GDPR

Personal Data Protection

Ikina Games (hereinafter referred to as "the company") values the protection of users' personal data and complies with the Act on Promotion of Information and Communications Network Utilization and Information Protection. In compliance with this, the company will inform users on the nature in which the personal data they provide will be used and what measures are being taken to protect their personal data.

The company will disclose this policy on the website of Ikina Games (http://ikinagames.com/) so that it may always be easily accessible to users.

This Personal Data Protection can be modified due to changes in related laws and guidelines or changes in the company's internal policy.

Article 1 [Collection of Personal Data]

  1. The following information is collected when using the game service. When using some additional services, the user is notified of this fact and additional consent is obtained.

① (Required) In the case of a service linked to an external platform, the unique number provided by the external platform will be needed.

② (Required) When using a social service: contact information such as profile name, profile picture, friends list, etc. (in this case, information from a third party is used temporarily and not stored)

  1. If you use customer-related services for smooth service use, additional information will be collected as follows:

① In the case of using customer service:

(Required) Email address, game member ID (or unique ID provided by an external platform)

② In case of a refund request:

(Required) Email address, game member ID (or unique ID provided by an external platform), Google Email ID (when Google is involved), purchase confirmation details, real name and family relationship proof to confirm payment by persons other than yourself.

  • In the case of a cash refund due to the termination of the game service:

(Required) Name, mobile phone number, payment account (when Google Store is used), bank name, bank account number, depositor, email, copy of ID card, copy of bankbook

③ When you participate in an event or advertisement:

  • When you participate in an event:

(Required) Mobile phone number, social media account name (in the case of an event using social media)

  • In the case of prize delivery:

(Required) Name, mobile phone number, address, etc.

  • In the case where a tax and utility bill are imposed on the winner of the event:

(Required) Resident registration number, address, name.

  1. In the process of using the company's service, the following information may be automatically generated for the purpose of complying with the law, protecting accounts and items, preventing fraudulent users, and providing stable service.

User's mobile phone information (model name, operating system, firmware version, device's unique ID, etc.), IP Address, cookies, last access location, location-based service usage records, access dates, service usage records, defective use records, etc.

  1. Personal Data Collection Method — The company collects personal data in the following ways:

It is collected with consent from the user when signing up for the company's service

It is collected with consent from the user when participating in promotions and events

Automatically collected by the company through a platform related to service provision

Voluntarily provided by the user when subscribing to and using the service, and after being requested according to the needs of the company

Article 2. [Use of Personal Data]

The company uses the collected information of users for the following purposes:

  • Personal information is used to provide services such as identifying and confirming the identity of users

  • Personal information is used to respond to customer service inquiries, handle complaints, and improve user experience

  • Personal information is used to notify the user of promotions and events

  • Personal information is used to confirm the user's intention to participate in events, deliver prizes to event participants, and process tax and utility bills

  • Personal information is used to prevent fraudulent registration and use

  • Personal information is used to analyze the use environment of the service through service use records, improve the service, and provide services that take into account the characteristics of individual users

Article 3. [Sharing and Provision of Personal Data]

  1. The company does not use the user's personal data or provide it to third parties beyond the scope laid out by the "Purpose for Collection and Use of Personal Data" in any case, except in accordance with the user's consent or relevant laws.

  2. In the case of partnering with a business affiliate or business operator for the purpose of providing various services, the user will be notified, and their consent obtained, at least 7 days before the effective date through the website homepage, a notice within the application, or a message. The notification will detail who the information will be collected by or shared with, the main business of this third party, the kinds of personal data that will be provided or shared, the purpose of the provision or sharing of personal data, etc.

  3. In the following cases, it is possible for personal data to be provided without the consent of the user according to the relevant laws and regulations:

(1) Where necessary for the settlement of charges according to the provision of services

(2) Where necessary for statistics mapping, academic research, or market research. At which time specific individuals will be processed and provided in an unrecognizable form.

(3) For investigative purposes under relevant laws and regulations where there is a request from a relevant agency

(4) Where there are special provisions in laws such as the Real Name Financial Transactions and Secrets Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Consumer Protection Act, the Bank of Korea Act, and the Criminal Procedure Act.

