Privacy Policy

Last Updated on June 15, 2017


This Privacy Policy describes how NCSOFT Corporation (“NCSOFT”, “us”, “our” or “we”) collects, uses, and shares information about you and applies to your use of our mobile game application (the “Game”) and services and content related to the Game including services provided via the nc.com website (the “Services”). This Privacy Policy does not apply to our information collection activities outside of the Services (unless otherwise stated below or at the time of collection).

This Privacy Policy specifically explains:

1.      How and what information is collected.

2.      The purposes for collection, use, disclosure, and processing of information and the legal basis thereof.

3.      Who collects and has access to information.

4.      Third party services, features, and devices.

5.      Tracking technology choices.

6.      Your rights.

7.      How we secure your information.

8.      Information deletion procedure and method.

9.      Data transmissions (overseas transmission).

10.  Protection of children’s information.

11.  Changes to privacy policy.

12.  General.

13.  Inquiries, complaints, comments and questions.

 

1. How and what information is collected.

A. Information you provide.

We and our Service Providers (defined below) may collect information you provide directly via the Services. For example, we collect information when you:

·         Register to use the Game;

·         Register or link your existing NCSOFT account with a social network service such as Facebook and Google+ (for further information about social network services, see “Third party services, features, and devices” below);

·         Access our content in our Game or otherwise through the Services;

·         Participate in any event organized by us through the Services;

·         Complete questionnaires through the Services;

·         Order products from us or transact with us through the Services;

·         Enter competitions and prize draws through the Services

·         Send us email messages relating to the Services; or

·         Submit forms or otherwise communicate with us through the Services.

The information we collect may include personal information. “Personal information” is information that identifies you personally (whether alone or in combination), such as your first and last name, email address, username, postal address, gender, and age. You may choose to voluntarily submit certain other information to us through the Services, including personal information, but you are solely responsible for your own personal information in instances where we have not requested that you submit such information to us. 

Certain areas of the Services, such as user profiles, are designed to help you share information with the world. If you make information public through our Services, other users will have access to it and it will not be treated as personal information under this Privacy Policy. Please think carefully before making information public. You are solely responsible for information you make public. California minors have additional rights as set forth in “Your California privacy rights” below.

Personal information once “de-identified” is not subject to this Privacy Policy and we and our Service Providers may treat it as non-personal information and use it without obligation to you except as prohibited by applicable law. 

B. Information collected automatically.

 

We and our Service Providers may automatically collect certain information about you when you access or use the Services (“usage information”). Usage information may include device identifier, operating system (OS), hardware version, device settings, internet protocol (IP) addresses, country information, language,  and other information about your use of the Services.

 

The methods that may be used on the Services to collect usage information include:

·         Log Information: Log information is data about your use of the Services, which is stored in log files.

 

·         Information Collected by Tracking Technologies: Cookies, web beacons (also known as "tracking pixels"), embedded scripts, location-identifying technologies, device fingerprinting, in-app tracking methods, and other tracking technologies now and hereafter developed (“Tracking Technologies”) may be used to collect information about your interactions with the Services or emails, including information about your browsing and activity behavior.

 

o   Cookies

 

A cookie is a small text file that is stored on a user’s device, which may be a session ID cookie or tracking cookie. Session cookies make it easier for you to navigate the Services and expire when you close your browser. Tracking cookies help in understanding how you use the Services, and remain longer. The Services may associate some or all of these types of cookies with your devices. Cookies may remain on your device for extended periods of time. To view our Cookie Policy, please see “Collecting and using Cookies” below.  

o    Web Beacons (“Tracking Pixels”)

 

Web beacons are small graphic images, also known as "internet tags" or "clear gifs," embedded in web pages and email messages. Web beacons may be used to count the number of visitors to the Services, to monitor how users navigate the Services, and to count content views.

 

o    Embedded Scripts

 

An embedded script is programming code designed to collect information about your interactions with the Services. It is temporarily downloaded onto your device from our web server or a third party with whom we work, is active only while you are connected to the Services, and deleted or deactivated thereafter.

o   Location-identifying Technologies

 

GPS (global positioning systems) software, geo-filtering, and other location-aware technologies locate (sometimes precisely) you for purposes such as verifying your location and delivering or restricting relevant content based on your location.

 

o   Device Fingerprinting

 

Device fingerprinting is the process of analyzing and combining sets of information elements from your device’s browser, such as JavaScript objects and installed fonts, in order to create a “fingerprint” of your device and uniquely identify your device and applications.

 

o   In-App Tracking Methods.

