Privacy Policy
NAK Entertainment Co., Ltd. (hereinafter referred to as the “Company”) considers the protection of users’ personal information to be of utmost importance. The Company respects the privacy of all users and treats and manages it as confidential. This Privacy Policy applies to all personal information provided by users and describes how the Company collects, uses, discloses, processes, and manages users’ personal information. If a user does not agree to this Policy, he/she does not need to provide any Personal Information.
The Company shall ensure that users can easily check this Privacy Policy in the service at any time. This Privacy Policy may be subject to change in accordance with relevant laws and regulations and the Company’s internal policies, and when revised, users can check the revision through the application provided by the Company.
Article 1 (Purpose of Collecting and Using Personal Information)
The Company processes the minimum amount of personal information necessary for the following purposes: The personal information processed shall not be used for any purpose other than the following purposes, and if the purpose of use is changed, the Company shall take necessary measures such as obtaining separate consent.
1. Items of personal information collected when registering for membership or using the Service:
① Registration: Identity verification, nickname, gender, date of birth
② Mobile phone number occupancy authentication: Mobile phone number
③ Identity verification: Name, mobile phone number, date of birth, gender, domestic/foreigner information, subscribed carrier, duplication information (DI). (The Company uses a mobile phone number verified by NICE Information Service Co., Ltd. When verifying your identity, a separate consent process shall be conducted by the identity verification organization, etc.).
④ Advertising/Marketing (optional): Mobile phone number (You can optionally agree to receive advertising/marketing information or not.)
2. Information automatically collected during your use of the Services:
Information may be automatically generated or collected in the course of using the services for purposes such as securing service stability, providing safe services, and limiting violations of laws and the Terms of Service.
① Service usage records, access logs, transaction records, IP information, cookies, bad and fraudulent usage records, mobile device information (model name, carrier information, OS information, screen size, language and country information, advertising ID, device identification information, etc.); and
② Illegal/unauthorized access to the Service and the Service Application and related records, records of access attempts to the Service Application, and information necessary to verify the safe operating environment of the Service and the Service Application.
3. Additional information collected for customer consultation:
① Common: Mobile phone number; and
② Change of mobile phone number: Proof of mobile carrier.
4. Method of collecting personal information:
① Collection via mobile application, email, customer service center, telephone, etc.;
② Collection through consent provided by third parties in other services; and
③ Collection through automatic collection devices.
Article 2 (Purpose of Processing Personal Information)
The Company processes your personal information for the following purposes: The personal information processed shall not be used for any purpose other than the following purposes, and if the purpose of use is changed, the Company shall take necessary measures such as obtaining separate consent pursuant to Article 17 of the Personal Information Protection Act.
1. User information management:
① Identification of users, management of user information, and delivery of various notices;
② Development of new services, and provision of various services;
③ User consultation and complaint handling, customer damage compensation; and
④ Processing withdrawal through non-face-to-face identity verification, changing personal information and resetting remittance password, etc.
2. Service provision:
① User identification and verification of virtual currency remittance details; and
② Matters related to the overall management of the Service, including the processing of virtual currency deposits and withdrawals.
3. Provision of event information:
① Provision of information on various events and advertisements; and
② Provision of new services and customized services, etc.
Article 3 (Retention and Use Period of Personal Information)
The Company may process personal information within the period of retention and use of personal information in accordance with laws and regulations or within the period of retention and use of personal information agreed upon when collecting personal information from users. The period of retention and use of personal information is as follows:
|
Classifications |
Reason for retention |
Period of use |
|
Member registration |
Member management, user consultation and complaint handling |
Until withdrawal |
|
Additional verification |
Membership withdrawal processing, change of mobile phone number and initialization of remittance password, etc. |
5 years after withdrawal |
|
Cryptocurrency |
Identity verification for using the Services provided by the Company, management of withdrawal processing information when using cryptocurrency remittance, and determination of transaction relationship |
5 years after withdrawal |
However, if there is an ongoing probe or investigation into a violation of relevant laws and regulations, the information shall be retained and used until the probe or investigation is concluded.
2. Retention by law for service provision
① In principle, the Company shall destroy the user's personal information without delay when the purpose of collecting and using personal information is achieved. However, in accordance with the internal policy to prevent disputes due to unauthorized use of the Service, records of unauthorized use may be retained for one year.
② The Company separately stores, manages, or destroys the personal information of long-term non-users who do not use the Service for one year in accordance with laws and regulations and the 'Personal Information Validity Period System'. Personal information stored separately shall be destroyed without delay after 4 years of storage. However, if a law imposes an obligation to keep information for a certain period of time, the Company shall keep personal information securely during such period.
