Privacy Policy

Otherworld Mercenary Corps Privacy Policy


Introduction

This Privacy Policy has been prepared in accordance with the laws of the Republic of Korea.

baobob Lab (hereinafter referred to as the "Company") collects, uses, and provides personal information based on the user's consent, and actively guarantees the user's right (i.e., right to self-determination of personal information).

In order to protect the user's personal information, the Company lawfully handles the personal information and safely manages it in compliance with the "Personal Information Protection Act" and related laws.

The "Privacy Policy" refers to the guidelines that the Company follows to protect the personal information of its users, allowing them to utilize the services with the firm belief that their personal information will not be abused.



1. Items and Purpose of Collection/Use of Personal Information

The Company collects only the minimum information necessary to provide basic services, such as signing the service agreement, responding to inquiries, and providing various services.


(1) Collected Personal Information

1) The following information is collected when registering as a member:

- Google: Member identification information, profile picture, and profile name

- Apple: Member identification information, profile picture, and profile name

2) The following items of personal information are collected for customer counseling and other various services:

- Nickname, device information (model name, OS version, device unique identifier, etc.), service provider information, store information, game version, location information, game and service usage records, connection records, cookies, payment records, paid billing information, promotion/event participation records and related information, and IP address.

* User's email address, mobile phone number, and address information may be processed to handle customer inquiries and send promotional items.

* Name may be processed for tax and billing purposes.

(2) Collection Method of Personal Information

- Collection through agreement procedures when joining the Company's service.

- Collection through separate agreement procedures for promotions and events.

- Automatic collection through platforms in partnership with the Company for service provision.

- Voluntary provision by users during payment and use, or collection upon request for necessary information.

(3) Refusal of Collection and Use of Personal Information

Users may refuse the collection and use of personal information in the above cases; provided, however, that if the collection and use of personal information are refused, the use of all or part of the Company's service may become difficult.



2. Purpose of Collection and Use of Personal Information

The Company utilizes the collected personal information for the following purposes:


1) Fee settlement for contract fulfillment and service provision, content provision, purchase and fee payment, refunds, product delivery, identity verification, and fee collection;

2) Identity verification for the use of membership services, personal identification, prevention of unauthorized and fraudulent use by malicious users, confirmation of intention to join, age verification,

verification of legal guardian's consent for collecting personal information of children under 14 years of age, confirmation of consent for membership registration by users under 18 years of age,

verification of legal guardian's identity, handling complaints and customer inquiries, record retention for dispute resolution, and notification of important notices;

3) Development and customization of new services (products), relaying of promotional information such as events, provision of services and advertising based on demographic characteristics,

and tracking the frequency of access or the statistical analysis of the use of membership services by users.



3. Use of Personal Information for Purposes Other than the Intended Purpose and Provision to Third Parties

The Company does not provide personal information to a third party without the prior consent of the user or use it for purposes beyond the intended purpose of collection and use.


1) The Company uses the personal information of users within the scope of this Privacy Policy and does not provide such information externally; provided, however, that exceptions are made in the following cases:

- If the user has consented in advance, or

- when there is a request from an investigation agency pursuant to the relevant laws or in accordance with the procedures and methods prescribed in the laws and regulations for the purpose of the investigation.

2) If personal information is provided after the user's consent, the Company shall notify the status thereof through this Privacy Policy.



4. Data Subject's Rights

The Company shall actively take measures necessary for requests for access to, provision, and correction of users' personal information.


1) Users may inspect/correct their registered personal information at any time.

In the case of children under 14 years of age, it is possible to do so after verifying their identity at the request of a legal guardian.

2) Users may withdraw consent to use (delete a game account), request the Company to suspend collection and processing of, or request the deletion of personal information;

provided, however, that when deleting personal information absolutely necessary for the provision of the Company's service, the relevant service may not be provided in whole or in part.

3) When the consent to use is withdrawn (game account is deleted), the personal information of that user will be deleted; provided, however, that if relevant laws govern the retention period, the personal information shall be retained according to that period notwithstanding the personal information retention and use period of this Privacy Policy.

4) If required by relevant laws, users may exercise their rights related to personal information to the Company in accordance with the requirements and limitations imposed by such laws.

5) The data subject's rights may be exercised through the deletion of game accounts or by contacting the relevant service customer support.

6) The Company does not collect personal information if the user's age is such that they are in need of a legal guardian's consent under the Personal Information Protection Act.

In the case where the Company becomes aware that such personal information has been collected, users shall be urged to contact customer support so that the Company may receive the consent of the legal guardian in accordance with the internal process;

by doing so, the user may continue to use the service.

In the case where the user does not wish to use the service, the personal information will be deleted through withdrawal of consent for use (deletion of game accounts), and the provision of the service shall be suspended.



5. Period of Retention and Use of Personal Information

The Company shall immediately delete the above information when the purpose of collection and use of personal information is achieved or when the retention period expires;

provided, however, that exceptions are made in cases prescribed by the relevant laws, in cases where prior notice of the retention period has been made, and personal consent of the user has been obtained.