 

There are a variety of tracking technologies that may be included in mobile apps, and these are not browser-based like cookies and cannot be controlled by browser settings. Some use device identifier, or other identifiers such as “Ad IDs” to associate app user activity to a particular app and to track user activity across apps.

Some information about your use of the Services and certain Third Party Services (defined below) may be collected using Tracking Technologies across time and services and used by us and third parties for purposes such as to associate different devices you use, and deliver relevant ads and/or other content to you on the Services and certain Third Party Services.

For further information on Tracking Technologies and your choices regarding them, please see Third party services, features, and devices” and “Tracking technology choices” below.

 

C. Information from other sources.

We may obtain information about you from other sources, including Service Providers and Third Party Services, and combine such information with information we have collected about you. We are not responsible for the accuracy of any information provided by third parties or third party policies or practices.

2. Purposes for collection, use, disclosure and processing of information and the legal basis thereof.

We may collect, use, disclose and/or process your information for the following purposes (collectively, “Purposes”):

(1) For fulfilling the Terms of Service and settling payments on services. This includes:

·         Providing content;

·         Administering, verifying and processing your purchases, transactions, refunds, delivery of item(s); and

·         Verifying your identification.

(2) For user management. This includes:

·         Administering, verifying and processing user identification for membership service(s), such as your NCSOFT account;

·         Preventing fraudulent or unauthorized use of or abuse of the Game and Services;

·         Verifying the identification of your legal representative;

·         Administering, facilitating, processing and/or dealing with: (a) any matters relating to your use of our mobile game application and related services, including services provided via the nc.com website; (b) any transactions or activities carried out by you in the Game and/or through the Services; or (c) customer support and responding to inquiries and complaints given by (or purported to be given by) you or on your behalf; giving notices and/or carrying out your instructions;

·         Contacting you or communicating with you via email for the purposes of administering and/or managing your use of the Game or Services; and

·         Storing records for dispute settlement.

(3) For conducting research, analysis and development activities. This includes:

·         Monitoring, processing and/or tracking your use of the Game or the Services in order to provide you with a seamless experience, facilitating or administering your use of the Game or the Services, and/or to assist us in improving your experience in using the Game or the Services;

·         Developing or improving new services (products), modifying and/or customizing the Game or the Services; and

·         Identifying frequency of access and developing statistics on members’ Services use.

(4) For marketing. This includes:

·         Providing you by way of postal mail, electronic transmission to your email address(es), or messages to the Game application, with marketing, advertising and promotional information, materials and/or documents relating to promotional events, products and/or services (including products and/or services of third party organizations whom we may collaborate or tie up with) that we or such third party organizations may be selling, marketing, offering or promoting, whether such products or services exist now or are created in the future. You may withdraw from this marketing purpose at any time by sending an email to privacy@ncsoft.com.

(5) For due diligence, risk management, fraud detection, investigation, government direction or regulatory obligations. This includes:

·         Carrying out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations applicable to us (whether by the laws and regulations of your country of residenceor otherwise), the requirements or guidelines of governmental authorities which we determine are applicable to us, and/or our risk management procedures that may be required by law or that may have been put in place by us.

·         Preventing or investigating any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned; dealing with conflict of interests; or dealing with and/or investigating complaints.

·         Complying with or as required by any applicable law, governmental or regulatory requirements of any jurisdiction applicable to us or our affiliates/associated companies, including meeting the requirements to make disclosure under the requirements of any law binding on us or our affiliates/associated companies, and/or for the purposes of any guidelines issued by regulatory or other authorities (whether of your country of residence or elsewhere), with which we or our affiliates/associated companies are expected to comply. Such requirements may include responding to requests for information from public agencies, ministries, statutory boards or other similar authorities. For the avoidance of doubt, this means that we will (but may decide not to in individual cases) disclose your personal information to the aforementioned parties upon their request or direction.

(6) For data storage or backup. This includes:

·         This includes storing, hosting, backing up (whether for disaster recovery or otherwise), and transferring your information. For more information see “Data transmission (overseas transmission)” below.  

(7) For audit. This includes:

·         Facilitating, dealing with and/or administering external audit(s) or internal audit(s) of our business.

For personal information of users within the EU, the legal basis on which we process your personal data will be based on at least one of the following: (1) your consent; (2) the fact that the processing of your data is required to fulfill a contractual arrangement between you and us; (3) where we need to process your personal information to comply with our legal obligations; and/or (4) where processing is necessary in our legitimate interests.

We will obtain a user’s prior consent when his or her personal information is to be used for purposes other than as stated in this Privacy Policy.

