General Provisions
(The Korea Baduk Association, hereinafter referred to as 'the Company') is committed to protecting users' valuable personal information by complying with privacy protection laws. In accordance with these laws, the Company has established and disclosed the following Privacy Policy to handle users' concerns regarding the services provided by the Company.
Article 1 (Purpose of Personal Information Processing)
The Company processes personal information for the following purposes:
1. User Management: Membership registration, user identification for content delivery within the app, checking for duplicate registrations, preventing misuse of services, notifications, and communications.
2. Service Provision: Handling customer inquiries and complaints, delivering notifications, providing and verifying paid services, supporting community services, payment processing and settlement, and debt collection.
3. Complaint Handling: Verifying user identity, addressing complaints, contacting or notifying for fact-finding, and communicating results.
4. Marketing and Advertising: Providing targeted advertisements, delivering event and promotional information, and offering participation opportunities.
5. Service Improvement and Development: Improving existing services, developing new services, and creating customized services.
6. Use of Pseudonymized Information: Utilizing pseudonymized data for statistics, scientific research, and public record preservation.
Article 2 (Collection of Personal Information)
The Company collects only the personal information necessary for service use, and informs users in detail and obtains consent during collection.
1. Basic Collection Items (Required): Nickname, registration date, game version, installation platform.
2. Information Collected During Service Use: Service usage records (payment records, misuse records, etc.).
3. Additional Information Provided by Platform Operators Based on Selected Registration Methods: Login identifiers provided by the platform operator chosen by the member (e.g., Google LLC, Apple Inc., Meta Platforms, Inc.).
4. Information Collected During Paid Service Use:
- Credit Card Payments: Card issuer name, card number, and other credit card information.
- Mobile Phone Payments: Mobile phone number, carrier, and other payment information.
- Voucher Use: Voucher number, site ID.
However, for payments through mobile game platform markets (e.g., Play Store, App Store), the privacy policies of each market will apply.
5. Automatically Collected Personal Information During Service Use: IP address, cookies, service usage records (access logs, visit and usage records, etc.), device information (mobile phone model, OS name and version, device language), advertising identifiers.
6. During Complaint Handling: Collection and processing of necessary items from the above information and additional items required for handling the complaint.
Article 3 (Processing and Retention Period of Personal Information)
The Company will promptly delete and destroy users' collected information once the user has withdrawn from the service or lost eligibility, without a separate request. However, despite withdrawal or loss of eligibility, the following information will be retained for the reasons specified below:
1. For investigations or inquiries related to legal violations, until the investigation or inquiry is completed.
2. When there are outstanding credit or debt relations due to app use, until such credit or debt relations are settled.
3. If the Company terminates the service use contract according to the terms of use to prevent fraudulent re-registration and service use, the misuse records will be retained for one year after termination.
Despite the above, the Company will retain the information until the end of the relevant period in the following cases:
1. Service-related personal information (log records): Retained for 3 months under the "Protection of Communications Secrets Act."
2. Records related to contracts or cancellation, payment and supply of goods, etc.: Retained for 5 years under the "Consumer Protection Act in Electronic Commerce, etc."
3. Records of consumer complaints or dispute resolutions: Retained for 3 years under the "Consumer Protection Act in Electronic Commerce, etc."
4. Records of advertising: Retained for 6 months under the "Consumer Protection Act in Electronic Commerce, etc."
5. Books and supporting documents for transactions as prescribed by tax laws: Retained for 5 years under the "Basic National Tax Act."
Article 4 (Provision of Personal Information to Third Parties)
1. When using the Company’s login integration service, personal information is provided within the scope agreed upon by the user for service use.
Details of personal information provided based on individual service use status can be checked in the Company’s login integration service management.
- Parties: Company login integration service providers
Purpose: Service provision
Items: [Required] User identifiers and personal information items agreed upon for integration service use
Retention and Use Period: Until service withdrawal or achievement of the purpose of processing personal information
2. To ensure service stability, prevent misuse, protect accounts and items, and restrict violations of laws and company terms, information automatically generated during service use (e.g., IP, access records, service usage records, misuse records, download records, payment records, cookies) and information identifying devices (e.g., OS information, hardware information, Mac Address, UUID, advertising identifiers), and location information may be provided.
Article 5 (Use and Provision of Personal Information within the Scope Reasonably Related to Collection Purpose)
When the Company uses or provides personal information beyond the original purpose without user consent, the following criteria are used:
- Relevance to the original collection purpose
- Predictability of additional use or provision of personal information considering the context or processing practices
- Whether it unjustly infringes on user rights
- Whether necessary measures for safety, such as pseudonymization or encryption, have been taken
Article 6 (Destruction of Personal Information)
1. The Company will promptly destroy personal information once the purpose of collection and use is achieved, or when the retention period expires. However, exceptions are made when required by relevant laws or with user consent.
- Consumer Protection Act in Electronic Commerce, etc.
Records related to contracts or cancellations, 5 years
Records related to payment and supply of goods, 5 years
Records related to consumer complaints or dispute resolution, 3 years
- Basic National Tax Act, Income Tax Act
Records related to tax matters, 5 years
- Protection of Communications Secrets Act
Records related to logins, 3 months
2. Information collected for events will be retained for up to 1 year, but this may vary by event, and the period specified on the individual event page takes precedence.
3. The procedures and methods for destroying personal information are as follows:
Personal Information Destruction Procedure: The Company selects personal information that needs to be destroyed due to the occurrence of destruction reasons and obtains approval from the Company’s personal information protection officer before destroying it.
