytics and Adjust - are used to analyze service use and statistics.  If you wish to stop log analysis via an external analysis tool, please see the page below to switch the setting.
<!--[if !supportLineBreakNewLine]-->

How to turn off Google Analytics

How to turn off Adjust



5. Period of Retention and Use of Personal Information

Pursuant to “Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.” and the Enforcement Decree of the same Act, the “Company” may terminate the agreement to protect the personal information of a member who has not used the service for a one (1) year (hereinafter referred to as “inactive account”) and may take necessary measures, such as the destruction and storage of personal information. In this case, the “member” is notified of the expiration date of the personal information retention period and the details of the measures to take of personal information thirty (30) days prior to taking measures.


The personal information collected under the user’s consent is retained and used for the membership duration. In principle, the user’s personal information is to be destroyed immediately once the purpose of collecting and using personal information is fulfilled. Provided, however, that personal information is retained for seven (7) days upon request for membership withdrawal to prepare for such situations as unwanted withdrawal of membership due to illegal use of personal information.


In addition, the following information is retained for the specified period for the following reasons; the information is not to be used for any other purposes.

A. Reasons to retain information by the Company’s internal policy

1) Improper usage history, duplication information (DI)

- Reason for retention: Prevention of improper usage

- Retention period: One (1) year


B. Reasons to retain information by the relevant Acts and subordinate statutes

1) Record on withdrawal of agreement of subscription

- Reason for retention: The Act on the Consumer Protection in Electronic Commerce, etc.

- Retention period: Five (5) years

2) Record on payment and supply of goods

- Reason for retention: The Act on the Consumer Protection in Electronic Commerce, etc.

- Retention period: Five (5) years

3) Record on handling consumer complaints and disputes

- Reason for retention: The Act on the Consumer Protection in Electronic Commerce, etc.

- Retention period: Three (3) years

3) Record on personal identification

- Reason for retention: The Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.

- Retention period: Six (6) months

5) Record on service visit

- Reason for retention: The Protection of Communications Secrets Act

- Retention period: Three (3) months


C. When the member’s consent has been individually obtained



6. Procedure and Method of Destruction of Personal Information

The user’s personal information is to be destroyed immediately once the purpose of collecting and using personal information is fulfilled. The Company’s procedure and method of destruction are as follows:

A. Procedure of destruction

The information entered by the user to membership, etc., is transferred to a separate DB (information on paper is transferred to a separate filing cabinet) after the purpose is fulfilled. The transferred information is stored for a certain period of time and destroyed according to reasons of information protection by internal policy and other relevant Acts and subordinate statutes.

The foregoing personal information is not used for purposes other than retention unless demanded by laws and regulations.
<!--[if !supportLineBreakNewLine]-->


B. Method of destruction

Personal information printed on paper is to be destroyed through shredding or incineration. Personal information stored in electronic file formats is to be deleted using technical means, which makes the information unrecoverable.



7. Rights of Users and Legal Representatives and Exercising the Rights

A. Rights of users and exercising the rights

Any user may view and edit his/her personal information at any time and may withdraw his/her consent or request for the withdrawal of the membership when he/she does not consent to the Company’s processing of personal information. Provided, however, that the use of some or all services may be restricted in this case. To view or edit their personal information, users may access “Edit Personal Information” (or “Modify Member Information”). To cancel the membership (or withdraw consent), users may access, correct, or withdraw from the “Customer Center” or “Membership Withdrawal” after undergoing the identity verification procedure. Or, please contact the privacy officer in writing, by telephone, or e-mail for immediate action. Personal information that has been canceled or deleted upon a user’s request is handled as stipulated in Article 5 “Period of Retention and Use of Personal Information,” and is handled to prevent access or use of the information for other purposes.


B. Personal information protection for children under 14 years of age

In principle, the Company does not collect personal information when the user is under 14 years of age.

In the event that a legal representative requests withdrawal of services for a child under 14 years of age to the Company, the Company will inform the legal representative of how to withdraw membership.

In an unavoidable situation where the collection of personal information of those under 14 years of age is required to process affairs by a user’s request, the Company will obtain prior consent from the legal representative, and the relevant information will immediately be destroyed after the relevant affair has been completed.



