top of page

Privacy Policy for Macovill

This personal information processing policy (“this Privacy Policy”) has been prepared in accordance with the laws of the Republic of Korea.

Macovill(the “Company”) attaches great importance to the personal information of customers (“Users”) who use game and other services (“Services”) provided by the Company, and complies with all laws and regulations such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection. As such, in accordance with Article 30 of the Personal Information Protection Act, the following Privacy Policy is established and disclosed to inform data subjects of the procedures and standards for handling personal information, and to handle complaints related thereto quickly and smoothly. This Privacy Policy applies not only to game services, but also to additional services directly or indirectly related to the game service, and we will inform you through the website announcements (or individual announcements) when it is revised.

 

1. Items and purpose of collection/use of personal information

The Company collects personal information from Users as follows for the purpose of subscription, consultation, provision of services, etc. However, sensitive personal information (nature, ethnicity, ideology and belief, origin and legal status, political tendencies and criminal records, health conditions, sex life, etc.) and personally identifiable information that may violate Users’ basic human rights are not collected.

1) Mandatory Information for Registration

- Items collected/used : Nickname, User-linked identification value (when using Google or Apple accounts)
- Purpose of collection/use : Authentication of game account, confirmation/identification in accordance with the use of game services (related to plays and response to inquiries)
- Period of retention/use : 30 days after deleting the game account

2) Additional Information Collected during Service Use

2.1 Identification of legal representative and intention to consent
- Items collected/used : Name, date of birth, email address, legal representative name and email address
- Purpose of collection/use  : Identification of legal representative and intention to consent
- Period of retention/use: For the management of consent history, 30 days after a minor member deletes the game account

2.2 Confirmation/identification in response to inquiries
- Items collected/used : Nickname, email address, payment information, other information necessary for consultation (there may be additional personal information collected according to the type of inquiry)
- Purpose of collection/use : Confirmation/identification in response to inquiries
- Period of retention/use : 30 days after deleting the game account

2.3 Confirmation of participation in events and identification
- Items collected/used : Name, mobile phone number, gender, date of birth, email address, SNS ID
- Purpose of collection/use : Confirmation of participation in events and identification
- Period of retention/use : Period of time indicated on the individual event page

2.4 Delivery of event prizes and goods (including cash prizes)
- Items collected/used : Name, mobile phone number, telephone number, address, bank name, account holder name, bank account number
- Purpose of collection/use : Delivery of event prizes and goods (including cash prizes)
- Period of retention/use : Period of time indicated on the individual event page

2.5 Handling of taxes and public imposts related to an event
- Items collected/used : Name, resident registration number, address, mobile phone number
- Purpose of collection/use : Handling of taxes and public imposts related to an event
- Period of retention/use : 5 years

2.6 Refund processing
- Items collected/used : Bank name, account holder name, bank account number, payment information
- Purpose of collection/use : Refund processing
- Period of retention/use : 5 years

2.7 Provision of customized advertisement information, marketing campaign execution and analysis
- Items collected/used : Information related to using Service, including information on advertisement identifier // Android (ADID)/iOS (IDFA)
- Purpose of collection/use : Provision of customized advertisement information, marketing campaign execution and analysis
- Period of retention/use : account being deleted or refusal of receipt of advertising information (for details, see Section 6) 

3) Optional Information

- Items collected/used : Mobile phone number, email address, app push
- Purpose of collection/use : Transmission of service advertising information such as event promotion announcements, User identification to check/prevent fraudulent use of event information and marketing utilization
- Period of retention/use : Until the game account is deleted or refusal to receive advertising information

2. Provision of Personal Information to Third Parties

1) The company processes personal information only within the scope specified in the purpose of processing personal information, and provides the user's personal information to a third party only when it falls under the relevant laws, such as the user's consent and special regulations specified in the law, and otherwise the user's personal information is not provided to third parties.

2) If personal information is provided after the user's consent, the current status will be notified through this Privacy Policy.

3. Rights of Users and Legal Representatives and Exercise Methods Thereof

The Company shall actively take measures necessary for requests for access to, provision and correction of Users’ personal information.

1) Users may inspect/correct their registered personal information at any time. In the case of children under 14 years of age, the legal representative must directly exercise the child's personal information access/correction rights.

