PRIVACY POLICY
CookApps 106 Co.,
Ltd. (“Company”) values the importance of customers’ personal information and
complies with the personal information protection provisions under related laws
such as the “Act on the Promotion of Information and Communications Network
Utilization and Information Protection, etc.” and the “Personal Information
Protection Act.”
The Company informs customers—through
the Personal Information Processing Policy—about the purpose for the use of
personal information provided by customers, how it is used, and what actions
are taken for personal information protection.
When amending the Personal Information
Processing Policy, the Company will inform customers through the website notice
(or individually sent notices).
1. Personal information collected and
collection methods
(1) Items of personal information
collected
1) The following information is
collected for membership application:
– When using a Facebook account: Open
profile (name, age, gender, etc.), e-mail address, nickname
– When using a Google account: Open
profile (name, age, gender, etc.), e-mail address, nickname
※ When applying for
membership using a Facebook or Google account, the items of personal information
collected may differ according to the relevant information disclosure
standards.
2) In the process of using the
services, the following information may be collected:
– Service use record, connection log,
IP information, illegal use record, mobile device information (model name,
mobile carrier information, OS information, language and country information,
unique device identification number, advertising ID, etc.)
3) When providing services requiring
age confirmation and self-certification, the following information may be
collected:
– i-PIN
self-certifier: Name, date of birth, gender, i-PIN
number, Duplication Information (DI), Connecting Information (CI), native/resident·foreigner information
– Mobile phone self-certifier: Name,
date of birth, gender, Duplication Information (DI), Connecting Information
(CI), native/resident·foreigner information
– My-PIN self-certifier: Name, date of
birth, My-PIN number, Duplication Information (DI), Connecting Information (CI)
– Children under 14 years and younger
users under the age of 18
① Information on the
self-certification of a legal representative
• For mobile phone self-certification:
Name, date of birth, gender, Duplication Information (DI), Connecting
Information (CI)
• For i-PIN
self-certification: Name, date of birth, gender, i-PIN
number, Duplication Information (DI), Connecting Information (CI)
② Information related to the approval
of a legal representative
4) The Company may collect additional
information with regard to the use of the following
customer-related services. In this case, it receives separate consent to
personal information collection and use:
– Input of additional information
within My Page
– Event participation
– Channeling service subscription
– Guardian’s consent to paid services
– Customer management services such as
customer counseling, 1:1 inquiry receipt, etc.
5) For paid services, the following
payment information may be collected:
– For payment by a mobile phone:
Mobile phone number, mobile carrier, payment certification number, etc.
– For payment by deposit without
bankbook and Internet banking: Bank name, depositor’s name
– For refund: Bank name, depositor’s
name, account number
– For coupon registration: Contact
address, coupon information
– For credit card payment: Card
company name, installation period, card number, expiration date, etc.
6) For mobile game service membership
application, the following information is collected:
① When using a Facebook account
– Open profile (name, age, gender,
etc.), list of friends, e-mail address, nickname
② When using a Google account
– Open profile (name, age, gender,
etc.), e-mail address, nickname
※ When applying for
membership using a Facebook or Google account, the items of personal
information collected may differ according to the relevant information
disclosure standards.
(2) Personal information collection
methods
Personal information is collected through
homepage membership application, service use (including mobile services),
membership information modification, phone/ fax/ customer center counseling,
event application, provision from partner companies, and generated information
collection tools.
2. Processing of unique identification
information
(1) Unique identification information
is the “information prescribed by the Presidential Decree” under the Personal
Information Protection Act and its Enforcement Decree such as resident
registration number, passport number, driver’s license number, and foreigner
registration number.
(2) The Company collects and processes
unique identification information in the following cases and collects it
through a separate consent:
1) Where taxes and public imposts are
imposed on a prize winner
2) Otherwise, where it is required by
law
(3) Unless otherwise provided by law,
the unique identification information collected is not used for purposes other
than those set forth in Paragraph (2), but is
encrypted and stored for safe management.
