PRIVACY POLICY
CookApps 106
Co., Ltd. (¡°Company¡±) values the
importance of customers¡¯ personal information and
complies with the personal information protection provisions under related laws
such as the ¡°Act on the Promotion of Information and
Communications Network Utilization and Information Protection, etc.¡± and the ¡°Personal Information Protection
Act.¡±
The Company informs customers—through the Personal Information Processing Policy—about the purpose for the use of personal information provided by
customers, how it is used, and what actions are taken for personal information
protection.
When amending the Personal Information Processing Policy,
the Company will inform customers through the website notice (or individually
sent notices).
1. Personal information collected and collection methods
(1) Items of personal information collected
1) The following information is collected for membership
application:
– When using a Facebook account: Open profile
(name, age, gender, etc.), e-mail address, nickname
– When using a Google account: Open profile
(name, age, gender, etc.), e-mail address, nickname
¡Ø When applying for membership using a
Facebook or Google account, the items of personal information collected may
differ according to the relevant information disclosure standards.
2) In the process of using the services, the following
information may be collected:
– Service use record, Email & Phone Number
for Ad/CS/Event Management, connection log, IP information, illegal use record,
mobile device information (model name, mobile carrier information, OS
information, language and country information, unique device identification
number, advertising ID, etc.)
3) When providing services requiring age confirmation and
self-certification, the following information may be collected:
– i-PIN self-certifier: Name, date of birth,
gender, i-PIN number, Duplication Information (DI), Connecting Information
(CI), native/resident¡¤foreigner information
– Mobile phone self-certifier: Name, date of
birth, gender, Duplication Information (DI), Connecting Information (CI),
native/resident¡¤foreigner information
– My-PIN self-certifier: Name, date of birth,
My-PIN number, Duplication Information (DI), Connecting Information (CI)
– Children under 14 years and younger users under
the age of 18
¨ç Information on the self-certification of a
legal representative
• For mobile phone self-certification: Name, date
of birth, gender, Duplication Information (DI), Connecting Information (CI)
• For i-PIN self-certification: Name, date
of birth, gender, i-PIN number, Duplication Information (DI), Connecting
Information (CI)
¨è Information related to the approval of a legal
representative
4) The Company may collect additional information with
regard to the use of the following customer-related services. Phone
number, email, etc. In this case, it receives separate consent to personal
information collection and use:
– Input of additional information within My Page
– Event participation
– Channeling service subscription
– Guardian¡¯s consent to
paid services
– Customer management services such as customer
counseling, 1:1 inquiry receipt, etc.
5) For paid services, the following payment information
may be collected:
– For payment by a mobile phone: Mobile phone
number, mobile carrier, payment certification number, etc.
– For payment by deposit without bankbook and
Internet banking: Bank name, depositor¡¯s name
– For refund: Bank name, depositor¡¯s name, account number
– For coupon registration: Contact address,
coupon information
– For credit card payment: Card company name,
installation period, card number, expiration date, etc.
6) For mobile game service membership application, the
following information is collected:
¨ç When using a Facebook account
– Open profile (name, age, gender, etc.), list of
friends, e-mail address, nickname
¨è When using a Google account
– Open profile (name, age, gender, etc.), e-mail
address, nickname
¡Ø When applying for membership using a
Facebook or Google account, the items of personal information collected may
differ according to the relevant information disclosure standards.
(2) Personal information collection methods
Personal information is collected through homepage
membership application, service use (including mobile services), membership
information modification, phone/ fax/ customer center counseling, event
application, provision from partner companies, and generated information
collection tools.
2. Processing of unique identification information
(1) Unique identification information is the ¡°information prescribed by the Presidential Decree¡± under the Personal Information Protection Act and its Enforcement
Decree such as resident registration number, passport number, driver¡¯s license number, and foreigner registration number.
(2) The Company collects and processes unique
identification information in the following cases and collects it through a
separate consent:
1) Where taxes and public imposts are imposed on a prize
winner
2) Otherwise, where it is required by law
(3) Unless otherwise provided by law, the unique
identification information collected is not used for purposes other than those
set forth in Paragraph (2), but is encrypted and stored for safe
management.
