Privacy Policy
Introduction to the Privacy Policy
(ChocolatSoft Co., Ltd., hereinafter referred to as the "Company") handles all personal information in accordance with relevant laws and regulations. The "Personal Information Protection Act" establishes general norms for handling such personal information, and the Company will collect, retain, and process personal information in accordance with the regulations of these laws to protect the interests of users and ensure the proper performance of public duties.
Furthermore, in accordance with relevant laws, the Company respects the rights of users and takes necessary actions, such as allowing users to access, correct, delete, and request cessation of processing of their personal information. Users can also seek administrative adjudication in accordance with the provisions of the Administrative Adjudication Act if their rights are infringed upon.
The Company has established this privacy policy to protect the personal information of users and handle complaints related to personal information. In case of any revisions to the privacy policy, the Company will notify users through the website announcement (or individual notice).
1. Purpose of Collection and Use of Personal Information
[Required Information]
- The necessary information is collected and used by the Company to provide mobile game services to customers. The Company identifies customers through required information for game use, manages game usage records and data, performs service provision, contract fulfillment, billing, prevention of misuse, sanctions against abusers, statistics and data for new services, marketing, advertising, customer support, etc.
[Optional Information]
- Optional information is collected and used by the Company to provide additional convenience for customers in using the Company's mobile game services. Personal information of legal guardians is collected to confirm their consent when collecting personal information of those under 14 years of age.
2. Personal Information Collection Items and Methods
The Company only collects essential personal information required for providing game services to users. However, for better service provision, the Company may collect some optional information from users with their consent.
When Using Mobile Game Services:
- (Required) User identification information provided by external platforms
- The specific information collected may vary depending on the information set as public by the user when using external platforms (Google, Apple, Facebook, Kakao).
When Participating in Company Events:
- (Upon Event Participation) Member number (ID), nickname, email address.
- (Upon Winning an Event) Mobile phone number and address for prize delivery.
- (When Imposing Taxes) Name, address, resident registration number, postal code, etc.
- In such cases, the Company obtains separate consent from users.
During Service Usage:
- Game usage records, access records, cookie information, IP information, authentication records, payment records, usage suspension records, mobile device information (mobile carrier information, device information, country information (MCC)), advertising identifier information (ADID, IDFA).
When Contacting the Customer Center for 1:1 Inquiries:
- Email address, nickname, member number (ID), mobile device information (device name, OS version).
3. Providing Personal Information to Third Parties
The Company generally does not provide your personal information to third parties. However, exceptions may apply in the following cases:
- When obtaining prior consent.
- When necessary for settlement of charges for service provision.
- When requested by authorities in accordance with legal procedures for the purposes of legal regulations or investigations.
- When required for statistical analysis, academic research, market research, etc., and personal information has been processed in a form that cannot identify specific individuals.
4. Entrustment of Personal Information Processing
The Company does not use outsourcing services for processing personal information.
5. Period of Processing and Retention of Personal Information
In principle, the Company retains your personal information until you withdraw your membership. After the purpose of collecting and using personal information is achieved or becomes obsolete, the collected personal information is destroyed promptly. However, if it is necessary to retain personal information in accordance with the provisions of relevant laws, the Company stores the information separately or in a different storage location, in a way that complies with relevant laws.
Period of retention according to relevant laws:
[Electronic Commerce and Consumer Protection Act]
- Records of contract or subscription withdrawal: 5 years of retention
- Records of payment and supply of goods, etc.: 5 years of retention
- Records of customer complaints or disputes: 3 years of retention
[Telecommunications Business Act]
- Records of login authentication service usage: 3 months of retention
[Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.]
- Records of personal information verification: 6 months of retention
[National Tax Basic Act]
- Ledger and supporting documents for all transactions specified by tax laws: 5 years of retention
6. Procedure and Method for Destroying Personal Information
The Company generally destroys personal information without delay after the purpose of collecting and using personal information is achieved. The destruction procedure and method are as follows:
[Destruction Procedure] The personal information that the user entered for membership registration, etc., is moved to a separate database (DB) or stored separately in a separate storage location after the purpose is achieved and is then destroyed after being stored for a certain period as required by relevant laws. The Company does not use personal information stored separately for any purpose other than that prescribed by the relevant law.
[Destruction Method] Personal information stored in electronic file format is deleted using a technical method that makes it impossible to reproduce the record. Personal information printed on paper is shredded or incinerated.
7. Measures for Dormant Accounts
Pursuant to Article 39-6 of the "Personal Information Protection Act," the Company protects the personal information of users (hereinafter referred to as "dormant accounts") who have not used the service continuously for one year. Inactive customer center inquiries (phone calls, mail, email, etc.) and event participation records are not included in the usage date.