2) Users may withdraw consent to use (delete a game account), or request the Company to suspend collection and processing personal information or delete personal information. However, when deleting personal information that is absolutely necessary for the provision of the Service, the relevant Service may not be provided in whole or in part.

3) When the consent to use is withdrawn (game account is deleted), personal information of the relevant User will be deleted, but if the retention period is determined by the relevant laws and regulations, it shall be retained for such period based on the retention and use period of personal information of this Privacy Policy.

4) If provided by applicable laws, Users may exercise their rights related to personal information to the Company in accordance with the requirements and limitations imposed by the relevant laws.

5) Data subject’s rights may be exercised through deletion of game accounts or by contacting the relevant service customer center.

6) The Company does not collect personal information if the User’s age is such that he or she is in need of a legal representative’s consent under the Personal Information Protection Act. If we become aware of the fact that personal information has been collected, we induce you to contact the customer center so that we can receive the consent of the legal representative in accordance with the internal process, and in that case, the User may continue to use the Service. If the User does not want to use the Service, the personal information will be deleted through withdrawal of consent for use (deletion of game accounts) and the provision of the Service will be suspended.

4. Period of retention and use of personal information

The Company shall immediately destroy the above information when the purpose of collection and use of personal information is achieved, or when the retention period expires. However, exceptions are made in cases prescribed by the relevant laws, in cases where prior notice of the retention period has been made, and personal consent of the User has been obtained. 

In the event of deletion of a game account, the information collected for the provision of the Service shall be deleted after the storage for 30 days from the date of deletion for the purpose of resolving consumer complaints and disputes, and the records of fraudulent use shall be removed after storage for one year from the account deletion date to prevent fraudulent use. Information collected for events and others will be retained for a maximum of 1 year, which may vary for each event and will be as described on the individual event page. In cases where storage is required or permitted by law, personal information may be stored after User’s deletion of game account. 

1) Records of visits to websites

Preservation basis: Protection of Communications Secrets Act

Preservation period: 3 months

2) Records on labeling and advertising

Preservation basis: Act on the Consumer Protection in Electronic Commerce

Preservation period: 6 months

3) Records on contract or withdrawal of subscription

Preservation basis: Act on the Consumer Protection in Electronic Commerce

Preservation period: 5 years

4) Records on payments and supply of goods, etc.

Preservation basis: Act on the Consumer Protection in Electronic Commerce

Preservation period: 5 years

5) Records on handling of consumer complaints or disputes

Preservation basis: Act on the Consumer Protection in Electronic Commerce

Preservation period: 3 years

6) Records of processing in accordance with tax laws

Preservation basis: Framework Act on National Taxes and Income Tax Act

Preservation period: 5 years

5. Procedures and methods for destroying personal information

When personal information becomes unnecessary, such as expiration of the retention period of personal information or achievement of the purpose of processing, the Company immediately destroys the personal information in a non-renewable manner. If personal information must be preserved pursuant to other laws even after the personal information retention period consented to by the data subject has elapsed or the purpose of processing has been achieved, the relevant personal information is transferred to a separate database (DB) or preserved at a different storage location. The procedure, method, and timing of destruction are as follows.

1) Destruction procedure

- The Company destroys without delay all personal information, except for the items set as exceptions in 4. Period of retention and use of personal information. Items subject to exceptions are moved to a separate DB (in case of paper, a separate filing cabinet) and stored for a set period in accordance with internal policies and other relevant regulations, and are destroyed.

- Personal information transferred to a separate DB is not used for any other purpose unless it is prescribed by law.

2) Destruction method

- Personal information stored in electronic files is deleted using a technical method that cannot be reproduced.

- Personal information printed on paper is destroyed by shredding with a shredder.

3) Procedures for destroying personal information of dormant accounts

In accordance with Article 28 of the Terms of Use, the Company may treat the dormant account as a deleted account when the User has not used the Service for one year after subscribing, and may destroy the personal information of the relevant User. The Company shall notify the dormant account User at least 30 days before the arrival of the relevant period, and the details of the notice are as follows.

- Destruction or separate storage of personal information

- Destruction date

- Items of personal information to be destroyed

Notification methods may use email, notices, etc. However, in case of the following exceptions, personal information may be retained even after one year has elapsed.

- If the User and the Company have determined a separate preservation period by an agreement

- Where required by relevant laws and regulations

Once each such storage period ends, the relevant information will be destroyed without delay.