Article 4. [Preservation of Personal Data and Usage Period]

  1. In principle, the company destroys all personal data promptly after the purpose for which it was collected and used has been achieved. In addition, in accordance with the Information and Communication Network Utilization and Information Protection Act and the Enforcement Decree, in the case of users who have not used the service for one entire year (hereinafter referred to as "dormant account"), in order to protect personal data, the company may terminate the contract and destroy personal data or take necessary measures such as storing it separately. In this case, the "member" is notified of the fact that necessary measures will be taken 30 days before the date on which they will be taken, as well as of the expiration date of the personal data preservation period and the specific items of personal data.

However, if this period has been changed at the request of the "member", the user's personal data will be kept for a certain period prescribed by the relevant laws and regulations as follows:

ο Reasons for holding information according to the company's internal policy.

Records of Fraudulent Use

Reason for Preservation: Prevention of fraudulent use

Preservation Period: 1 year

ο Where it is necessary to preserve information in accordance with laws such as the Commercial Act, etc.

Records of Fair Indication and Advertisement

Basis for Preservation: Article 6 of the Consumer Protection Act in Electronic Commerce, etc. and Article 6 of the Enforcement Decree.

Preservation Period: 6 months

Records related to the signing of a contract or withdrawal of subscription, etc.

Basis for Preservation: Article 6 of the Consumer Protection Act in Electronic Commerce, etc. and Article 6 of the Enforcement Decree.

Preservation Period: 5 years

Records of Payment and Supply of Goods, etc.

Basis for Preservation: Article 6 of the Consumer Protection Act in Electronic Commerce, etc. and Article 6 of the Enforcement Decree.

Preservation Period: 5 years

Records of Consumer Complaints or Disputes

Basis for Preservation: Article 6 of the Consumer Protection Act in Electronic Commerce, etc. and Article 6 of the Enforcement Decree.

Preservation Period: 3 years

Records of the Collection, Processing, and Use of Credit Information

Basis for Preservation: Act on the Use and Protection of Credit Information

Preservation Period: 3 years

Preservation of Records Regarding Identification

Basis for Preservation: Article 44-5 of the Act on Promotion of Information and Communication Network Utilization and Information Protection and Article 29 of the Enforcement Decree.

Preservation Period: 6 months

Preservation of Access Records

Basis for Preservation: Article 15-2 of the Protection of Communications Secrets Act and Article 41 of the Enforcement Decree.

Preservation Period: 3 months

In addition, if there is individual consent from the user, information is preserved according to the period consented to.

  1. If a request for access to personal data, etc. is made as per section 1), the company will take measures to allow the viewing and confirmation of contents promptly.

  2. In principle, the company destroys all information promptly after the purpose for which it was collected and used has been achieved. The procedures and methods of destruction are as follows (However, in accordance with the Act on Promotion of Information and Communication Network Utilization and Information Protection, personal data of users who have not used the service for a year is stored separately.):

① After the purpose provided by the user in the process of using the service has been achieved, information will be transferred to a separate database and stored for a certain period of time according to internal policies and other relevant laws and regulations (see Preservation of Personal Data and Usage Period). Personal information is not used for any purpose other than being stored, unless it is in accordance with the law.

② Personal information stored in an electronic file format is deleted using a technical method that ensures data cannot be recovered. Personal information printed on paper is shredded or destroyed through incineration.

Article 5. [The Rights of Users and Legal Representatives and Their Enforcement]

  1. Users and legal representatives may at any time inquire about or modify the registered personal data of themselves or children under the age of 14, and request cancellation of their membership.

  2. Under the Act on Promotion of Information and Communications Network Utilization and Information Protection, children under the age of 14 must be fully aware of the purpose of collecting and using personal data before sending said personal data to others online and must obtain consent from their legal representatives (parents).

  3. According to the Game Industry Promotion Act, teenagers under the age of 18 must obtain consent from their legal representatives (parents) when signing up as members.

  4. If a user requests correction of an error in their personal data, the personal data will not be used or provided until said correction is completed. Furthermore, if incorrect personal data has already been provided to a third party, the third party will be notified of the correction process promptly so that the correction may be made.

  5. The company handles personal data terminated or deleted at the request of a user or legal representative as specified in Preservation of Personal Data and Usage Period, and the information cannot be viewed or used other than for those purposes.

Article 6. [Matters Concerning the Installation and Operation of an Automatic Personal Data Collection Device and Refusal]

Ikina Games uses cookies to provide users with a more convenient experience using their website experience, and users have the right to refuse these.

Cookies may be used.

