개인정보 처리방침 | MAD WORLD - AGE OF DARKNESS

MAD WORLD - AGE OF DARKNESS

Privacy Policy
이전 약관보기
2022-10-30
  • 2021-12-03
  • 2022-10-30
('www.madworldmmo.com', hitherto 'Mad World MMORPG') handles customer’s personal data with care, and keep compliance with regulations such as “Act on Promotion of Information and Communications Network Utilization and Information Protection“ and “Personal Information Protection Act”. Also, personal data processing policy based on related decree has been established with the aim to treat user rights protection as a top priority.

The company displays personal data processing policy in the company homepage and mobile service initial screen to keep the information always visible for the customers. This policy can be subject to change due to change in related decree, guideline, or company’s internal policy. In case of change, the company will notify immediately regarding the reasoning for the change as well as its content.

1. Collected personal data items and collection method
The company collects following data needed to provide service after receiving the user's agreement, and this information is divided into mandatory/choice data.
Data collected for reasons below are collected during the process of user typing in information for service use or event/marketing participation.
Classification1 Collection purpose Mandatory/Choice Collection item Storing duration
Using E-mail account User identification, homepage use, game service management Mandatory E-mail address, password Membership termination or until the time set by decree
Using Google account User identification, homepage use, game service management Mandatory E-mail address, password Membership termination or until the time set by decree
Using Facebook account User identification, homepage use, game service management Mandatory E-mail address, password Membership termination or until the time set by decree
Using Naver account User identification, homepage use, game service management Mandatory E-mail address, password Membership termination or until the time set by decree
Using Kakao account User identification, homepage use, game service management Mandatory E-mail address, password Membership termination or until the time set by decree
Event Event participation Choice Name, address, Mobile No., E-mail, SNS ID Until purpose is accomplished(Or, until agreement is withdrawn)
Event item delivery Mandatory Name, Mobile No., address Until distribution of event reward is complete, however, in case of winner’s payment of taxes and utilities’ charge, 10 years from the collected data (Maximum limitation period in accordance with national tax laws)
Taxes and public utilities’ charge Applying Public Charge and Tax Name, citizen registration No., address, account No., name of bank and depositor
Customer counseling User identification, call, customer inquiry counseling Mandatory Response registration E-mail 3 years (Act on Consumer Protection in Electronic Commerce)
Mandatory Mobile No., payment info 3 years (Act on Consumer Protection in Electronic Commerce)
Visit counseling Mandatory Name, phone No., visual info 3 years
Choice Payment info used for payment 3 years (Act on Consumer Protection in Electronic Commerce)
Use of cash service Commencement of item payment Mandatory - Mobile payment: mobile service provider
- Deposit without bankbook and bank branch /ATM payment: name of bank
- Coupon: phone No., coupon info
-Credit card payment: Name of card company
※ The data required for paid payment is collected by PG company.
5 years (Act on Consumer Protection in Electronic Commerce)
Refund and payment cancellation Refund processing Mandatory Bank name, account No., depositor 5 years (Act on Consumer Protection in Electronic Commerce
Payment cancellation processing Mandatory - In case of mobile payment: mobile provider
- - Deposit without bankbook and bank branch /ATM payment: name of bank
- Coupon: phone No., coupon info
-Credit card payment: Name of card company
※ The data required for paid payment is collected by PG company
5 years (Act on Consumer Protection in Electronic Commerce


2. Purpose of collecting and using personal data
The company uses collected personal data for the following purpose.
a. Upholding contract regarding service and calculating fee generated by providing service
Provision of contents, delivering item or bill, user verification, purchase and fee payment.
b. Member management
User verification required for membership service and related decree, individual identification, make sure restricting service for certain member (Terms “Article 11: Company’s cancelement of user agreement” and “Article 12: violation of regulation of service use restriction) is enforced and preventing unauthorized use, confirmation of intention to join membership, confirmation of legal representative for child below age of 14, restriction on number of membership, keeping record for dispute mediation, processing complaint, delivering notification
c. Develop new service, use for marketingㆍads
Developing new service and providing customized service, providing service and ads according to statistics, verifying effectiveness of service, provision of event and promotional info and participation opportunity, assessing frequency of access, statistic in regards to member’s service use


3. Sharing and providing personal data
a. The company uses users’ personal data within the bounds notified in “2. Purpose of Collecting and Using Personal Data“. In principle, without user’s consent, it shall not reveal user’s personal data to the outside or use data in ways that step over bounds.
b. Exceptions will be made for the following cases..
① If user made an agreement previously
② If data is required to calculate fee generate by providing service
③ Either in accordance with decree regulation, or investigative agency made a demand in correct legal protocol for investigative purpose
④ In the instance it is required for writing statistics, academic research, and market study, where personal data is processed and provided in a way that identifying individual is rendered impossible