3. Who collects and has access to information.

We may/will need to disclose your information, including personal information and usage information, to our agents, vendors, consultants and other service providers (“Service Providers”) to carry out any of the purposes set out in this Privacy Policy on our behalf. These Service Providers are prohibited from using your personal information for any purpose other than to provide this assistance, although we may permit them to use aggregate information which does not identify you or de-identified data for other purposes. Such Service Providers may include:

 

·         Billing services;

·         Payment processors;

·         Transaction managers;

·         Credit verification services;

·         Game/app hosting, storage and development services;

·         Administrative services; and

·         Other third party service providers;

 

In addition, we may share your information, including personal information and usage information, with third parties for any purposes consistent with our statements under this Privacy Policy, such as:

 

·         Brands, sponsors, and other third parties associated with our promotions and marketing campaigns;

·         Platform owners such as Apple, Google and Microsoft; and

·         Another business in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business.

 

We may also disclose any of your information to law enforcement or other appropriate third parties in connection with criminal investigations, investigation of fraud, infringement of intellectual property rights, or other suspected illegal activities, or as otherwise may be required by applicable law, or, as we deem necessary in our sole discretion, in order to protect our legitimate legal and business interests.

 

We may share your information with any member of our group, which means our subsidiaries, our ultimate holding company, and its subsidiaries from time to time for one or more of the Purposes.

 

We may also share your information with any third party with your consent or at your direction.

 

 Collecting and using Cookies

We use ‘cookies’ which frequently store and find user information. Cookies are text files sent by website's servers to a user's computer and stored in the user's browser. We use cookies for the following purposes:

(1) Purpose of use or processing

We use cookies to provide customized services for our users including guest users by identifying interests and preferences through analyzing frequency of access and visit time. We also use cookies for some of the purposes set out in this Privacy Policy.

(2) Use of cookies

Cookies identify a user’s computer but not necessarily identify the user as a person. Users may either allow all cookies by setting options in web browser, have each cookie checked whenever it is stored, or refuse all cookies to be stored. However, if a user rejects the installation of cookies, the user may not be able to use some of the Services provided by us, and/or the Services may not function properly.

You can block or deactivate cookies in your browser settings. For example, by selecting options in Internet Explorer > Tools > Internet Options > Privacy > Advanced

(3) Cookies that we use

The table below sets out the details of the most frequently used cookies and explains their purpose:

Cookie

Purpose

MGPVLU

Encrypted value used to verify your identity and information upon log in

MGPSEC

Encrypted value of session time

MGPSECEXPIREAT

Encrypted value of when the session expires

DEF_KEEP_LOGIN

Cookie storing whether you wish to keep logged on to the service

locale

Determine the language that will be used for the service.

 

By continuing to use our Services, you agree to the use of cookies on our Services as outlined above. However, please note that we have no control over the cookies used by third parties.

 

4. Third party services, features, and devices.

 

Our Services contain content from and hyperlinks to websites, locations, platforms, and services operated and owned by third parties (“Third Party Services”). In addition, our Services contain features that allow you interact with, connect to, or access our Services through certain Third Party Services and third party devices (“Third Party Features”). For example, you interact with a Third Party Service when you “like” or “share” content over social media through our Services or login to our Services through a Third Party Service. Remember that third parties may use Tracking Technologies to independently collect information about you and may solicit personal information from you. If you use a Third Party Feature, both we and the applicable third party may have access to and use information associated with your use of the Third Party Feature. Also, if you make information public through our Services or a Third Party Service that references our Services, such as by tweeting or updating your status along with a hashtag associated with NCSOFT, that information may be used on or in connection with our Services.

 

Our Services also contain Tracking Technologies operated by third parties. For example, analytics services, such as Google Analytics, may use Tracking Technologies on our Services to help us analyze your use of the Services, compile statistic reports on the Services’ activity, and provide other services relating to Services activity and Internet usage. Similarly, ad serving services, advertisers, and other third parties may use Tracking Technologies on our Services and Third Party Services to track your activities across time and services, and tailor ads to you based on your activities, which may include sending you an ad on a Third Party Service or third party device after you have left the Services (“Interest-based Advertising”).

 

The information collected and stored by third parties, whether through our Services, a Third Party Service, or a third party device, remains subject to their own policies and practices, including what information they share with us, your choices on their services and devices, and whether they store information in the U.S., South Korea, or elsewhere. We are not responsible for and make no representations regarding third party policies and practices, and encourage you to familiarize yourself with and consult their privacy policies and terms of use.

 

For further information on Tracking Technologies and your choices regarding them, please see “How and what information is collected” above and “Tracking technology choices” below.

