Daerisoft Co., Ltd. (hereinafter referred to as the company) takes the
protection of its users’ privacy seriously and complies with the Act on
Promotion of Information and Communications Network Utilization and
Information Protection, Etc. This how your personal information is used
under our privacy policy, and what measures are taken for privacy
protection.
The table of contents of this privacy policy is as follows.
1. Items of personal information to collect and the method thereof
2. Collection of personal information and intended purpose
3. Sharing and provision of personal information
4. Delegation of authority to handle personal information
5. Retention and use period of personal information
6. Procedures and method for disposal of personal information
7. Rights of a user and his or her legal representative, and method of
exercising the rights
8. Issues related to the installation, operation and refusal of automatic
personal information collection equipment
9. Measures for the protection of personal information in
technical/administrative terms
10. Civil complaint service about personal information
11. Other
12. Notification obligation
1. Items of personal information to collect and the method thereof
(1) Items of personal information to collect
The company collects the following personal information at the time of
signing up or using the service to ensure seamless member registration,
customer service and various services.
- Required information: email address, mobile phone number
- Optional information: date of birth, gender
For services that lack separate consent procedures for the process in
Paragraph 1 above, neither required information nor optional information
is not collected.
The following information may be generated and collected in the
process of service use or business handling.
- Information of the user's mobile phone terminal (model name, OS
version, mobile firmware version, device identification number, etc.), IP
address, cookie, the latest access location
- Records at the time of using location-based services
- Access time, service use record, faulty use record, etc.
When information is unavoidably required for the payment in the course
of using free/paid service
- Credit card information, wireless carrier information, purchase record
and gift card number and/or other payment related information are
collected
When the user requests the restoration or refund of paid contents
- Email address, purchase record and additional personal information such
as the real name and family relations evidence to demonstrate that the
purchase was made by a third party are collected.
(2) Personal information collection method: The company collects the
personal information of users through the following methods.
- Through the agreement procedures at the time of signing up for the
service provided by the company
- Via separate consent procedures for promotions and events
- Automatically through platforms in partnership with the company with
regard to the provision of services
- When provided by the users in a voluntary manner or in response to the
company's request where necessary at the time of subscribing or using the
service
2. Collection of personal information and intended purpose
(1) The company uses the personal information of users collected for the
following purposes.
1) To secure communication channels to facilitate the delivery of
notifications or the handling of customer complaints
2) To handle inquiries about the use of paid information, handle
conflicts related to the implementation of contract requirements and
obligations, and provide customer services
3) To introduce new services as well as new product launch event
information
4) To provide other contents and authentication service (find my
ID/Password, etc.)
3. Sharing and provision of personal information
(1) Except for cases with the user's consent or provisions specified in
the related laws and regulations, the company will never use the personal
information of users beyond the scope of the intended use specified in
the "Collection of personal information and intended purpose," or provide
such information to other companies, organizations or institutions.
(2) When sharing or providing the personal information of users, for
example when the provision of users' personal information within a
limited scope is necessary to provide various services to users through
partnership with other service providers or business operators, users
will be notified of who will receive or share users' personal
information, what the main business is, what items in the personal
information will be provided or shared, for what purposes users’ personal
information is to be provided or shared, etc. through a notice on the
home page of the NFLgamz website (http://www.nflgamz.com), a notice in
the application or through a message to users at least 10 days prior to
the implementation to obtain consent from users.
(3) In the following cases, provision of a user's personal information
without consent from the applicable user is allowed pursuant to the
related laws and regulations.
1) When such information is required to collect fees for the provision of
service(s)
2) When the provision of a user's personal information is necessary for
statistics, academic or market research purposes, and the personal
information provided is processed to ensure that the identification of
the user is not possible
3) When there has been a request from related authorities for
investigation purposes in accordance with related laws and regulations
4) When special provisions are specified in the Act on Real Name
Financial Transactions and Confidentiality, the Use and Protection of
Credit Information Act, the Electronic Communication Fundamental Law, the
Telecommunications Business Act, the Local Tax Act, the Consumer
Protection Act, the Bank of Korea Act and the Code of Criminal Procedures
4. Delegation of authority to handle personal information
The company may delegate the authority to control the personal
information of users to ensure the implementation of service(s). In case
of delegation, the company specifies requirements to ensure the safe
control of the personal information of users in accordance with the
related laws and regulations.