3. Purposes of collection and use of personal information
The Company uses the personal information collected for
the following purposes:
(1) Performance of contract pertaining to service
provision, fee adjustment pursuant to the provision of services, content
provision, purchase and payment, refund, goods delivery, self-certification,
fee collection
(2) Membership management
ID confirmation pursuant to the use of membership
services, personal identification, prevention of illegal use by unqualified
members and prevention of unauthorized use, confirmation of intention to become
a member, age confirmation, confirmation of a legal representative¡¯s consent in case of collecting personal information on children
under 14 years, confirmation of consent in case of membership application by
users under 18 years, verification of a legal representative¡¯s identity, grievance handling including complaint handling and
customer counseling, etc., document retention for dispute mediation, delivery
of notices
(3) Marketing and statistical analysis
Development and specialization of new services, provision
of promotional information such as events, etc. service provision and
advertising pursuant to demographic characteristics, access frequency checking
or statistical analysis of service use by members
4. Periods of retention and use of personal information
In principle, the relevant information shall immediately
be destroyed after the purposes of collection and use of personal information
are attained. (Note, however, that the Company retains personal information for
15 days after membership withdrawal request to minimize damage resulting from
account theft, etc.) Moreover, if it is necessary to retain personal
information even after the purposes of collection and use are attained in
accordance with related laws, the Company shall retain membership information
for a specified period under related laws as follows:
– Records on marks/advertisements: 6 months (Act
on Consumer Protection in Electronic Commerce, etc.)
– Records on contract termination and order
cancellation: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
– Records on payment and supply of goods: 5 years
(Act on Consumer Protection in Electronic Commerce, etc.)
– Records on customer complaint and dispute
handling: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
– Records on website visit: 3 months (Protection
of Communications Secrets Act)
5. Procedure and method for destroying personal
information
In principle, the relevant information shall immediately
be destroyed after the purposes of collection and use of personal information
are attained. The destruction procedure and method are as follows:
(1) Destruction procedure
– Information entered by users for membership
application, etc. is destroyed after being stored for a certain period (see the
periods of retention and use) for reasons of information protection according
to the internal policy and other related laws after the attainment of purpose
(after a 15-day grace period in case of withdrawal request).
(2) Destruction method
– Destroy personal information stored in the form
of electronic files using a technical method that makes it impossible to
recover records.
– Shred or incinerate personal information
printed on paper.6. Separate storage and management of personal information of
long-term non-use accounts
Convert accounts with no records of service use (game use,
payment, customer center counseling, etc.) for the last one year into long-term
use accounts, and separately store and manage the personal information of the
relevant accounts.
In case of personal information separately being stored
and managed due to conversion into long-term non-use accounts, it is impossible
to use all services including game use. A separate recovery procedure is
required to use the services again.
If you use the service again before the expiration date,
then conversion into a long-term non-use account will be canceled. Thus, if you
do not want your account to be converted into a long-term non-use account,
you have to use a game service, etc. even if it¡¯s only for a few minutes.
– Accounts subject to separate storage and
management: Accounts with no records of service use for one year
– Expiration date: The point of time when one
year has passed with no record of service use
– Items of separately stored and managed personal
information: account information, contact address, personal information,
service use record, payment record, counseling record, etc.
7. Provision of personal information
The Company entrusts an external specialist service
provider with service operation.
– Service provider: Amazon Web Services, Inc.
Purpose of entrustment: Cloud service operation and
management
For the smooth provision of game services, the Company
archives personal information in a foreign country as follows:
– Item: Android ID
Country: US
Transfer time and method: Transfer through a network at
the time of service use
Transferee: Amazon Web Services, Inc. (http://aws.amazon.com/ko/compliance/contact/)
Purpose: Cloud service operation and management
Retention and use period: Until the purposes of retention
and use of personal information are attained
The Company uses the personal information of users within
the scope specified in ¡°3. Purposes of collection and use of
personal information.¡± In case of provision of personal
information to a third party, the Company receives consent under the laws. Note,
however, that this shall not apply to the following cases:
– Where there are requirements of the relevant
laws or demand from an investigative agency for investigation purposes pursuant
to the prescribed procedure and method under the laws
– Where it is necessary for fee adjustment
pursuant to the provision of services
– Where there are special provisions of other
laws
8. Rights of users and legal representatives and method of
exercising the rights
Users and legal representatives may view or edit their
personal information or personal information for the relevant children under 14
years at any time and request withdrawal of subscription. To view/edit the
personal information of users or personal information for children under 14
years, click ¡°Modify personal information¡± (or ¡°Edit membership information¡±). To withdraw subscription (withdrawal of consent), click ¡°Apply for withdrawal of membership.¡± After
verifying the member identity, you can directly view, correct, or withdraw.