4. Dormant account’s personal data separation, storage, management
Account without a recent record of using service for one year will be switched to a dormant account, and its personal data will be separated for storage/management.
When personal data is separately stored/managed due to switching to a dormant account, use of all services including gameplay become unavailable, in order to use service again, users may log in at homepage to apply for account recovery.
If you use service before the expiring date, switch to dormant account is canceled, therefore, if you do not want switch to dormant account and personal data separation storage, you may log in at homepage or use game service momentarily.
- Account subject to separated storage/management: Account without year of service use
- Expiring date: One year since service use has stopped
- Items of personal data subject to separated storage/management: account data, phone number, personal info, record of service use, payment record, and counseling record


5. Delegating processing of personal data
a. The company delegates personal data as indicated below for service improvement, and set conditions required for safe management of personal data in the event of delegation contract.
b. The contractors tasked with processing personal data and their task details are as follows below.
Contractor Contract task
AWS Cloud server management
Xsolla Inc Payment service agency


6. Storage and use duration of personal data
In principle, user’s personal data will be terminated without delay once the purpose of collecting and using personal data is achieved. However, the company stores personal data for 7 days after a membership withdrawal request in preparation for issues such as unintentional membership withdrawal by use of stolen personal data. But, this can differ depending on service, and it will not surpass 14 days. Also, following data will be stored for stated duration, and it is to be never used for other purposes.
a. Keeping data in accordance with related decree
When it is required to store personal data in accordance with related laws such as commercial law and Act on the Consumer Protection in Electronic Commerce, the company will store member data for a set period determined by related decree. In this instance, the company stores the data for storage purpose only, and storage duration is as follows below.
① Record of service visit
- Reason for preservation: Protection of Communications Secrets Act
- Preservation duration: 3 months
② Record of contract or payment withdrawal
- Reason for preservation: Act on the Consumer Protection in Electronic Commerce
- Preservation duration: 5 years
③ Record of user verification
- Reason for preservation: Act on Promotion of Information and Communications Network Utilization and Information Protection
- Preservation duration: 6 months
④ Records of payment for item and supply of cash currency
- Reason for preservation: Act on the Consumer Protection in Electronic Commerce
- Preservation duration: 5 years
⑤ Record of customer complaint or dealing with dispute
- Reason for preservation: Act on the Consumer Protection in Electronic Commerce
- Preservation duration: 3 years
⑥ Document and documentary evidence required by tax law
- Reason for preservation: Framework Act on National Taxes
- Preservation duration: 5 years
b. When it’s required to store personal data in accordance with service use terms
① Record of wrongful use of service
- Reason for preservation: preventing wrongful use
- Preservation duration: service use restriction duration
c. If the company separately received user’s agreement


7. Personal data termination procedure and method
In principle, a user's personal data will be terminated without delay once purpose for collection and use is achieved. The company’s personal data termination procedure and method are as follows.
A. Termination procedure
The data user entered for purposes such as applying for membership will be moved to a separate database after purpose is accomplished (in case of paper, separate cabinet). After a set period in storage, the data will be terminated according to internal policy and decree related to data protection (refer to storage and use duration). The personal data in question will not be used for any purpose other than storing in accordance with regulation.
B. Termination method
① Personal data stored in electronic file will be deleted using tech that will rule out recovery.
② Personal data printed on paper will either be shredded or burned for termination.


8. User and legal representative’s rights and method to exercise them
a. Personal data protection of children aged below 14
① The company can demand required minimum information such as name and phone number of legal representative when account verification is difficult because the user is under-aged. Legal representative’s personal data which is collected this way will not be used for purposes other than verifying the legal representative’s agreement, and will not be provided to a third party. Agreement of a legal representative is used to resolve a customer's complaint and dispute when instances such as contract between company and child, payment withdrawal, payment, and cash currency supply arise.
② Agreement, agreement withdrawal or expired agreement from legal representative of a child who quit membership will be terminated irreparably the moment it has fully served its purpose. However, if preservation is necessary according to related regulations such as commercial law or, the company will store legal representative’s personal data for a set duration determined by related decree.
③ Child’s legal representative can demand viewing child’s personal data, edit, or withdrawal of agreement related to personal data use and provision. When such demand is made, the company will take necessary measures without a delay.