In the event of deleting a game account, the information collected for the provision of the service shall be deleted after the storage for 30 days from the date of deletion for the purpose of resolving consumer complaints and disputes;

the records of fraudulent use shall be removed after storage for 1 year from the account deletion date to prevent fraudulent use.

Information collected for events and other similar affairs will be retained for a maximum of 1 year, which may vary for each event and will be as described on the individual event page.

In cases where storage is required or permitted by law, personal information may be stored after the user's deletion of the game account.


1) Records of visits to websites

Preservation basis: Protection of Communications Secrets Act

Preservation period: 3 months

2) Records on labeling and advertising

Preservation basis: Act on the Consumer Protection in Electronic Commerce

Preservation period: 6 months

3) Records on contract or withdrawal of subscription

Preservation basis: Act on the Consumer Protection in Electronic Commerce

Preservation period: 5 years

4) Records on payments and supply of goods, etc.

Preservation basis: Act on the Consumer Protection in Electronic Commerce

Preservation period: 5 years

5) Records on the handling of consumer complaints or disputes

Preservation basis: Act on the Consumer Protection in Electronic Commerce

Preservation period: 3 years

6) Records of processing in accordance with tax laws

Preservation basis: Framework Act on National Taxes and Income Tax Act

Preservation period: 5 years



6. Procedures and Methods for Deleting Personal Information

When personal information becomes unnecessary, such as the expiration of the retention period of personal information or achievement of the purpose of processing, the Company immediately deletes the personal information in a non-renewable manner.

If personal information must be preserved pursuant to other laws even after the personal information retention period consented to by the data subject has elapsed or the purpose of processing has been achieved,

the relevant personal information is transferred to a separate database (DB) or preserved at a different storage location. The procedure, method, and timing of deletion are as follows:


1) Deletion Procedure

- The Company deletes without delay all personal information, except for the items set as exceptions in "5. Period of Retention and Use of Personal Information".

Items subject to exceptions are moved to a separate DB (in the case of paper, a separate filing cabinet), stored for a set period in accordance with internal policies and other relevant regulations, and deleted.

- Personal information transferred to a separate DB is not used for any other purpose unless it is prescribed by law.

2) Deletion Method

- Personal information stored in electronic files is deleted using a technical method that cannot be undone.

- Personal information printed on paper is destroyed by shredding with a shredder.

3) Procedures for deleting personal information of inactive accounts

The Company may terminate and delete the personal information of dormant accounts that have not been used for 1 year after joining in accordance with Article 27 of the Terms and Conditions.

The Company shall notify the dormant account user at least 30 days prior to the expiration of the period, and the notification will contain the following information.

- Deletion or separate storage of personal information

- Deletion date

- Items of personal information to be deleted

Notification methods may use email, notices, etc.

However, in case of the following exceptions, personal information may be retained even after 1 year has elapsed.

- If the user and the Company have determined a separate preservation period by an agreement

- If required by relevant laws

Once each storage period ends, the relevant information will be deleted without delay.



7. Matters Concerning the Installation, Operation, and Rejection of Automatic Personal Information Collection Devices

The Company uses cookies that frequently store and find information about users. A cookie is a small string of information that a website server sends to the user's browser (Internet Explorer, Safari, Chrome, Firefox, etc.) or app. Cookies identify users' computers and mobile phones but do not personally identify the users themselves.


1) Purpose of Cookie Operation

- To provide differentiated information according to the areas of interest to users

- To use as a measure of service reorganization by analyzing users' use patterns

2) Method of Rejecting Cookies Setting

Users have a choice regarding the installation of cookies. Users may allow all cookies by setting them in their web browser and mobile phone settings or options,

choose to send individual notices when cookies are installed, or refuse to save any cookies;

provided, however, that if a user refuses to store cookies, some of the services provided by the Company cannot be used.

[How to Change Browser Settings]

- Edge: Settings menu to the right of the web browser > Cookies and site permissions > Manage and delete cookies and site data

- Chrome: Settings menu to the right of the web browser > Privacy and security > Cookies and other site data

- Other browsers are in accordance with the different browser settings.

3) Cookies expire when users close their browsers or log out.

4) You can use Google Analytics on a website as an analytical tool. For Google Analytics, you can opt out of the use of data at:

https://tools.google.com/dlpage/gaoptout/ Other weblog analysis tools are subject to their respective refusal methods.

5) The Company allows analytics companies and advertising companies to automatically collect users' advertising identifiers and related information for the purpose of conducting and analyzing marketing campaigns.