5. Retention and use period of personal information
(1) In principle, the company retains a user's personal information from
the member registration to the termination of membership. If the
applicable user withdraws his or her membership or the intended purpose
of the collection and use of personal information is achieved, the
applicable personal information is disposed of immediately. However, the
company will retain the user's personal information for 3 months from the
date on which the membership of the applicable user is terminated
according to the terms and conditions as well as internal policy to
prevent the illegal use of such information. After the aforementioned
period, the personal information of the user is completely deleted.
(2) If the personal information of a user must be retained pursuant to
the provision(s) of Commercial Act or other related laws even if the
purpose of its collection has been achieved, or if there is a reason for
retaining such personal information according to the company's internal
policy or other related regulations, the company shall retain the
personal information of the user for a certain period of time prescribed
by related laws and regulations. In this case, the personal information
retained will be used only for retention purposes, and the retention
periods are as follows:
- Records related to contract or cancellation of subscription
(Reason for retention: Act on Consumer Protection in the Electronic
Transactions, Etc., Retention period: 5 years)
- Records on payments and supply of goods
(Reason for retention: Act on Consumer Protection in the Electronic
Transactions, Etc., Retention period: 5 years)
- Records on handling of consumer complaints and conflicts
(Reason for retention: Act on Consumer Protection in the Electronic
Transactions, Etc., Retention period: 3 years)
- Records on identification
(Reason for retention: Act on Promotion of Information and Communications
Network Utilization and Information Protection, Etc., Retention period: 6
months)
- Visiting records: access logs, service use records, etc.
(Reason for retention: Protection of Communications Secrets Act,
Retention period: 3 months)
(3) For personal information that is retained pursuant to Paragraph (2)
above, if the subject of the applicable personal information requests the
retrieval of his or her personal information, the company will provide an
appropriate measure to enable such retrieval immediately.
6. Procedures and method for the disposal of personal information
When the purpose of the collection or use of personal information has
been achieved, the company will in principle destroy the applicable
information immediately. The method and procedures for destroying
personal information are as follows.
(1) Destruction procedures
- The information of a member input by the member at the time of signing
up will be destroyed after the purpose of its collection or use has been
achieved after being retained for a certain period of time according to
the reason(s) for information protection pursuant to the company's
internal policy or other related laws and regulations (refer to the
periods of retention and/or use of personal information).
- Personal information will not be used for purposes other than the
intended purpose except in the cases specified in the laws and
regulations.
(2) Destruction method
- Personal information saved in an electronic file format is deleted
using a technical method that disables the recovery of the record.
- Personal information output on paper shall be shredded or incinerated.
7. Rights of a user and his or her legal representative, and method of
exercising the rights
(1) The rights can be exercised when the request is received through the
platform in partnership with the company related to the provision of
services, or when the request is submitted directly via the company's
website.
(2) The user and his or her legal representative may retrieve or adjust
his or her own personal information or that of an adolescent below the
age of 14 years for which he or she is responsible, and may request the
cancellation of the subscription at any time.
(3) The adjustment of personal information of the user's own personal
information or that of an adolescent below the age of 14 years for which
he or she is responsible can be performed on the personal information
change page (or Modify My Profile), while the cancellation of
subscription (cancellation of consent) can be performed on the home page
of the NFLgamz website (http://www.nflgamz.com) after the identification
process.
(4) Alternatively, the person in charge of privacy policy may be
contacted via phone, email or through a written request to prompt a
necessary action immediately.
(5) If the user requests the correction of errors in the personal
information, the applicable personal information will not be used or
provided until the correction is completed. In addition, when incorrect
personal information has already been provided to a third party,
corrected information will be delivered to the third party without delay.
(6) The company handles personal information that has been closed or
deleted in response to the request from the user or his or her legal
representative in accordance with the provisions specified in the
"Retention and use period of personal information," and disables the
retrieval or use of information for other purposes.