3. Purposes of collection and use of
personal information
The Company uses the personal
information collected for the following purposes:
(1) Performance of contract pertaining
to service provision, fee adjustment pursuant to the provision of services,
content provision, purchase and payment, refund, goods delivery,
self-certification, fee collection
(2) Membership management
ID confirmation pursuant to the use of
membership services, personal identification, prevention of illegal use by
unqualified members and prevention of unauthorized use, confirmation of
intention to become a member, age confirmation, confirmation of a legal
representative’s consent in case of collecting personal information on children
under 14 years, confirmation of consent in case of membership application by
users under 18 years, verification of a legal representative’s identity,
grievance handling including complaint handling and customer counseling, etc.,
document retention for dispute mediation, delivery of notices
(3) Marketing and statistical analysis
Development and specialization of new
services, provision of promotional information such as events, etc. service
provision and advertising pursuant to demographic characteristics, access frequency
checking or statistical analysis of service use by members
4. Periods of retention and use of
personal information
In principle, the relevant information
shall immediately be destroyed after the purposes of collection and use of
personal information are attained. (Note, however, that the Company retains
personal information for 15 days after membership withdrawal request to
minimize damage resulting from account theft, etc.) Moreover, if it is
necessary to retain personal information even after the purposes of collection
and use are attained in accordance with related laws, the Company shall retain
membership information for a specified period under related laws as follows:
– Records on marks/advertisements: 6
months (Act on Consumer Protection in Electronic Commerce, etc.)
– Records on contract termination and
order cancellation: 5 years (Act on Consumer Protection in Electronic Commerce,
etc.)
– Records on payment and supply of
goods: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
– Records on customer complaint and
dispute handling: 3 years (Act on Consumer Protection in Electronic Commerce,
etc.)
– Records on website visit: 3 months
(Protection of Communications Secrets Act)
5. Procedure and method for destroying
personal information
In principle, the relevant information
shall immediately be destroyed after the purposes of collection and use of
personal information are attained. The destruction procedure and method are as
follows:
(1) Destruction procedure
– Information entered by users for
membership application, etc. is destroyed after being stored for a certain
period (see the periods of retention and use) for reasons of information
protection according to the internal policy and other related laws after the
attainment of purpose (after a 15-day grace period in case of withdrawal
request).
(2) Destruction method
– Destroy personal information stored
in the form of electronic files using a technical method that makes it
impossible to recover records.
– Shred or incinerate personal
information printed on paper.6. Separate storage and management of personal
information of long-term non-use accounts
Convert accounts with no records of
service use (game use, payment, customer center counseling, etc.) for the last
one year into long-term use accounts, and separately store and manage the
personal information of the relevant accounts.
In case of personal information
separately being stored and managed due to conversion into long-term non-use
accounts, it is impossible to use all services including game use. A separate
recovery procedure is required to use the services again.
If you use the service again before
the expiration date, then conversion into a long-term non-use account will be
canceled. Thus, if you do not want your account to be converted into a
long-term non-use account, you have to use a game
service, etc. even if it’s only for a few minutes.
– Accounts subject to separate storage
and management: Accounts with no records of service use for one year
– Expiration date: The point of time
when one year has passed with no record of service use
– Items of separately stored and
managed personal information: account information, contact address, personal
information, service use record, payment record, counseling record, etc.
7. Provision of personal information
The Company entrusts an external
specialist service provider with service operation.
– Service provider: Amazon Web
Services, Inc.
Purpose of entrustment: Cloud service
operation and management
For the smooth provision of game
services, the Company archives personal information in a foreign country as
follows:
– Item: Android ID
Country: US
Transfer time and method: Transfer
through a network at the time of service use
Transferee: Amazon Web Services, Inc.
(http://aws.amazon.com/ko/compliance/contact/)
Purpose: Cloud service operation and
management
Retention and use period: Until the
purposes of retention and use of personal information are attained
The Company uses the personal
information of users within the scope specified in “3. Purposes of collection
and use of personal information.” In case of provision of personal information
to a third party, the Company receives consent under the laws. Note, however,
that this shall not apply to the following cases:
– Where there are requirements of the
relevant laws or demand from an investigative agency for investigation purposes
pursuant to the prescribed procedure and method under the laws
– Where it is necessary for fee
adjustment pursuant to the provision of services
– Where there are special provisions
of other laws
8. Rights of users and legal
representatives and method of exercising the rights
Users and legal representatives may
view or edit their personal information or personal information for the
relevant children under 14 years at any time and request withdrawal of
subscription. To view/edit the personal information of users or personal
information for children under 14 years, click “Modify personal information”
(or “Edit membership information”). To withdraw subscription (withdrawal of
consent), click “Apply for withdrawal of membership.” After verifying the
member identity, you can directly view, correct, or withdraw. Otherwise,
contact the person in charge of personal information protection in writing, by
phone, or e-mail, and we will take action immediately.
