Policy on Processing of Personal Information
Date of Enforcement: Jun 21, 2014
The Growing Seeds Ltd. (hereinafter referred to as the “Company”) regards personal information of user as important and observes laws and regulations as to protection of personal information. The Company shall inform principal of information (hereinafter referred to as the “User”) of for what purposes such personal information is used, how personal information of such principal is used, and what types of measures the Company takes to protect such personal information.
Where the Company amends the Policy on Processing of Personal Information, the Company will publicly announce such amendment on a homepage of the Company or individually notify such amendment.
This Policy on Processing of Personal Information will apply to all services that the Company provides and contain the followings.
Definition of Terms
For the purpose of this Policy on Processing of Personal Information, the following terms shall have the meaning assigned to them below.
(1) “User” means a customer that is authorized to use all games and services that the Company provides.
(2) “Service” means all services that the Company provides.
(3) “Terminal” means equipment such as PC, cellular phone, smart phone, tablet, etc. with which a user may download, install, or use service.
(4) “Application” means all programs that a user may download, install, or use through a terminal stated above in (3) in order to use service that the Company provides.
(5) “App Store (Open Market) Provider” means all e-commerce providers (including a provider that enables a method to make payment within a game) such as Open Market that installs games of the Company and provides a method to make payment. For example, Google Play Store, Apple App Store, etc.
(6) “Platform Provider” means a provider and all its services, which provides service by entering into partnership with the Company in informing and using games of the Company. For example, naver of NHN Inc., facebook of Facebook Inc., KakaoTalk of KakaoTalk Inc., etc.
(7) “User Account” means an email that a user selects and enrolls in an application in order to identify him/her and use services. The user account is limited only to an email which the user validates to his/her own email in accordance with procedure prescribed by the Company.
(8) “Paid Contents” means all online contents that a user purchases through App Stores stated in (5) in order to enjoy a specific effect on services that the user uses.
(9) “Free Contents” means all online contents that a user does not purchase through paid contents stated in (8) within a game and may acquire by a gift among users or game service.
Unless otherwise stated herein, the definition of terms herein shall observe a definition prescribed in relevant laws and regulations. Where the relevant laws and regulations do not define the definition, the definition of terms in a general commercial custom shall be observed.
1. Personal Information to be Collected and a Method to Collect
A. Personal Information to be Collected
Firstly, the Company is collecting the following personal information in signing up for service in order to provide various services:
- Email ID of user;
- Name or nickname of user’s child;
- Serial number of equipment (terminal ID, UDID, IMEI etc.);
- Nation of Open Market;
- Language selected within service; or
- Terminal information (manufacturer, name of equipment, OS)
Secondly, the Company may automatically generate and collect the following information during service use or business processing:
- User status information
- Date and time of visit
- Service use record
- The 2nd generation result data that are generated by service use
- Faulty use record
Thirdly, credit card information, details of purchase, other data on payment may be collected during use of free/paid services. The Company may collect additional personal information such as mail address, verified details on purchase, etc for smooth customer service in customer’s request restoration of paid contents and refund
B. Method to Collect Personal Information
The Company collects personal information as follows:
Firstly, the Company automatically collects personal information through a platform which is in a partnership with the Company for providing service.
Secondly, the Company collects personal information through a user’s voluntary provision during signing in or use of service.
2. Purpose to Collect and Use Personal Information
A. Provision of Basic Functions of Service
The Company provides a user with services such as to invite a friend, to gift, to recommend, or to view ranking, etc. through a user account. The Company provides nickname and profile information such as a character image, etc. of other user who is not registered as a friend only for adding such other user as a friend. Also, the Company may collects and stores unique equipment number (terminal ID, UDID, IMEI) in order to check if the user account operates normally.
B. Contract Performance for Service Provision and Calculation of Charges according to Service Provision
Provision of free or paid contents, authentication of user, payment of purchase and charges, collection of charges
C. Member Management
Authentication according to use of membership service, verification of user related to provision of service, prevention of illegal or unapproved use by delinquent member, verification of intention to signing in, restriction on signing in or number of signing in, data preservation for authentication and dispute conciliation, complaint handling, and delivery of notice.