|
Classifications |
Relevant laws |
Period of use |
|
Records on agreements or subscription withdrawals, etc. |
Act on the Consumer Protection in Electronic Commerce, etc. |
5 years |
|
Records on handling consumer complaints or disputes |
|
3 years |
|
Records on displays and advertisements |
|
6 months |
|
Records of erroneous deposits |
|
5 years |
|
Records on identity verification |
Act on Promotion of Information and Communications Network Utilization and Information Protection |
6 months |
|
Log-in records |
Protection of Communications Secrets Act |
3 months |
Article 4 (Outsourcing of Personal Information Processing)
The Company consigns personal information to external companies to perform some of the tasks necessary to provide services. The Company manages and supervises the entrusted companies so that they do not violate relevant laws and regulations. The companies to which the Company has entrusted the processing of personal information are as follows:
1. Companies entrusted with processing personal information
|
Entrusted Company |
Purpose of consignment |
Period of use |
|
NICE Information Service Co., Ltd. |
Mobile phone identity verification service |
Until member withdrawal or termination of consignment contract |
|
NICE Payments Co., Ltd. |
PG payment |
|
Article 5 (Rights, Obligations of Users and Legal Representatives and Methods of Exercise)
1. The user may exercise rights to view, correct, delete, or request suspension of processing of personal information at any time against the Company. However, the exercise of rights to view, correct, delete, or request suspension of processing of personal information may be restricted as stipulated by relevant laws and regulations, such as Article 35 (4), Article 36 (1), and Article 37 (2) of the Personal Information Protection Act.
2. The user's rights may be exercised in writing, e-mail, FAX, etc. in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the Company shall take action without delay.
3. The exercise of the rights under Paragraph (1) may be made through an agent, such as a legal representative or a person authorized by the user. In this case, a power of attorney in the form of Appendix No. 11 to the Enforcement Rules of the Personal Information Protection Act must be submitted.
4. When requesting to correct or delete personal information, if the personal information is specified as the subject of collection in another law, the user may not request its deletion.
5. When a user requests access, correction, deletion, or suspension of processing of personal information in line with the rights in use, the Company shall verify whether the person requesting access, etc. is the user or his/her legitimate representative.
Article 6 (Destruction of Personal Information)
1. The Company shall destroy the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period or the achievement of the processing purpose.
2. Even if the retention period of personal information consented by the user has passed or the purpose of processing has been achieved, if the personal information is required to be continuously preserved in accordance with laws and regulations, the personal information shall be preserved by transferring it to a separate database (DB) or storing it in a different place.
3. The methods for destroying personal information are as follows:
① Personal information stored in the form of electronic files shall be permanently deleted so that the records cannot be reproduced; and
② Personal information recorded and stored in paper documents shall be shredded by a shredder or incinerated.
Article 7 (Technical and Administrative Protection Measures for Personal Information)
The Company takes the following technical and administrative measures to ensure the safety of personal information so that it is not lost, stolen, leaked, altered or damaged while processing users' personal information:
1. Establishment of an internal management plan:
The Company establishes and implements an internal management plan for the safe management of personal information processed by the Company.
2. Encryption of user's personal information:
The Company stores and manages personal information such as user's password and bank account number by encrypting it with a secure cryptographic algorithm.
3. Measures against hacking, etc.
The Company does its best to prevent the leakage or damage of users' personal information due to hacking or computer viruses. The Company backs up data from time to time to prevent damage to personal information, uses the latest anti-virus programs to prevent leakage or damage to users' personal information or data, and ensures safe transmission of personal information on the network through encrypted communication.
4. Minimization of the number of personal information handlers and training:
The Company limits the number of personal information handlers to the minimum number necessary to perform personal information processing tasks, and makes them aware of the importance of personal information protection through administrative measures such as training for personal information handlers.
Article 8 (Privacy Officer and Responsible Department)
1. In order to protect users' personal information and handle complaints related to personal information, the Company designates the relevant department and the person in charge of personal information protection as follows:
(Privacy Officer)
- Name: Sung Jin-kyeong
- Position: Personal Information Protection Officer
- Telephone : 02-6959-0053
- Email : diggin@nak-ent.com
2. Users may contact the Privacy Officer and the department in charge for all privacy-related complaints arising from the use of the Company's services. The Company shall answer and handle the user's inquiries.
Article 9 (Remedies for Infringement of Rights and Interests)
Users may contact the following organizations for damage relief and consultation on personal information infringement:
Personal Information Infringement Report Center (operated by the Korea Internet and Security Agency)
- Homepage: privacy.kisa.or.kr
- Telephone: (without area code) 118
Personal Information Dispute Mediation Committee
- Website: www.kopico.go.kr
- Tel: (without area code) 1833-6972
Supreme Prosecutors' Office Cybercrime Investigation Unit
- Website: www.spo.go.kr
- Tel: 02-3480-3573
National Police Agency Cyber Security Bureau
- Website: cyberbureau.police.go.kr
- Telephone: (without area code) 182
Article 10 (Responsibility for Linking Sites)
The Company may provide users with links to other external sites. In this case, the Company has no control over the external sites and therefore cannot be held responsible or liable for the usefulness, truthfulness, or legality of the services or materials provided by the external sites, and the privacy policies of the linked external sites are independent of the Company, so please check the policies of those external sites.
Article 11 (Changes to the Privacy Policy)
If there are any additions, deletions, or modifications to the contents of the current Privacy Policy, the Company shall notify users through the 'Notice' at least 7 days prior to the revision. However, if there is a significant change in user rights, such as the collection and utilization of personal information or provision to a third party, the Company shall notify at least 30 days in advance.
Addendum
This Privacy Policy V.1.0.0 shall be effective from December 18, 2023.