b. Item related to user’s own personal data management
① User can withdraw agreement related to personal data collection at anytime from ‘Homepage (https://www.madworldmmo.com/ )>My page>Member info’, in such instance, the company will take a necessary measure such as termination of personal data after user verification as long as the decree does not state otherwise. However, in the instance of personal data termination due to membership withdrawal, the data user created and accumulated through the company’s service may be destroyed along with it.
② User can demand stoppage of personal data processing at anytime, and the company can reject such demand if there is special regulation by the law.
③ When user’s legal representative visits the company to view personal data or demand correction, the company checks whether he/she is truly user’s representative, in this instance, the company can demand a proof that verifies representation.
④ In the instance there is justified reason to reject demand to view or correct part or whole of user’s personal data, the company notifies the user without delay, and explain the reasoning.
⑤ Because change in mandatory information items the user provided at membership sign-up could cause error to provided service, the company can separately demand procedure from the user related to change in mandatory information items.


9. Item related to installation/management and rejection of automatic personal data collection
The company utilizes a ‘cookie’ that stores and tracks data of users. Cookie is a very small text that is sent by the server used to manage a company's website to the user's browser, and this text is saved on the user's computer hard drive. Company uses cookies for the following reasons.
a. Purpose of using cookie
Member and non-member’s access frequency and visit time are analyzed, thus assessing user’s interests, tracking traces, number of visits to provide a better customized service. User’s web/mobile service visit and activity log can be provided to Incross Inc. for customized advertisement according to sex/age group’s interests based on population statistics.
b. How to reject cookie settings
User has a choice when it comes to cookie installation. Therefore, users can allow all cookies by setting options on the web browser, go through confirmation each time a cookie is stored, or reject cookie storage altogether. However, rejecting cookie storage could cause difficulty in provision of some services.
[Cookie setting method]
1 Internet Explorer: Upper side of web browser [Tools] → [Internet Options] → [Privacy] → [Advanced]
2 Chrome: Upper right corner of web browser [⋮] → [Settings] → [Privacy and security] → [Cookies and other site data]


10. Item related to secure safety of personal data
a. Technical precaution for personal data protection
① The company strives its best to prevent exposure or damage to member’s personal data due to hacking and virus. Data is backed-up regularly in case personal data gets damaged, an updated vaccine program is employed to prevent exposure or damage to user’s personal data, and encrypted communication is used to safely send personal data within a network. Infiltration block system is used to prevent unauthorized contact from the outside, the company takes the effort to obtain all technical devices necessary to secure security systematically.
b. Systematic precaution for personal data protection
The company limits personal data processing to few personnel in charge, and a separate password is created and renewed periodically for data protection, and emphasizes compliance of personal data processing policy through educating the staff in charge regularly. Also, when a problem is discovered, the company will do its best to fix it immediately.
c. Physical precaution
Storage area for personal data is defined as a security zone, and entry of non-authorized personnel and outsiders is controlled, and print, written record that includes personal data is stored in a safe area to block attempts to view the contents.
However, the company is not responsible for problems arising from user’s neglect or exposure of personal data such as ID and password due to Internet conditions.


11. Change in personal data processing policy
The company sends a notification through the homepage when change is made in personal data processing policy (adding, deleting, or editing contents). Also, to make clear sense of the change, the contents before and after the change will be compared.


12. Customer service regarding personal data
To protect customer’s personal data and to process complaints regarding personal data, the company appoints the following individuals as personnel responsible for personal data protection.
[Staff in charge of personal data protection]
Name: Yoon Semin
Phone No.: 02-6956-1701
E-mail: privacy@jandisoft.com
[Staff in charge of personal data protection]
Name: Jung Kyungwha
Phone No.: 02-6956-1701
E-mail: privacy@jandisoft.com
b. You can report all issues (such as withdrawal of agreement related to providing personal data to 3rd party and data processing) related to personal data to staff in charge of personal data or affiliated departments. The company will swiftly provide a satisfactory response in regards to the user's report.
c. Please inquire the institutions below when you need reporting or counseling for personal data infringement
- Personal Information Infringement Report Center (http://privacy.kisa.or.kr, Phone No. 118)
- Personal Information Dispute Mediation Committee (www.kopico.go.kr, Phone No. 02-2100-2499)
- Prosecution Service (http://www.spo.go.kr, Phone No. 02-3480-2000)
- Korean National Police Agency Cyber Bureau (cyberbureau.police.go.kr, Phone No. 182)


13. Linked sites
In regards to personal data collection within another company’s website which was linked in service provided by the company, “Jandisoft’s personal data processing policy” isn’t applicable.


14. Other
In case there is addition, deletion, or edit to current personal data processing policy, the change will be notified through the homepage at least 7 days prior, and change in content crucial to user’s right or responsibility will be notified 30 days prior to the change.


Notification date: 2022, October 26
Enforcement date: 2022, October 26