 

5. Tracking technology choices.

 

A. Tracking technologies generally.

Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. Browsers offer different functionalities and options so you may need to set them separately. With respect to our mobile apps, you can stop all collection of information via an app by uninstalling the app. Also, you may be able to exercise specific privacy choices, such as enabling or disabling certain location-based services, by adjusting the permissions in your mobile device.

Please be aware that if you disable or remove these technologies some parts of the Services may not work and that when you revisit the Services your ability to limit browser-based Tracking Technologies is subject to your browser settings and limitations.

Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit.  Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, we do not monitor or take action with respect to “Do Not Track” signals or other mechanisms.  For more information on “Do Not Track,” visit http://allaboutdnt.com.

B. Analytics and advertising opt-outs.

You may exercise choices regarding the use of cookies from Google Analytics by going to https://google.com/dlpage/gaoptout or downloading the Google Analytics Opt-out Browser Add-on.

You may choose whether to receive Interest-based Advertising by submitting opt outs. Some of the advertisers and Service Providers that perform advertising-related services for us and our partners may participate in the Digital Advertising Alliance ("DAA")Self-Regulatory Program for Online Behavioral Advertising. To learn more about how you can exercise certain choices regarding Interest-based Advertising, visit http://aboutads.info/choices, andhttp://aboutads.info/appchoicesfor information on the DAA’s opt out program for mobile apps. Some of these companies may also be members of the Network Advertising Initiative (“NAI”). To learn more about the NAI and your opt out options for their members, see http://networkadvertising.org/choices/. Please be aware that, even if you are able to opt out of certain kinds of Interest-based Advertising, you may continue to receive other types of ads. Opting out only means that those selected members should no longer deliver certain Interest-based Advertising to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). We are not responsible for effectiveness of, or compliance with, any third-parties’ opt out options or programs or the accuracy of their statements regarding their programs.

6. Your rights.

You and/or your legal representatives have the following options regarding our collection, use, disclosure and/or processing of your personal information:

·         Request to access and/or correct personal information that we hold about you. We will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request. Once we have sufficient information from you to deal with the request, we will seek to provide access or make the correction within 30 days. Where we are unable to respond to you within the said 30 days, we will notify you of the soonest possible time. Note that certain types of personal information may be exempt from being subject to your access request or correction. Please note that we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

·         Withdraw your consent to our collection, use, disclosure and/or processing of your personal information, including for marketing purposes. We will process your request within a reasonable time from such a request for withdrawal of consent being made, and will thereafter not collect, use and/or disclose your personal information in the manner stated in your request, unless an exception under the law or a provision in the law permits us to. Your withdrawal of consent could result in certain consequences arising from such withdrawal, including us being unable to perform the transactions requested by you in the Game and/or Services; or termination by us of the Services and your access to the Game.

·         You can opt out of receiving certain promotional communications (e-mails and push notifications) from us at any time by (i) for e-mails, following the instructions as provided in e-mails to click on the unsubscribe link or by sending an e-mail to us with the word UNSUBSCRIBE in the subject field of the e-mail; and (ii) for push notifications or in-app messages, adjusting the permissions in your mobile device. Please note that your opt out is limited to the email address or device used and will not affect subsequent subscriptions or non-promotional communications, such as those about your account, transactions, servicing, or our ongoing business relations.

·         Your California Rights.

o   California’s “Shine the Light” law permits customers in California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. Under the law, a business should either provide California customers certain information upon request or permit California customers to opt in to, or opt out of, this type of sharing.

o   NCSOFT may share personal information as defined by California’s “Shine the Light” law with third parties and/or affiliates for such third parties’ and affiliates’ own direct marketing purposes. If you are a California resident and wish to obtain information about our compliance with this law, please send an email to privacy@ncsoft.com or send us a letter to the address stated at the end of this Privacy Policy. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are not required to respond to requests made by means other than through the provided e-mail address or mail address.

o   Any California residents under the age of eighteen (18) who have registered to use the Services and how have posted content or information on the Services, can request that such information be removed from the Services sending an email to privacy@ncsoft.com.  Requests must state that the user personally posted such content or information and detail where the content or information is posted. We will make reasonable good faith efforts to remove the post from prospective public view.

Please send an email to privacy@ncsoft.comto exercise your rights regarding any matters stated above.

You also have a right to lodge a complaint with a supervisory authority.

7. How we secure your information.

We implement security arrangements, including the following technical, managerial measures, in order to prevent loss, theft, leakage, alteration or corruption of personal information.