If a user requests correction for a
personal information error, the relevant information will not be used or
provided until correction is completed. Likewise, if erroneous personal
information has already been provided to a third party, correction results will
immediately be sent to a third party. Personal information terminated or
deleted by request from a user or a legal representative will be processed
pursuant to the provisions of “3. Retention and use period of personal
information collected” and cannot be viewed or used for other purposes.
9. Matters concerning the installation
and operation of a device that automatically collects personal information such
as Internet access information files, etc. and refusal thereof
The Company operates cookies, etc. to
store and find out users’ information from time to time. Cookies are stored on
a user’s computer hard disk as a very small text file sent to the user’s
browser from the server that is used for operating the Company’s website. The
Company uses cookies for the following purposes:
(1) Purpose of use of cookies, etc.
To provide customized services by
analyzing members’ and non-members’ access frequency and visit time, etc.,
understand users’ preferences, track their traces, check the number of visits,
etc.
(2) How to refuse cookie setting
Users have the right to choose their
cookie settings. Therefore, users can allow all cookies, check every time a
cookie is saved, or refuse all cookies by choosing the corresponding option.
[How to set cookies]
① Internet Explorer: [Tool] →
[Internet option] → [Personal information] → [Advanced] at the top of your web
browser
② Chrome: [⋮]
→ [Settings] → [Display advanced settings] → Personal information [Content
settings] at the upper right-hand side of your web browser. If you refuse to
save a cookie, however, some services may not be provided.
10. Matters concerning ensuring the
safety of personal information
(1) Technical measures for personal
information protection
The Company takes the following safety
measures to prevent personal information from being lost, stolen, leaked,
tampered with, or damaged when processing the personal information of users:
– Users’ personal information is
protected by a password. The password for a user account shall be known only to
the relevant user. Personal information shall only be checked and edited by the
user who knows the password.
– To protect against outside invasion
such as hacking, etc. and prevent personal information from being leaked, the
Company is currently using a device that blocks such invasions. Especially, the
Company maintains the highest level of security on the server that has all
users’ personal information by separately managing it without being connected
directly to the external Internet line.
– The Company can back up the system
and data in case of emergency.
– The Company uses anti-virus programs
to prevent damage caused by computer viruses. Anti-virus programs are updated
on a regular basis. In case of the abrupt appearance of a computer virus, the
Company provides anti-virus software as soon as it is available.
(2) Managerial measures for personal
information protection
– The Company limits persons having
access to users’ personal information to the minimum number of personnel. The
minimum number of persons is as follows:
1) Persons involved in marketing that
deals directly with users
2) Persons involved in personal
information management such as persons in charge of personal information
grievance handling, etc.
3) Persons whose duties require
personal information processing
–The Company provides the personnel
involved in personal information processing with regular internal training and
externally commissioned education with respect to new security technology
acquisition and personal information protection obligation, etc.
– The Company receives a written
security pledge from new employees to proactively prevent information leaks and
implements internal procedures for conducting audits to ensure that personnel
comply with the personal information processing policy.
– Transfer of duties of persons
involved in personal information processing is done with the highest possible
security, and responsibilities after entry into and resignation from the
Company are clearly stipulated.
– The Company controls access to the
data processing room, data archiving room, etc. by setting these areas up as a
protection zone.
– The Company is not responsible for
personal information leaks caused by users’ personal mistakes or dangers
inherent to the Internet. Users should appropriately manage their accounts and
passwords to protect their personal information and should assume
responsibility therefor.
11. Changes to the personal
information processing policy
In case of any change (addition,
deletion, and modification) to the personal information processing policy, the
Company lets customers know through the website notice. In addition, the
changed part of the personal information processing policy is made public by
comparing it with previous matters for the convenience of customers.
Personal information processing policy
version no.: 9.1.2018
Enforcement date of personal
information processing policy: 9.1.2018