- Behavioral information collected: Advertising identifier (ADID and IDFA), country, city, IP address, and device information (OS, hardware information, language, and service usage history)

- Method of behavioral information collection: Automatic collection when running the app

- Purpose of behavioral information collection: Improving service quality by utilizing user behavioral information and promoting active use

- Period of use/retention of behavioral information and information processing method thereafter: Up to 25 months (refer to the period for each provider), automatic destruction using an electronic method

- Method to exercise user control: Refer to the setting method for each device (Article 7 Paragraph 6)

- Method of user damage relief: Game operation team (jyoh@playblb.com)

- Advertising companies wishing to collect and process behavioral information: Google Ad, Twitter, Adjust, META, Criteo, Admob, Unity Ads, AdColony, MOLOCO, Buzzvil, Kakao, Apple Search Ads, Tiktok, Applovin, Remerge, ironSource, Cauly, Naver, Appier, RTB HOUSE, INMOBI, Aarki, Adikteev, LiftOff, Vungle, Digital Turbine, Tapjoy, and AdPopcorn

- Items of provided behavioral information: Advertising identifier (ADID, IDFA), country, city, IP address, and device information (OS, hardware information, language, and service usage details)

- Method of behavioral information collection: Automatic collection and network transmission when using the service

- Purpose of use by those who receive behavioral information: Marketing data collection and analysis utilizing user behavioral information along with advertisement operation

- Retention and use period: Google Ad and Twitter (18 months), Adjust (25 months), META, TikTok (6 months), MOLOCO (3 months), Criteo, etc. (13 months)

6) When promoting its services on a user's device, the Company may use the advertising identifier of the user's device and other related information to deliver ads relevant to the user's interests and to help the Company improve and measure the effectiveness of its ad campaigns.

Users may change their device settings to block the use of their device's advertising identifier for interest-based advertising

or reset their device's advertising identifier.

[How to Change Device Settings]

Android: Settings > Google > Ads> Opt out of Ads Personalization

If iOS 14 or higher: Settings > Privacy > Tracking > Turn off Allow Apps to Request Track

If iOS 14 or less: Settings > Privacy > Ads > Limit Ad Tracking



8. Technological/Managerial Measures for Protecting Personal Information

The Company is actively committed to protecting users' valuable personal information.


1) The Company encrypts and stores important personal information, such as passwords and email addresses of user IDs,

and the encrypted personal information can only be checked and changed upon request from the users themselves.

2) The Company monitors and blocks the intrusion of hackers and other threats 24 hours a day in order to protect the personal information of users.

In addition, an antivirus program is installed and operated to prevent infection by malware or viruses.

3) The Company ensures that only the minimum number of employees handle personal information, and the PC handling personal information is blocked from using external websites.

Additionally, the Company emphasizes compliance with its Privacy Policy through regular education for employees who handle personal information.

4) The Company is making efforts to promptly correct and rectify any issues that may arise by verifying the compliance of

the individuals responsible for the Company's Privacy Policy through an in-house department in charge of privacy protection.

However, even if the Company has fulfilled its obligation to protect personal information, the Company shall not be held responsible for damage that is not attributable to the Company's fault,

such as those resulting from the user's negligence or from areas that are not under the Company's control.



9. Methods for Remedying Rights Infringements

Users may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee

or the Personal Information Infringement Report Center established by the Korea Internet and Security Agency in order to remedy the infringement of personal information.

For reporting and counseling on personal information infringement, please contact the following institutions:


- Personal Information Protection Center: https://privacy.kisa.or.kr

- Personal Information Dispute Mediation Committee: http://www.kopico.go.kr

- Cyber Investigation Department of the Supreme Prosecutors' Office: http://www.spo.go.kr

- Cyber Crime Investigation Department of the National Police Agency: http://ecrm.cyber.go.kr



10. Personal Information Protection Officer, Etc.

The Company has designated a personal information protection officer as follows and the relevant department is making every effort to protect personal information.

Users may report any complaints related to personal information protection that may arise while using the Company's service to the personal information protection officer or the relevant department.


- Personal Information Protection Officer

Name: Yongduk Park

Department/Title: Operation team/Executive

Email: ydpark@playblb.com



11. Outsourced Management of Personal Information Processing

The Company entrusts personal information as follows to provide services:


1) Cases where the processing of personal information is entrusted to another company for the provision of service

Entrusted company/Details of the entrusted business activities

Amazon Web Services Inc (Seoul Region)/Cloud server operation and management

AFI, Inc./Customer Support system operation and agency

2) Cases where the processing of personal information is entrusted to an overseas company (including the outbound transfer of personal information overseas)

Entrusted company/Outbound country/Transferred personal information/Date and methods of transfer/Purpose of use/Retention and use period

(Information Management Entity)

3) When entering into an entrustment contract, the Company specifies matters related to liability, such as the prohibition of handling personal information for purposes other than the performance of the entrusted business activities, technical and administrative protection measures, restriction on re-entrustment, management and supervision of the entrusted party, compensation for damage, etc., in documents such as contracts

as prescribed by the Personal Information Protection Act, and supervises whether the consignee safely handles personal information.

4) If it is necessary to outsource personal information processing overseas for the performance of service provision contracts and improvement of user convenience,

the Company may disclose this Privacy Policy instead of obtaining separate consent for overseas outsourcing in accordance with Article 39 Subparagraph 12 of the Personal Information Protection Act;

if the details of the processing consignment or the consignee are changed, the Company will promptly disclose such changes through this Privacy Policy.



12. Obligation to Notify

In the case where there is any addition, deletion, or revision of the content of the Privacy Policy, the Company shall notify such a matter at least 7 days in advance through its website or initial service page; the Company shall notify 30 days in advance of any matters that may significantly impact users.


<APPENDIX>

Date of Notice: December 20th, 2023

Date of Enforcement: January 10th, 2024