D. Development of New Service and Utilization for Marketing and Advertisement
Development of new service and provision of customized service, provision of service and advertisement according to statistical features, verification of efficiency of service, provision of information on event and advertisement and opportunity to participate therein, understanding of access frequency, statistics on service use of a member
3. Sharing and Provision of Personal Information
The Company uses personal information of users in accordance with scope of notice in “Purpose to Collect and Use Personal Information.” The Company will, in principle, not use exceeding the scope of use of personal information or disclose personal information of a user without a prior consent of the user. However, the Company may carefully use and provide personal information in following circumstances:
- Where provision of laws and regulation defines or investigation agency requests use or provision of personal information in accordance with procedure and method prescribed in laws or regulations
4. Period of Retention and Use of Personal Information
The Company will, in principle, promptly destroy personal information of user once purpose to collect and use personal information is attained. However, the following information will be retained for specified period of time for the following reasons.
A. Retention of Information in accordance with Internal Policy of the Company
- Data on illegal use (reason for retention: prevention of illegal use, retention period: 1 year)
B. Retention of Information in accordance with relevant laws and regulations
Where the Company needs to retain personal information in accordance with relevant laws and regulations such as the Commercial Act, or the Act on the Consumer Protection in the Electronic Commerce Transactions, etc., the Company will retain such member information during a period of time prescribed by such laws and regulations. In this case, the Company may use only for purpose of retention of such information and the period of retention will be as follows:
- Data on conclusion or cancellation of contracts (ground for retention: the Act on the Consumer Protection in the Electronic Commerce Transactions, etc. retention period: 5 years)
- Data on payment and provision of goods (ground for retention: the Act on the Consumer Protection in the Electronic Commerce Transactions, etc. retention period: 3 years)
5. Procedure and Method to Destroy Personal Information
Once the purpose for collection and use of personal information is attained, the Company will, in principle, promptly destroy personal information of user. The procedure and method to destroy personal information of the Company will be as follows:
A. Procedure to Destroy
- Once such purpose is attained, the Company will destroy information that a user inputted in order to sign in services after retaining such information for a certain period of time (refer to period of retention and use) in a separate DB in accordance with relevant laws and regulations as well as internal policy of the Company.
- Unless otherwise stipulated in relevant laws and regulation, the Company will not use such personal information for other than retention thereof.
B. Method to Destroy
- The Company will destroy printed personal information by a shredder.
- The Company will destroy personal information in an electronic file by a technical method that disable to reproduce such personal information.
6. Rights of User and One’s Legal Representative and Method to Exercise such Rights
A user and a legal representative for a minor may retrieve or change personal information on oneself or a minor under the age of 14 through Platform Provider or App Store Provider. The user and the legal representative for a minor may request cancellation of service through logout from application and account deletion (or authentication cancellation).
7. Technical/Administrative Protection of Personal Information
In order to prevent personal information from being lost, stolen, leaked, falsified, or damaged, the Company devices technical/administrative protection measures as follows
A. Measures against Hacking
The Company is doing its best in order to prevent personal information of a user from being leaked or damaged by hacking, or computer virus, etc. The Company regularly backs up data, prevents personal information of user from being leaked or damaged, and securely transmits personal information on networks through an encrypted transmission. Also, the Company controls an unauthorized access with a firewall system and endeavors after other possible technical measures for security.
B. Minimization of Staff to Handle Personal Information and Training thereof
The Company authorizes only a person who is in charge of personal information to handle such information, grant a separate password to such person, which is regularly updated, and stresses to abide by the Policy on Processing of Personal Information by a frequent training.
C. Organization Exclusive for Protection of Personal Information
The Company will verify performance of the Policy on Processing of Personal Information and compliance by the person in charge thereof through in house organization exclusive for protection of personal information. Where it detects nonperformance or noncompliance, the Company will promptly endeavor after correct it. However, provided that personal information is leaked due to other than user’s negligence, intention or gross negligence of the Company, the Company will not be responsible.
8. Contact Information on a Person in Charge of Personal Information Management
A user may report an objection or problem regarding protection of personal information that occurs in use of service to a person in charge of personal information management or a relevant department. The Company will promptly respond to the objection or problem of the user.
Name: Hyo Taek, Kim
Fax: (031) 702-0908
9. Notice Obligation
Where the Company adds, deletes, or amends the exiting Policy on Processing of Personal Information, the Company will make a public announcement no later than seven (7) days before the date of enforcement of such addition, deletion, or amendment through a homepage of the Company or an application service.
Date of Announcement: Jun 21, 2014
Date of Enforcement: Jun 21, 2014