Otherwise, contact the person in charge of personal information protection in
writing, by phone, or e-mail, and we will take action immediately.
If a user requests correction for a personal information
error, the relevant information will not be used or provided until correction
is completed. Likewise, if erroneous personal information has already been
provided to a third party, correction results will immediately be sent to a
third party. Personal information terminated or deleted by request from a user
or a legal representative will be processed pursuant to the provisions of ¡°3. Retention and use period of personal information collected¡± and cannot be viewed or used for other purposes.
9. Matters concerning the installation and operation of a
device that automatically collects personal information such as Internet access
information files, etc. and refusal thereof
The Company operates cookies, etc. to store and find out
users¡¯ information from time to time. Cookies are
stored on a user¡¯s computer hard disk as a very small
text file sent to the user¡¯s browser from the server
that is used for operating the Company¡¯s website. The
Company uses cookies for the following purposes:
(1) Purpose of use of cookies, etc.
To provide customized services by analyzing members¡¯ and non-members¡¯ access frequency and visit
time, etc., understand users¡¯ preferences, track their
traces, check the number of visits, etc.
(2) How to refuse cookie setting
Users have the right to choose their cookie settings.
Therefore, users can allow all cookies, check every time a cookie is saved, or
refuse all cookies by choosing the corresponding option.
[How to set cookies]
¨ç Internet Explorer: [Tool] ¡æ [Internet option] ¡æ [Personal information] ¡æ [Advanced] at the top of your web browser
¨è Chrome: [⋮] ¡æ [Settings] ¡æ [Display advanced settings] ¡æ Personal information [Content settings] at the upper right-hand
side of your web browser. If you refuse to save a cookie, however, some
services may not be provided.
10. Matters concerning ensuring the safety of personal
information
(1) Technical measures for personal information protection
The Company takes the following safety measures to prevent
personal information from being lost, stolen, leaked, tampered with, or damaged
when processing the personal information of users:
– Users¡¯ personal
information is protected by a password. The password for a user account shall
be known only to the relevant user. Personal information shall only be checked
and edited by the user who knows the password.
– To protect against outside invasion such as
hacking, etc. and prevent personal information from being leaked, the Company
is currently using a device that blocks such invasions. Especially, the Company
maintains the highest level of security on the server that has all users¡¯ personal information by separately managing it without being
connected directly to the external Internet line.
– The Company can back up the system and data in
case of emergency.
– The Company uses anti-virus programs to prevent
damage caused by computer viruses. Anti-virus programs are updated on a regular
basis. In case of the abrupt appearance of a computer virus, the Company
provides anti-virus software as soon as it is available.
(2) Managerial measures for personal information
protection
– The Company limits persons having access to
users¡¯ personal information to the minimum number of
personnel. The minimum number of persons is as follows:
1) Persons involved in marketing that deals directly with
users
2) Persons involved in personal information management
such as persons in charge of personal information grievance handling, etc.
3) Persons whose duties require personal information
processing
–The Company provides the personnel involved in
personal information processing with regular internal training and externally
commissioned education with respect to new security technology acquisition and
personal information protection obligation, etc.
– The Company receives a written security pledge
from new employees to proactively prevent information leaks and implements
internal procedures for conducting audits to ensure that personnel comply with
the personal information processing policy.
– Transfer of duties of persons involved in
personal information processing is done with the highest possible security, and
responsibilities after entry into and resignation from the Company are clearly
stipulated.
– The Company controls access to the data
processing room, data archiving room, etc. by setting these areas up as a
protection zone.
– The Company is not responsible for personal
information leaks caused by users¡¯ personal mistakes or
dangers inherent to the Internet. Users should appropriately manage their
accounts and passwords to protect their personal information and should assume
responsibility therefor.
11. Changes to the personal information processing policy
In case of any change (addition, deletion, and
modification) to the personal information processing policy, the Company lets
customers know through the website notice. In addition, the changed part of the
personal information processing policy is made public by comparing it with
previous matters for the convenience of customers.
Personal information processing policy version no.: 10.22.2020
Enforcement date of personal information processing
policy: 10.22.2020