Privacy Policy
Ondot (hereinafter referred to as “the Company”) abides by the related statutes of the privacy protection act and the law regarding the promotion of information and communication network use and protection of information. As an IT service provider, the Company also abides by the relevant matters of the personal information protection laws. Further, the Company is protecting the users interests to the Company’s best of abilities by defining this Privacy Policy.
This Privacy Policy applies to all game and related services (hereinafter referred to as “services”) provided by the Company. This Privacy Policy details how the user’s personal information is collected, used and what steps the Company is taking for the protection of the user’s personal information.
The user has the right to refuse the collection, use, relaying and entrusting of his/her personal information. By refusing, the user may not or only partly make use of the Company’s services.
1. How we collect and use your information
The user’s personal information is used to distinguish the user inside one of the Company’s services (including partly provided information which can be cross-referenced with other information in order to establish a distinguished user profile). The collected personal information is used by the Company for the following purposes:
A. Providing services and payment collections
Friend invites, friend recommendations, gifting items, view game rankings, play with other users, purchase and payment of items, notification services
B. User management
User authentication for the use of the service, distinction of user for the provided service, identification and prevention of misconduct members and bot-abuse, intent to join, intent to withdraw, authenfication and archiving for the sake of conciliation of disputes, complaint and civil affairs handling, delivering matters subject to notification
C. Development of new services, use for advertisement and marketing purposes
Offering newly developed services, targeted services and advertisements, checking the validity of the service, offering information on events, advertisements and a chance to participate, retention data, general statistics on the use of the relevant service
2. Provision and collecting method of personal information
A. Provision of personal information
1) For the sake of an optimized service, the Company receives and collects the following information from the platform provider when the service is used.
– The user’s nickname (name), member identifcation number, friend list, profile picture which is used in the platform provider’s service
2) During use of the service or transactions process, the following information may be collected.
– History of service use, connection log, history of misconduct, carrier information, OS and device information, locale information, purchase history
B. Collection method of personal information
The Company collects the personal information using the following methods:
– Homepage, application, written form, fax, phone, customer support message board, email, event participation
– From partner companies
– Collection via a generated information collection tool
C. SNS Interlink
– Connection with Facebook: e-mail address of Facebook account (ID), Nickname, Profile photo, connection record (connection IP, country/language/time zone/offset of subscription, login dates), service use record, device information (device ID, country of settings, language of settings, model name, OS, OS version, whether routed, ADID); and age
– Connection with Google: e-mail address of Google account (ID), Nickname,
– Connection with Apple: e-mail address of Facebook account (ID), Nickname, Profile photo, connection record (connection IP, country/language/time zone/offset of subscription, login dates), service use record, device information (device ID, country of settings, language of settings, model name, OS, OS version, whether routed, ADID); and age
3. Providing and sharing of personal information
The Company will use the user’s personal information only within the boundaries defined in “How we collect and use your information”, and will neither extend beyond said boundaries nor disclose the user’s personal information without the explicit consent of the user. However, in the cases below, the personal information may be carefully used or provided to external parties.
A. The user explicitly gives the Company his/her consent
Prior to the collection or offering of the user’s information, the user is informed of the collection, which partner his/her information will be provided to, what information is required and how long the information will be stored. The user’s consent will be requested, and he/she has the right to refuse, in which case the additional information will neither be collected nor made available publicly.
B. A specific legal regulation or the legal request of an investigative agency to disclose the information, following the correct legal procedures
4. Storage and use duration of personal information
As a general rule, the user’s personal information is destroyed without delay once the purpose of the collected data has been fulfilled. However, the following information is stored for a specified time due to reasons detailed below, and the information is used for this purpose only.
A. Record of agreement and/or withdrawal from the agreement
– Reason of storage: legally obligated to store the information, based on the e-commerce consumer protection laws
– Duration: 5 years
B. Purchase payment item providing records
– Reason of storage: legally obligated to store the information, based on the e-commerce consumer protection laws
– Duration: 5 years
C. Customer complaint and dispute records
– Reason of storage: legally obligated to store the information, based on the e-commerce consumer protection laws
– Duration: 3 years
D. Connection logs
– Reason of storage: Protection of communication secrets act
– Duration: 3 months
E. The Company’s internal data storage policy
– Stored data: misconduct records
– Reason of storage: Prevention of misconduct
– Duration: 1 year
5. Deletion procedure of personal information
As a general rule, the user’s personal information is destroyed without delay once the purpose of the collected data has been fulfilled; the procedure of said deletion is as follows. However, personal information of users who have not been using the service for longer than 1 year are stored separately in accordance with the law regarding the promotion of information and communication network use and protection of information.
A. Deletion procedure
Once the purpose of the provided user information has been fulfilled, the information is transferred to a separate database, where it is being stored for a specified time in accordance with the Company’s internal policy and the relevant statutes, until the information is destroyed. Unless legally requested, the storing of the information serves no other purpose than being stored as records.