Accounts that have become dormant are stored for the purpose of preserving personal information after achieving the purpose of Article 5 of this policy and are kept separate from other personal information. The rest of the user information is destroyed.
8. Rights and Obligations of Information Subjects and How to Exercise Them
- Users can withdraw their consent for the collection, use, and provision of personal information at any time. Legal guardians of users under 14 years of age have the same rights regarding information about themselves and children under 14 years of age.
- Members can withdraw their consent for the collection of personal information by clicking on "Membership Withdrawal" or "Account Deletion" in the service. Members and legal guardians can view and correct personal information by using the "1:1 Inquiry" function within the service.
- The Company will not use or provide personal information until the user's request for correction is completed. If the Company has already provided incorrect personal information to a third party, the Company will notify the third party without delay and make corrections.
- Personal information deleted upon request of a member or legal guardian will be handled according to the Company's terms and policies and will not be viewed or used for any purpose other than that required.
9. Contact Information for the Personal Information Protection Manager
The Company has designated the following departments, personal information protection managers, and personal information protection managers to protect your personal information and handle complaints related to personal information.
[Personal Information Protection Manager]
- Name: Lee Se-heon
- Affiliation and Position: CEO
- Phone: +827049058919
- Email: support@chocolatsoft.com
[Personal Information Protection Department]
- Department: Planning Team
- Phone number: +827049058919
- Email: support@chocolatsoft.com
10. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
The Company may install and operate devices that automatically collect personal information, such as "cookies," to store and retrieve your information.
[What is a Cookie?] A cookie is a very small text file sent to your browser by a server that operates a website, and it is stored on your computer's hard drive. The purpose of using cookies is to analyze the frequency of visits and visit times of members and non-members, to identify members' preferences and interests, track events, and provide target marketing and personalized services based on various event participation levels and visit frequencies.
You have the option to accept or reject all cookies. You can set it in your web browser by selecting "Allow all cookies," "Ask each time cookies are saved," or "Block all cookies."
[Cookie Settings]
- Safari: How to Manage Cookies
- Firefox: Disable Third-Party Cookies
- Chrome: Manage Cookies
- Edge: Cookie Management
11. Security Measures for Personal Information Protection
The Company takes the following technical, administrative, and physical measures to ensure that personal information is not lost, stolen, disclosed, tampered with, or damaged during the processing of personal information:
[Technical Protection Measures]
- Access control to the database system processing personal information by granting, changing, and revoking access rights to prevent unauthorized access.
- Use of intrusion detection systems to control unauthorized access from external sources.
- Records of accessing personal information processing systems (web logs, summary information, etc.) are stored and managed for at least three months. Access records are stored securely to prevent tampering, theft, and loss.
- Personal information is encrypted and stored. Important data is encrypted during storage and transmission. Additional security measures are used for secure storage and transmission.
[Administrative Protection Measures]
- Limited assignment of personnel handling personal information to minimize and manage personal information.
- Periodic employee training to emphasize the importance of personal information protection and compliance with the personal information processing policy.
- Confirmation of compliance with the personal information processing policy and confirmation of compliance with the policy by a specialized department.
[Physical Protection Measures]
- Paper documents containing personal information that need to be stored for a certain period are stored in a secure place with locking devices.
- Personal information processing systems are transferred to a cloud environment to prevent unauthorized physical access.
The Company, however, is not responsible for any problems arising due to the user's own negligence, such as device loss, despite the Company's efforts to protect personal information.
12. Methods for Redressing Privacy Violations
If you encounter any complaints related to the protection of your personal information while using the Company's services, you can report them to the personal information protection manager or the relevant department. The responsible personnel will provide a prompt and sufficient response to your report. If you need to report or consult about other privacy violations, please contact the following organizations:
- Personal Information Infringement Report Center (Privacy KISA, 118 without an area code)
- Personal Information Dispute Mediation Committee (Kopico, 1833-6972 without an area code)
- Cyber Investigation Department of the Supreme Prosecutors' Office (SPO, 1301 without an area code)
- Cyber Safety Bureau of the Korean National Police Agency (Cyber Bureau, 182 without an area code)
13. Changes to the Privacy Policy
In the event of changes in relevant laws or internal policies, the Company will notify users of changes and reasons at least 7 days in advance through the Company's website and game websites. If any significant changes regarding user rights occur, users will be notified at least 30 days in advance.
This privacy policy has been in effect since December 8, 2021.