  1. What is a cookie?

Cookies are small text file used in the running of a webpage that are transmitted by the server to the user's computer and stored on the user's computer hard drive. As consent to the installation and collection of cookies can be chosen by the user, it is possible to refuse them. However, refusal of cookies may result in restrictions on the use of some services.

  1. How to Reject Cookies

Internet Explorer:

Tools > Internet Options > Privacy > Advanced

Chrome:

Settings > Security and Privacy > Cookies and other site data

Article 7. [Technical/Management Measures for the Protection of Personal Data]

In the processing of users' personal data, the company is taking the following technical/management measures to ensure the safety of personal data from being lost, stolen, leaked, forged, or damaged.

  1. Password Encryption

The company does not collect passwords of members of platforms related to service provision.

  1. Countermeasures Against Hacking

To prevent users' personal data being leaked through hacking, devices to block outside attacks and hacking are installed and operated. Furthermore, servers containing users' personal data are not connected directly to outside internet and are maintained at the highest level of security.

There are also systems in place to back up systems and data in case of an emergency, and measures are taken to prevent damage caused by computer viruses using antivirus software. Antivirus software is updated regularly, and in the event of the sudden emergence of a new virus, countermeasures will be implemented as soon as they become available in order to prevent personal data from being infringed upon.

  1. Restrictions and Training of Staff Members Handling Data

The number of staff involved in the processing of personal data is limited to a minimum, and the need for compliance with this policy is emphasized through regular training for such staff.

  1. Operation of a Personal Data Protection Team

The implementation of this policy and compliance to it of those persons responsible are verified by an in-house personal data protection team and corrective measures are taken immediately if any issues are uncovered.

However, the company is not responsible for any issues caused by the leaking of personal data such as accounts IDs, passwords, nicknames, and e-mails of platforms related to service provision due to the user's own carelessness or internet problems.

Article 8. [Civil Complaint Services Related to the Infringement of Personal Data]

If you have any questions concerning the personal data of users, please contact the relevant department as detailed below. Questions will be answered promptly and honestly.

The company has a Chief Privacy Officer and a Personal Data Management Department as detailed below.

  • Chief Privacy Officer

  • Affiliation and Rank: Representative

  • Name: Junho Bae

  • Phone number: +82 2.6326.7580

  • Email: gamemaster@ikinagames.com

If you wish to consult with a public institution other than the company in regards to misuse of personal data, you may contact one of the following:

Article 9. [Other]

  1. The company can provide users with links to other companies' websites or documents. In this case, the company has no control over the contents of these external sites and documents and cannot guarantee or be held responsible for the usability of the services or documents provided by them.

  2. In the case of clicking a link provided by the company and being redirected to another website homepage, the privacy policy and terms and conditions of this website are unrelated to the company. Therefore, the user should check the policies of this newly visited website themselves.

  3. Users should enter accurate and up-to-date personal data in order to prevent unforeseen issues. Users are responsible for issues resulting from the provision of inaccurate information by the user, and the use of the account may be restricted or deleted if the false information provided is related to the theft of other people's information, etc.

  4. Users have the right to have their personal data protected and are also obligated to take measures to protect their own information and not infringe on other people's information. Please be careful not to leak your personal data, such as passwords, and be careful not to infringe upon other people's personal data, such as by posting them. If you fail to fulfill this responsibility and infringe upon the personal data and dignity of others, you are liable to be punished according to relevant laws and regulations.

  5. The user is solely responsible for any losses and material damage while using the service that result from the provision of inaccurate or false personal data.

Article 10. [Duty of Notice]

In the event of additions to, removal from, or modification of personal data processing policies due to changes in laws, policies, or security technologies, the company will notify users of the reason for and contents of the change through the company's website or the application provided by the company at least 7 days before the revision comes into effect.

Article 11. [Transfer of Personal Data Overseas]

The company is transferring the personal data of customers overseas in order to provide customers with smooth game service.

  1. Personal Data Being Transferred

When making a customer inquiry: member ID, e-mail, device information, game version, game data version, account information

  1. Destination of Personal Data Being Transferred, Date and Time of Transfer, and Method of Transfer

Ireland - Transferred to a real-time database upon making a customer inquiry

  1. Purpose of Personal Data Use and Preservation Period

Overseas cloud services are used for smooth customer counseling. Stored personal data is used only for customer counseling purposes and will be deleted one month following the completion of customer counseling in order to prevent fraudulent use.

  • Published: September 9th, 2021

  • Implemented: September 9th, 2021