B. Deletion method
Personal information on paper will be either destroyed with a shredder or manually ripped to pieces, while electronic information will be permanently deleted.
6. Rights and exercise method of the user or the legal representative
Both the user and the legal representative have the right to view or/and make changes to their own or their at most 13 years old minor’s personal information at all times, via the platform or appstore provider. Also, the agreement may be withdrawn from at all times by accessing the “withdraw” function in the settings of the App.
The user’s (or minor user’s) personal information can be accessed via the platform or appstore provider. By selecting “delete account”, the user can view, edit his/her information or choose to withdraw from the service. Should the company wish to access personal information it does not possess, the company must be able to compare its data with the registration records and personal information of the platform- or appstore provider in order to verify an user’s identity.
Should an user request a correction of his/her faulty personal information, the company will refrain from using or providing said information until the correction has been completed.
Withdrawn or destroyed personal information of either user or legal representative are processed in accordance with “4. Storage and use duration of personal information”, and are kept with no possibility to neither view nor use.
7. Installation of automated collection of personal information/Matters of operation and refusal
A. In order to provide a personalized and tailored service, the Company reserves the right to use cookies, which save the user’s information and gains access to it constantly. Cookies are very small text files which are sent from the servers to the user’s browser, and are saved on the computer’s hard disk while operating websites. When the user revisits the website, the website server gains access to the cookie, reads the text file and maintains the user’s settings and provides the user with a personalized service.
B. Cookies do neither actively nor automatically collect the user’s distinctive information, and the user may refuse the storing of cookies or delete them completely at any given time. However, deleting the cookies may restrict or completely block the user from using the Company’s service.
C. For “Internet Explorer”, the settings of cookies can be found here.
“Tools” -> “Internet options” -> “Personal information tab” -> “Personal information settings”
8. Policy on administrative and technical protection of personal information
To protect the user’s personal information and keep it from being lost, stolen, leaked, falsified or damaged in any way, the Company takes the following technical/administrative measures.
A. Technical measures
– The Company protects the user’s personal information by applying security measures in accordance with the related statues and the Company’s internal policy.
– The Company uses an anti-virus program to prevent damages caused by virus infections. The anti-virus program is kept up-to-date regularly, and is also subject to hotfixes, should a new virus emerge, keeping the personal information safe from external access.
– The Company safely stores and manages the user’s personal information, and has security measures in place for safe transmission of personal information through the network.
– The Company uses protective software to prevent and defend against external invasive actions in order to protect the user’s personal information, and always monitors the software for potential invasion.
B. Administrative measures
– The Company has created a set of rules (framework) on the creation of passwords, changing it and access rights for the “database and the personal information system” so the responsible employee of the Company can act according to said rules.
– The Company strictly monitors and restricts the employee responsible for the personal information, and regularly trains said employee in the conduct of the Company’s Privacy Policy.
9. Persons under the age of 13 residing outside of Korea
We will not knowingly collect any personal information from persons under the age of 13 who reside outside of the Republic of Korea. Persons under the age of 13 should not use our website or gaming platform at any time. If we have been notified that we have collected personal information from such persons, we will delete their information as soon as possible and in accordance with applicable laws and regulations.
In principle, our website and our Service are intended for adults. There is a minimum age requirement that must be met in order to sign up for an account to use our Service.
If we unknowingly collect personal information from Users under 13 years of age to provide our Service, the following additional processes shall be taken to protect the personal information of these persons:
1) Acquire agreement from the legal representative to collect personal information to directly provide information about our Service to the User
2) Notify parents about our Privacy Policy including content, purpose and sharing of information collected
3) Notify a legal representative about access to the User’s personal information, modification or removal of its personal information, temporary pause of its personal information process, and rights to withdraw the consent to provide its personal information provided in the past
4) We shall not collect information that is not necessary for participating in the online activity.
10. Users in the EU
Legal bases for processing your personal information
There are a number of different ways that we are lawfully able to process your personal information. We have described these below.
1) Where you give us your consent to process your personal information
We are allowed to use your personal information where you have specifically consented. In order for your consent to be valid:
■ It has to be given freely, without us putting you under any type of pressure;
■ You have to know what you are consenting to – so we’ll make sure we give you enough information;
■ You should only be asked to consent to one thing at a time – we therefore avoid “bundling” consents together so that you don’t know exactly what you’re agreeing to; and
■ You need to take positive and affirmative action in giving us your consent – for example, we could provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion.
We seek your consent when you sign up to Cartoon Network Arena for the purposes of set forth in section 4 to section 7 hereinabove.
Before giving your consent you should make sure that you read any accompanying information provided by us so that you understand exactly what you are consenting to.
You have the right to withdraw your consent at any time, and details can be found in the “Right to withdraw consent” section below.
2) Where processing your information is within our legitimate interests
We are allowed to use your personal information where it is in our interests to do so, and those interests aren’t outweighed by any potential prejudice to you.