8. Matters Related with Installation/Operation and Rejection of Device Automatically Collecting Personal Information

  The Company uses cookies that save and retrieve user information to provide customized service. A cookie is a small piece of text file usually sent by the web server used in operating services and stored in a user’s computer or mobile device.

The Company uses cookies to identify visits and usage type of members and non-members and user scale and uses the information to create and provide more convenient services. Users have the option of cookie installation. Whenever a cookie is stored, the confirmation thereof may be completed, or a user may reject the storage of all cookies. Provided, however, that when a user rejects a cookie's storage, the user may have some difficulties in using some or all services.

To allow or disallow cookie installation, go to the web browser and select “Tool > Internet Options.”



9. Technical/Administrative/Physical Measures to Protect Personal Information

In processing the user’s personal information, the Company is taking the following measures to prevent loss, theft, leakage, alteration, or damage of personal information and secure safety.

A. Preventive measures against hacking, etc.

The Company is doing its utmost to prevent leakage or damage of the user’s personal information due to hacking, computer virus, etc. In preparation for personal information damage, the Company frequently runs back-up of data and uses the latest vaccine programs to prevent the user’s personal information or data from leaking or being damaged. The encrypted communication enables the safe transmission of personal information via the network. In addition, a firewall system blocks unauthorized access from outside. The Company is exerting its utmost efforts to equip as many technical devices as possible to enhance system security. Provided, however, that the Company takes no responsibility for any problems caused by leakage of personal information such as ID, password, birthday, etc. due to the user’s carelessness or Internet complications.


B. Minimization and training for responsible personnel

The Company limits those with access to the user’s personal information to the minimum number of personnel (persons capable of processing personal information), and a separate password is given for this purpose and is regularly updated. In addition, compliance with the Company’s privacy policy is emphasized through frequent training sessions provided to the responsible personnel.


C. Operation of an institution exclusively for personal information protection 

The Company, through an institution exclusively for personal information protection, checks fulfillment of the Company’s privacy policy and compliance of the manager. The Company exerts its utmost efforts to correct any problems that are found. Provided, however, that the Company takes no responsibility for any problems caused by leakage of personal information such as ID, password, resident registration number, etc. due to the user’s carelessness or Internet complications.


D. Restriction of entry and storage

The Company defines the area where personal information is processed and stored as a security area subject for restriction of entry by unauthorized persons or outsiders. Printouts containing personal information, hand-written records, and external storage devices are stored in a safe location with a lock; if not unlocked, it is impossible to find out the relevant information's content or presence.



10. Contact Information of the Privacy Officer and Manager

The Company designated the following department and privacy officer in order to protect the user’s personal information and resolve any related complaints. Any complaints regarding personal information protection that arise while using the Company’s services may be filed to the privacy officer or department in charge of personal information protection. The Company will promptly respond to the user’s complaints.


Privacy Officer

Name: Jang Hyun-seok

Affiliation/Position: Operation headquarters/Operation representative

e-mail: hans@bigradar.net


Department in charge of personal information protection

Department name: Customer management team

e-mail: support@bigradar.net


Contact the organizations shown below to file reports or seek consultation for other privacy infringements.


Electronic Commerce Mediation Committee (http://www.ecmc.or.kr / Phone no. 1661-5714)

Privacy Infringement Report Center (privacy.kisa.or.kr / Phone no. 118)

Cyber Crime Investigation Unit, Supreme Prosecutor’s Office (www.spo.go.kr / Phone no. 1301)

Cyber Bureau, National Police Agency (http://cyberbureau.police.go.kr / Phone no. 182)



11. Duty of Notification

The Company will notify of any addition, deletion, and/or modification in this Privacy Policy through the initial screen page at least seven (7) days prior to the scheduled amendment.



12. Others

This Privacy Policy does not apply to the collection of personal information from websites of other companies linked to the Company’s services. For matters related to collecting personal information from a website newly visited by the user, please check the privacy policy of the website.


<Supplementary Provisions>

Date of announcement: September 29, 2020

Date of enforcement: September 29, 2020

0 0