Personal Information Destruction Method: Personal information in electronic file form is deleted using technical methods so that it cannot be reused, while personal information printed on paper is shredded.
4. Personal information of users who have not used the Company’s services for over a year with their consent will be separately stored as 'dormant accounts,' and accounts that have not been used for more than five years may be deleted at the Company’s discretion.
Article 7 (Processing of Pseudonymized Information)
Pseudonymized information refers to information processed in such a way that a specific individual cannot be identified, by deleting or replacing some or all of the personal data.
1. The Company may process collected personal information in a pseudonymized form for statistical purposes, scientific research, and public record preservation. Pseudonymized information will be kept separate, stored, and managed to prevent re-identification, and the processing details of pseudonymized information will be recorded and maintained with necessary technical, administrative, and physical measures.
2. The Company processes pseudonymized information as follows:
- Purpose: Scientific research (analysis of user characteristics)
Items: Gender, age, game service usage information
3. When pseudonymized information is entrusted or provided to third parties, the Company will take safety measures to ensure that re-provision and re-identification are prohibited. When pseudonymized information is entrusted or provided to third parties, the Company will inform the recipient, the purpose of processing, and other relevant details in accordance with applicable laws.
Article 8 (Rights of Users and Legal Representatives and How to Exercise Them)
1. Users have the right to access, correct, delete, or suspend processing of their personal information, and to withdraw consent. The Company actively takes necessary measures to protect these rights.
2. Legal representatives of children under 14 years old have the right to request access, correction, deletion, suspension of processing, or withdrawal of consent regarding the child's personal information.
Users can access or correct their personal information in 'My Information Management > Change Personal Information,' and can withdraw consent or cancel membership in 'My Information Management > Withdraw Membership.'
Alternatively, users can request access, correction, deletion, suspension of processing, or withdrawal of consent by contacting the personal information protection officer via phone or email.
Article 9 (Measures to Ensure the Safety of Personal Information)
The Company takes the following measures to ensure the safety of personal information:
1. Administrative Measures: Establishment and implementation of internal management plans, regular staff training, etc.
2. Technical Measures: Technical countermeasures against hacking, encryption of personal information, management of access rights to personal information processing systems, storage of access logs, and prevention of falsification or tampering.
Article 10 (Installation, Operation, and Refusal of Personal Information Automatic Collection Devices)
The Company uses cookies to provide a convenient website usage environment for users, and users have the right to refuse them.
■ What is a Cookie?
A cookie is a small text file sent by a web server to a web browser for a specific website. Cookies are used to improve service by understanding user access records, usage patterns, etc.
Users can refuse cookie collection by changing their browser settings.
1. Purpose of Cookie Use: Analyzing frequency of access or visit time, understanding service usage patterns and tracking, checking security access, managing security, improving services, developing new services, and providing customized services and advertisements.
2. Installation, Operation, and Refusal of Cookies: Users have the option to accept or refuse cookie installation. Therefore, users can refuse the storage of cookies by changing browser settings as follows:
3. Refusing cookies may result in difficulties in using some services.
Article 11 (Collection, Use, and Refusal of Behavioral Information)
1. The Company allows online customized advertising companies to collect and process behavioral information as follows:
■ What is Online Customized Advertising?
Marketing technique that provides services based on user characteristics by analyzing online usage patterns and access records.
- Advertisers: Google, Meta, Twitter, Clickmon, Targeting Gates, RealClick, Criteo, AdJust, Tune, AppsFlyer, adbrix, Admob, Unity Ads, AdColony, MOLOCO, Buzzvil, Kakao, Taboola, InLifel
- Method of Collecting Behavioral Information: Automatically collected when users visit sites or run apps.
- Retention and Use Period:
2. The Company collects only the minimum behavioral information required for online customized advertising and does not collect sensitive behavioral information that may significantly infringe on individual rights, interests, or privacy, such as beliefs, family relationships, education, health history, or other social activities.
3. The Company collects and uses advertising identifiers for online customized advertising in mobile apps. The data subject can block or allow customized ads by changing mobile device settings.
- Android: Settings -> Privacy -> Ads -> Reset Ad ID or Delete Ad ID
- iPhone: Settings -> Privacy -> Tracking -> Allow Apps to Request to Track (turn off)
* The menu and method may vary slightly depending on the mobile OS version.
Article 12 (Personal Information Protection Officer)
1. The Company designates a personal information protection officer to oversee personal information processing tasks and handle user complaints and damage relief related to personal information.
- Personal Information Protection Officer
Name:Seo youngho
Position (Title): Assistant Manager
Contact: Phone number +82-2-3407-3874 / Email youngho0983@baduk.or.kr
Article 13 (Changes to the Privacy Policy)
If there are any changes to the Privacy Policy, the Company will notify users at least 7 days before the revisions. If there are significant changes affecting user rights, users will be notified at least 30 days in advance.
For damage relief or consultation related to privacy infringement, you can contact the following institutions:
- Privacy Infringement Reporting Center
Phone Number: 118 (no area code)
Website: https://privacy.kisa.or.kr
- Privacy Dispute Mediation Committee
Phone Number: 1833-6972 (no area code)
Website: https://www.kopico.go.kr
- Supreme Prosecutor's Office Cyber Investigation Division
Phone Number: 1301 (no area code)
Website: https://www.spo.go.kr
- National Police Agency Cyber Investigation Bureau
Phone Number: 182 (no area code)
Website: https://ecrm.cyber.go.kr
Announcement Date: 2024/12/02
Effective Date: 2024/12/02