6. Matters concerning the installation, operation, and rejection of automatic personal information collection devices 

The Company uses cookies that store information about Users and find information from time to time. A cookie is a small amount of lettering information that websites servers send to Users’ browsers (Internet Explorer, Safari, Chrome, Firefox, etc.) or apps. Cookies identify your computer and cellphone, but do not personally identify you.

1) Purpose of operation of cookies

- To provide differentiated information according to the areas of interest to Users

- To use as a measure of service reorganization by analyzing Users’ use patterns

2) Method of rejecting cookies setting

Users have a choice regarding the installation of cookies. You can allow all cookies by setting them in your web browser and cellphone settings or options, or choose to send individual notices when cookies are installed, or refuse to save any cookies. However, if you refuse to store cookies, some of the services provided by the Company cannot be used. 

[Method of setting up the browser]

- Edge: Setting menu to the right of the web browser > Cookies and Site Authority > Management and Deletion of Cookies and Site Data 

- Chrome: Setting menu to the right of the web browser > Advanced Settings in the bottom of screen > Personal Information and Security > Cookies and Other Site Data

- Other browsers are in accordance with the different browser settings.

3) Cookies expire when you close your browser or log out.

4) You can use Google Analytics on your website as an analytical tool. For Google Analytics, you can opt out of the use of data at https://tools.google.com/dlpage/gaoptout/. Other weblog analysis tools are subject to separate methods of rejection.

5) The Company allows analytics companies and advertising companies to automatically collect users’ advertising identifiers and related information for the purpose of conducting and analyzing marketing campaigns.

Behavioral information collected: advertising identifier (ADID, IDFA), country, city, IP address, device information (OS, hardware information, language, service usage history)

  - How to collect behavioral information: Automatic collection when running the app
  - Purpose of collecting behavioral information: Improving service quality using user behavioral information and inducing activation of use
  - Period of retention and use of behavioral information, information processing method thereafter: up to 18 months (refer to the period for each provider), automatic destruction by electronic method
  - How to exercise user control: Refer to the setting method for each device (Article 6, Section 6)

- Advertising companies that want to collect and process behavioral information: Google Ad, Adjust, META, Admob, Unity Ads, Apple Search Ads, Applovin, Pangle, IronSource, Naver, Liftoff(vungle), Inmobi, Chartboost, Tapjoy

- Items of provided behavioral information: advertising identifier (ADID, IDFA), country, city, IP address, device information (OS, hardware information, language, service usage details)

- How to collect behavioral information: Automatic collection and network transmission when using the service

- Purpose of use by those who receive behavioral information: Collect and analyze marketing data using user behavioral information, operate advertisements

- Retention and use period: Google Ad(18 months), Adjust (14 months), META, Admob(14 months) etc. 

6) When the company advertises the company's services on the device, the advertisement identifier of the user's device and the advertisement identifier associated therewith are used to help the company deliver advertisements related to the user's interests and improve and measure the effectiveness of the advertising campaign. Other information may be used. You can block your device's advertising identifier from being used for interest-based advertising or reset your device's advertising identifier by changing your device settings.

[Method of Setting up Device]

Android: Settings > Google Settings > Ads> Opt out of Ads Personalization

If iOS 14 or higher: Settings > Personal Information Protection > Tracking > Turn off Allow apps to request track

If iOS 14 or less: Settings > Personal Information Protection> Ads > Limit Ad Tracking

 

7. Technical/managerial protection measures for the protection of personal information

The Company is actively committed to protecting Users’ valuable personal information.

1) The Company encrypts and stores important personal information such as User IDs’ passwords and email addresses, and the Company may only verify and change encrypted personal information upon request from the User himself/herself.

2) The Company detects and blocks intrusions of hackers, etc. for 24 hours in order to protect personal information of Users. In addition, an antivirus program is installed and operated to prevent infection by malicious code or virus.

3) The Company ensures that only the minimum number of employees handle personal information, and the PC handling personal information is blocked from using external websites. In addition, the Company always emphasizes the compliance with the Company’s Privacy Policy through occasional training of employees handling personal information.

4) The Company strives to verify the implementation of the Company’s personal information protection policy and compliance of the person in charge through the internal organization in charge of protection of personal information, etc., so that if any problem is discovered, it can immediately be corrected. However, despite the Company’s fulfillment of its duty to protect personal information, the Company shall not be liable for any damages that are not attributable to the fault of the Company, such as negligence of the User himself/herself or accidents in areas not managed by the Company.

