**1. Purpose of Processing Personal Information**

 processes personal information for the following purposes and does not use it for purposes other than the following.


* Identification and authentication of users for the provision of services to customers


**2. Consignment of Personal Information Processing**

① For smooth processing of personal information,  consigns personal information processing tasks as follows.

② When concluding a consignment contract,  specifies in documents such as the contract matters related to the prohibition of personal information processing other than the purpose of performing the consigned task, technical and administrative protective measures, restriction of re-consignment, management and supervision of the consignee, and responsibility for damages in accordance with Article 25 of the Personal Information Protection Act, and supervises whether the consignee processes personal information safely.

③ If the content of the consigned task or the consignee changes, we will disclose it without delay through this Privacy Policy.


**3. Rights and Obligations of the Data Subject and Methods of Exercise**

Users can exercise the following rights as data subjects.

① The data subject may exercise the following rights related to personal information protection against  at any time:


1. Request to read personal information

2. Request for correction in case of errors, etc.

3. Request for deletion

4. Request for suspension of processing


**4. Items of Personal Information Processed**

①  processes the following personal information items.


1. Account linkage for Google Play auto-login - Required item: auth key

2. Account linkage for Facebook auto-login - Required item: auth key


**5. Destruction of Personal Information**

In principle,  destroys the personal information without delay when the purpose of processing personal information is achieved. The procedure, deadline, and method of destruction are as follows.


* Destruction Procedure: Information entered by the user is moved to a separate DB (or separate documents for paper) after the purpose is achieved, stored for a certain period according to internal policies and other related laws, or destroyed immediately. At this time, the personal information moved to the DB is not used for any other purposes except according to the law.

* Destruction Deadline: The user's personal information is destroyed within 5 days from the end of the retention period if the personal information retention period has expired, or within 5 days from the date when the processing of personal information is deemed unnecessary, such as achieving the purpose of processing personal information, abolition of the service, or termination of the business.


**6. Measures to Secure the Safety of Personal Information**

In accordance with Article 29 of the Personal Information Protection Act,  takes the technical, administrative, and physical measures necessary to secure safety as follows.


1. Conducting regular self-audits: To secure stability related to the handling of personal information, regular self-audits are conducted (once a quarter).

2. Technical measures against hacking, etc.: To prevent personal information leakage and damage caused by hacking or computer viruses, Monster Cafe Studio installs security programs, updates and inspects them periodically, installs systems in areas where access from the outside is controlled, and monitors and blocks them technically and physically.

3. Encryption of personal information: The user's personal information and password are encrypted, stored, and managed so that only the user can know them. For important data, separate security functions such as encrypting files and transmitted data or using file lock functions are used.

4. Storage of access records and prevention of forgery/alteration: Records of access to the personal information processing system are kept and managed for at least 6 months, and security functions are used to prevent access records from being forged, altered, stolen, or lost.

5. Restriction of access to personal information: Necessary measures are taken to control access to personal information by granting, modifying, and canceling access rights to the database system that processes personal information, and an intrusion prevention system is used to control unauthorized access from the outside.


**7. Privacy Officer**

① Monster Cafe Studio is overall responsible for personal information processing tasks, and designates a Privacy Officer as follows to handle data subjects' complaints and remedy damages related to personal information processing.


▶ Privacy Officer

Name: Sunwoo Park

E-mail: help@monstercafe.co.kr

※ You will be connected to the department in charge of personal information protection.


② Data subjects may inquire about all personal information protection-related inquiries, complaint handling, and damage relief arising from the use of Monster Cafe Studio's services to the Privacy Officer and the department in charge. Monster Cafe Studio will answer and process the data subject's inquiries without delay.


**8. Changes to the Privacy Policy**

① This Privacy Policy applies from the effective date, and if there are additions, deletions, or corrections of changes in accordance with laws and policies, we will notify you through notices 7 days before the implementation of the changes.