We believe that our use of your personal information is within a number of our legitimate interests, including but not limited to:
■ To handle customer complaints;
■ To verify User identity;
■ To ensure that our systems run smoothly;
■ Protection from improper use or unauthorized use of our Service; and
■ To market our services.
We don’t think that any of the activities set out above will prejudice you in any way. However, you do have the right to object to us processing your personal information on this basis. We have set out details regarding how you can go about doing this in the “Your rights” section below.
3) Where processing your personal information is necessary for us to carry out our obligations under our contract with you
We are allowed to use your personal information when it is necessary to do so for the performance of our contract with you.
For example, we need to hold your email address in order to be able to send you email notification services where you have requested them.
4) Where processing is necessary for us to carry out our legal obligations
As well as our obligations to you under any contract, we also have other legal obligations that we need to comply with, and we are allowed to use your personal information when we need to in order to comply with those other legal obligations.
For example, we are required to keep a register of people who own our securities and we will need to collect and hold certain personal information about you in order to satisfy that legal obligation.
Your rights
Applicable privacy laws in the EU grant you the following rights in relation to your personal information
To get in touch with us about any of these rights, please contact us at pjs0459@gmail.com
We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
1) Right to object: this right enables you to object to us processing your personal information where we do so for one of the following reasons:
① because it is in our legitimate interests to do so (for further information, please see the section “Legal bases for processing your personal information” above);
② to enable us to perform a task in the public interest or exercise official authority;
③ to send you direct marketing materials; or
④ for scientific, historical, research, or statistical purposes.
2) Right to withdraw consent: Where we have obtained your consent to process your personal information for certain activities (for example, if you subscribe to email alerts), you may withdraw this consent at any time and we will cease to use your personal information for that purposes unless we consider that there is an alternative legal basis to justify our continued processing of your personal information for this purpose, in which case we will inform you of this condition.
3) Data Subject Access Requests: You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this as required by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost as permitted by law. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
4) Right to erasure: You have the right to request that we “erase” your personal information in certain circumstances. Normally, this right exists where:
① The information is no longer necessary;
② You have withdrawn your consent to us using your personal information, and there is no other valid reason for us to continue;
③ The personal information has been processed unlawfully;
④ It is necessary for the personal information to be erased in order for us to comply with our obligations under law; or
⑤ You object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so.
When complying with a valid request for the erasure of information we will take all reasonably practicable steps to delete the relevant information.
If we have shared your personal information with third parties, we will notify them about the erasure unless this is impossible or involves disproportionate effort.
5) Right to restrict processing: You have the right to request that we restrict our processing of your personal information in certain circumstances. For example, if you dispute the accuracy of the personal information that we hold about you or you object to our processing of your personal information for our legitimate interests. If we have shared your personal information with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal information.
6) Right to rectification: You have the right to request that we rectify any inaccurate or incomplete personal information that we hold about you. If we have shared this personal information with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal information to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
7) Right of data portability: If you wish, you may have the right to transfer your personal information between service providers. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your information in a commonly used machine-readable format so that you can transfer the information. Alternatively, we may directly transfer the information for you.
8) Right to complain: You also have the right to lodge a complaint with your local supervisory authority. Contact details for the various EU privacy supervisory authorities can be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
11. Contact of the personal information administrator
The user has the right to file a “personal information protection”-related civil complaint while using the Company’s service. The Company will reply quickly and earnestly to such complaints.
[Personal information administrator]
– Name: JISANG PARK
– Position: CEO
– Phone: 01066026114
– email: pjs0459@gmail.com
In case you require customer support or wish to file a complaint regarding a violation of your personal information, please contact the institutions below.
– Centre for invasion of personal information(privacy.kisa.or.kr / 118)
– Supreme (Public) Prosecutors’ Office, cybercrime unit (www.spo.go.kr / 1301)
– National Police Agency, cyber security administration (www.ctrc.go.kr / 182)
[Additional clause]
Should the Privacy Policy be changed in any way, the Company will inform the user of the reasons of said changes, along with the effective date at least 7 days prior to the effective date. The information will be posted until 1 day before the effective date in the relevant service. Should grave changes regarding the users rights and/or obligations occur, the user will be notified at least 30 days in advance.
Should the user not express his/her refusal when the Company announces the changes to its Privacy Policy in accordance to 1. until the effective date, it will be regarded as the user’s consent to the changes of the Privacy Policy.
Should the Company wish to collect additional information from the user or wish to provide the user’s information to a third party despite 2., the Company will request consent of the user separately.
12. Third Party Websites
We may provide Users with links to a third party’s website or data. Our Privacy Policy does not apply to such cases, and we have no control over external websites and their data. We will not be responsible for, or guarantee, the usefulness of service or data provided by these third parties. We do not have control over their policies and procedures so please refer to the privacy policies of these websites when accessing them through these links.
This privacy policy applies starting from December 1st, 2020.
Privacy policy enforcement date: December 1st, 2020