(1) Technical measures to secure personal information

• We protect users’ personal information by installing network security solutions such as firewall systems, intrusion detection systems and intrusion prevention systems.

• We protect users’ personal information processing system and other information devices used to process personal information in real-time by installing antiVirus software which is constantly updated on a regular basis.

• We strictly control our personal information processing system and access to personal information in order to prevent unauthorized disclosure of the collected personal information.

• We store important data such as user passwords by using one-way encryption in order to avoid decryption.

• We use SSL (Secure Sockets Layer) and/or similar protocols when transmitting personal information to external entities, and stores data after encrypting with secured algorithms.

• We have a backup system to restore systems and data in case of an emergency.

(2) Managerial measures to protect personal information

• We limit the number of staff handling personal information to the minimum.

• We provide regular internal and external outsourced training classes regarding the acquisition of new security technologies and duties to protect personal information.

• We have prepared internal procedures in order to prevent data leakage by staff and to audit whether staff are appropriately abiding by the Privacy Policy.

• We limit physical access to computer rooms and data storage rooms by specifying the sites as specially protected areas.

• We  are not responsible for any personal information being disclosed due to the user's error and/or the Internet’s fundamental risks. Users shall handle accounts and passwords properly to protect personal information. For example, users are responsible for choosing strong passwords and keeping their passwords confidential. Users shall be responsible for any adverse effects on their personal information caused by their mishandling of their accounts and passwords.

8. Information deletion procedure and method.

We will put in place measures such that your personal information in our possession or under our control is destroyed and / or de-identified as soon as it is reasonable to assume that (i) the purpose for which that personal information was collected is no longer being served by the retention of such personal information; and (ii) retention is no longer necessary for any other legal or business purposes.

If any personal information is to be retained as required by relevant laws and regulations, we retain it for the period as required by such laws and regulations before destruction. The personal information which is stored and managed by us will not be used for purposes not authorized by law or by you. We destroy hard copies of personal information by shredding with a pulverizer or incinerating it, and delete personal information stored in the form of electric files by using appropriate technological methods.

9. Data transmission (overseas transmission).

We are based in South Korea, and the information we and our Service Providers collect is governed by South Korea law. You consent to the transfer, processing, storage, and use of your information in South Korea.

For information of users based within the European Union, such transfers of personal information shall be based on the implementation of the EU’s standard Model Clauses where the transfer is outside of the European Economic Area or not to a country to which an adequacy decision applies. At the date of this Privacy Policy, there is no adequacy decision in relation to Korea by the European Commission.

At places where the personal information is transmitted, retained or processed, we take reasonable measures for protecting personal information which is in its possession or under its control.

10. Protection of Children’s information.

We do not intentionally collect any online personal information from children prescribed in the laws in relevant jurisdiction (hereinafter “Child” or “Children”). In the event we discover we have collected personal information of a Child, we will delete such personal information from our system. Parents or legal guardians should supervise their Children when the Children participate in online activities. Children are permitted to use the Game and Services, only when they have obtained consent from their parents or legal guardian as prescribed in the laws of the relevant jurisdiction.

Under U.S. law, we do not collect personal information as defined by the U.S. Children’s Privacy Protection Act (“COPPA”) from Children under thirteen (13) in a manner that is not permitted by COPPA.  In the European Union, an individual under the age of 16 is considered a Child.

If you are a parent or guardian and believe we have collected your Child’s information in violation of applicable law, send an email to privacy@ncsoft.com or send us a letter to the address stated at the end of this Privacy Policy.

11. Changes to privacy policy.

NCSOFT reserves the right to change, modify, add or remove portions of this Privacy Policy. When we decide to change, modify, add or remove portions of this Privacy Policy, we may notify you via postings on our Services. If the changes are material, we may notify you via email (through the email address you have provided in your NCSOFT account) before the changes go into effect. Please ensure that you keep up to date with any changes by visiting this page on a regular basis.

12. General.

Your consent that is given pursuant to this Privacy Policy is additional to and does not supersede any other consents that you had provided to us with regard to processing of your personal information.

For the avoidance of doubt, in the event that relevant personal information protection laws permit an organization such as us to collect, use or disclose your personal information without your consent, such permission granted by the laws shall continue to apply.

13. Inquiries, complaints, comments, and questions.

If you have any questions or comments regarding our Privacy Policy or wish to access personal information collected by us, please contact us at privacy@ncsoft.com or send us a letter to the address below.

 

NCSOFT Corporation

Attention: Chief Executive Officer Taek Jin Kim

Address: 12, Daewangpangyo-ro 644beon-gil, Bundang-gu, Seongnam-si, Gyeonggi-do, Korea