 

8. Remedies for infringement of rights and interests

Users may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee and the Personal Information Infringement Report Center established by the Korea Internet and Security Agency, etc. in order to obtain remedy for infringement of personal information. For reporting and counseling on personal information infringement, please contact the following institutions.

1. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)

2. Personal Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)

3. Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)

4. National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)

9. Personal Information Protection Officer, etc.

The Company designates a personal information protection officer as follows, and the department in charge makes its best efforts to protect personal information. In addition, the department in charge of handling personal information complaints set forth below is responsible to handle a request to access personal information. 

1) Data Protection Officer (DPO)
- Name : Yong Kyu Jung 
- Email : DPO@macovill.com

2) Department for processing personal information complaints/civil complaints
- Department Name : Game Business Team
- Email : macovill_privacy@macovill.com

10. Management of entrustment of personal information handling

The Company entrusts personal information as follows to provide the Service.

1) Cases where the processing of personal information is entrusted to a domestic company for the provision of Service

- Persons to be Entrusted : Amazon Web Services Inc (Seoul Region)
- Details of the entrusted business activities : Operation and management of cloud servers

- Persons to be Entrusted : Naver Cloud Corp.(NCC)
- Details of the entrusted business activities : Operation and agency of the customer center system

- Persons to be Entrusted : AFI.Inc
- Details of the entrusted business activities : Operation and management of cloud servers
Operation and agency of the customer center system

2) Cases where the processing of personal information is entrusted to an offshore company for the provision of Service (including the outbound transfer of personal information offshore)

- Person to be Entrusted : Google AdMob, Inc.
- Outbound Destination : U.S.A
- Items of Transferred Personal Information : Automatic collection and transmission when users visit our website or run our apps
- Timing and Methods of Transfer : Network transmission when using Service
- Purpose of Use : Global service operation agency
- Retention and Use Period : 18 Months

- Person to be Entrusted : Adjust Inc.
- Outbound Destination : U.S.A
- Items of Transferred Personal Information : Automatic collection and transmission when users visit our website or run our apps
- Timing and Methods of Transfer : Network transmission when using Service
- Purpose of Use : Global service operation agency
- Retention and Use Period : 14 Months

- Person to be Entrusted : Firebase Service(Google LLC)
- Outbound Destination : U.S.A
- Items of Transferred Personal Information : Nickname, Service usage information, Browser, terminal information
- Timing and Methods of Transfer : Transmission through the network at the time of entering necessary information for service use
- Purpose of Use : Global service operation
- Retention and Use Period : Until member withdrawal or termination of service, retention of personal information and achievement of purpose of use

3) When executing the entrustment agreement, the Company clearly states matters related to liability, such as prohibition of handling personal information for purposes other than the performance of the entrusted business activities, technical and administrative protection measures, restriction on re-entrustment, management and supervision of the consignee, compensation for damages, etc. in documents such as contracts, as prescribed by the Personal Information Protection Act, and supervises whether the consignee safely handles personal information.

4) In cases where an overseas entrustment of personal information processing is necessary for the performance of a Service provision contract and the promotion of Users’ convenience, etc., the disclosure of this Privacy Policy may substitute for the consent to the overseas entrustment in accordance with Article 39-12 of the Personal Information Protection Act, and in cases where there is a change in the content or the consignee of the handling entrusted matters in relation thereto, the Company shall without delay disclose such change through this Privacy Policy.

 

11. Supplementary Terms

The following supplementary terms may apply respectively to Users having residence in certain countries. In the event of any conflict between the following additional terms and the provisions of the main body of this Policy, the following terms shall prevail.

For Users Having Usual Residence in European Economic Area (EEA), UK or Switzerland

Where this Policy makes reference to “personal information”, this term has the same meaning as the term “personal data” as defined in Article 4 Nr. 1 Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”).

In this section we set out the legal grounds on which we rely to process your personal information and under each legal ground, we explain the purposes for which we collect and use your personal information.

 

12. Amendment to the Privacy Policy 

This Privacy Policy becomes effective as of September 25, 2023. , and any addition, deletion or revision of the contents in accordance with the government’s and the Company’s policy changes shall be notified in advance through the website, and any matters that may materially affect Users shall be notified 30 days in advance.

 

Enacted: September 25, 2023

bottom of page