8. Protective measures for personal information in
technical/administrative terms
The company is developing the following technical/administrative measures
to secure safety in order to prevent loss, theft, leakage, alteration or
damage to personal information.
(1) Encryption of password
The company does not collect the passwords of members in the platform in
partnership with the company for the provision of services.
(2) Countermeasures against hacking
The company prevents attacks or hacking by installing and operating
equipment that blocks penetration into the system from the outside to
prevent the leakage of users' personal information. Significantly, the
highest level of security is maintained for the server containing the
personal information of users, which does not have a direct connection to
external internet lines, through separate management.
In addition, the company is equipped with a backup system for the main
system and data in preparation for emergencies, and takes measures to
prevent damages caused by computer viruses. Anti-virus software is
updated at regular intervals, and updates to cope with suddenly emerging
viruses are provided immediately when such updates are available to
prevent the infringement of personal information.
(3) Restriction and indoctrination of handling personnel
The number of personnel handling personal information is limited to the
minimum level required, and indoctrination is provided to such personnel
frequently in order to emphasize the importance of compliance with the
privacy policy.
(4) Operation of dedicated privacy protection organization
The company is operating a dedicated internal privacy protection
organization in order not only to verify compliance with the privacy
policy but also to take corrective action when problems are detected.
However, for problems originating from the leak of a user's personal
information in the platform in partnership with the company for the
provision of services, such as ID, password, nickname, email address,
which is due to the user's negligence or a malfunction in the internet
connection, the company will not be held responsible.
9. Civil complaint service about personal information
If you have any questions about the personal information of a user or the
privacy policy, please contact the following person in charge of the
privacy policy. We will promptly answer your questions in a sincere
manner.
In addition, the company has a person and organization in charge of the
privacy policy, as shown below.
* Person in charge of privacy policy
- Name: Na, Jiyeong
- Organization: Publishing Division
- Position: Head of department
- Contact: 070-4353-4917
- Email: info@nextfuturelab.com
- Address: Join Building 4th floor, 89-6, Nonhyeon-dong, Gangnam-gu,
Seoul, Korea
If you want to consult with public authorities other than the company
about privacy infringement, please contact the following agencies for
help.
- Privacy Infringement Complaint Center at Korea Information Security
Agency (http://www.118.or.kr, contact: 118)
- Privacy Mark Certification Committee (http://www.privacy.or.kr,
contact: 02-580-0533~4)
- Advanced Criminalistics Department at Supreme Prosecutors' Office
(http://www.spo.go.kr, contact: 02-3480-2000)
- Cyber Terror Response Center at the National Police Agency
(http://www.ctrc.go.kr, contact: 02-392-0330)
10. Other
(1) The company may provide the user with links to the websites of other
companies or external data. In this case, as the company does not have
any controlling authority over the external websites or data, the company
cannot guarantee or take any responsibility for the usefulness of the
service or data provided.
(2) When the user navigates to the website of another company by clicking
on a link in the service provided by the company, the privacy policy as
well as terms and conditions of the applicable website are irrelevant to
the company, so you should check the privacy policy of the applicable
website.
(3) Users should keep their personal information up to date in order to
prevent unexpected problems. The responsibility for any issue caused by
the inaccuracy of information input by the user shall lie with the user.
Inputting false information, such as the illegal use of another person's
personal information, may lead to the deletion or limitation on the use
of the account.
(4) Although a user has rights to be protected for his or her personal
information, he or she is obliged not only to protect his or her own
personal information, but also to not infringe other's personal or
privacy information. Please be careful not to expose your personal
information including the password to others, and avoid damaging other
users' personal information, including their posts. Failing to fulfill
such responsibilities that cause damages to another user's personal
information or reputation may lead to a penalty in accordance with
related laws and regulations.
(5) The responsibility for any disadvantage in the use of service(s) or
property loss caused by the entry of inaccurate or false personal
information shall lie with the user.
11. Notification obligation
Changes to the privacy policy corresponding to changes in the laws and
regulations, policies and security technologies will be announced to
users at least 10 days prior to such revision on our NFLgamz website
((http://www.nflgamz.com) along with the reason for revision and the
revision details.
Privacy policy announcement date: August 19, 2013
Privacy policy enforcement date: August 26, 2013