Article 1 (Purpose)
Playmore Co., Ltd. (hereinafter referred to as the "Company") establishes this Privacy Policy (hereinafter referred to as the "Policy") to protect the personal information of individuals (hereinafter referred to as "Users" or "Individuals") who use the services provided by the Company (hereinafter referred to as the "Company Services"). The Company complies with applicable laws such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as the "Information and Communications Network Act") and seeks to handle Users' concerns regarding personal information swiftly and efficiently.
Article 2 (Principles of Personal Information Processing)
The Company may collect Users' personal information in accordance with relevant laws and this Policy. The collected personal information may only be provided to third parties with the consent of the User. However, if the disclosure of personal information is legally mandated under applicable laws, the Company may provide it to third parties without the User’s prior consent.
Article 3 (Disclosure of this Policy)
1.
The Company shall disclose this Policy on the homepage's main screen or a linked page, ensuring Users can easily review it at any time.
2.
When disclosing this Policy, the Company shall use appropriate font sizes, colors, and other formatting tools to ensure visibility and readability.
Article 4 (Amendments to this Policy)
1.
This Policy may be revised in response to changes in personal information laws, government policies, or the Company's services.
2.
When making revisions, the Company shall notify Users through one or more of the following methods:
a. Announcement on the homepage's main screen or a pop-up window
b. Email, written notice, or electronic transmission
3.
General updates must be notified at least 7 days prior to implementation, while major changes affecting user rights must be notified at least 30 days prior to implementation.
Article 5 (Personal Information Collected for Membership Registration)
To facilitate User registration for Company Services, the Company collects the following information:
•
Required information: Email address, nickname
Article 6 (Personal Information Collected for Legal Guardian Consent)
When legal guardian consent is required, the Company collects the following information:
•
Required information: Guardian’s name, guardian’s mobile phone number, relationship with the User
Article 7 (Personal Information Collected for Service Provision)
To provide the Company’s services, the Company collects the following information:
•
Required information: Email address
Article 8 (Personal Information Collected for Service Usage Monitoring and Fraud Detection)
To analyze service usage statistics and detect fraudulent activities—such as repeated membership withdrawals and re-registrations, canceling purchases after receiving benefits (e.g., discounts, event promotions), and any activities prohibited under the Terms of Service—the Company collects relevant data.
•
Required information: Service usage records, cookies, and device information
Article 9 (Methods of Personal Information Collection)
The Company collects personal information through the following methods:
1.
Direct input by Users on the Company’s website
2.
Through applications or third-party platforms linked to Company Services
3.
During service use, such as customer inquiries or participation in bulletin board discussions
Article 10 (Purposes of Using Personal Information)
The Company uses personal information for the following purposes:
1.
Administrative notices and operational updates
2.
Responding to inquiries and improving service quality
3.
Providing the Company’s services
4.
Preventing fraudulent activities and restricting access for violations of laws or Terms of Service
5.
Developing new services
6.
Marketing and event promotions
7.
Demographic analysis and tracking service usage trends
8.
Enhancing User engagement based on interests and preferences
Article 11 (Provision of Personal Information to Third Parties)
1.
Notwithstanding the prohibition on providing personal information to third parties, the Company may share personal information with third parties if the User has publicly disclosed it in advance or has given consent to any of the following cases. However, even in such cases, the Company provides personal information only to the minimum extent required by applicable laws and regulations.
2.
If the Company changes third-party sharing policies, additional User consent shall be obtained.
Article 12 (Outsourcing of Personal Information Processing)
To ensure efficient service operation, the Company outsources personal information processing to the following entities:
•
Google Cloud Platform: Managing in-app user information, providing real-time conversation experiences, managing in-app content, and conducting R&D.
•
Supabase Inc: In-app user information and in-app content database.
•
OpenAI, L.L.C.: Providing real-time conversation experiences, managing in-app content, and conducting R&D.
Article 13 (Overseas Transfer of Personal Information)
The Company does not provide users' personal information to overseas businesses. However, data storage and service operations are outsourced to foreign companies as specified below.
You may refuse the transfer of your personal information overseas through the Company's domestic representative, Mr. Jinjoong Kim, whose details are provided at the end of this policy. If you choose to refuse the transfer of your personal information overseas, the Company will exclude your personal information from such transfers. However, in this case, access to certain services that necessarily involve the overseas transfer of personal information may be restricted.
Company Name | Country of Transfer | Purpose of Use | Transferred Items | Time and Method of Transfer | Retention and Usage Period |
Google Cloud Platform | USA | User information management within the app, real-time conversation experience, content management within the app, R&D | In-app activity history, voice recordings, real-time generated conversation content (anonymous) | Transferred via network upon user registration or when entering personal information | Until account deletion or for the legally required retention period |
Supabase Inc | USA | User information and content database within the app | Name, email, nickname, in-app activity history, voice recordings, real-time generated conversation content | Transferred via network upon user registration or when entering personal information | Until account deletion or for the legally required retention period |
OpenAI, L.L.C | USA | Real-time conversation experience, content management within the app, R&D | Voice recordings, real-time generated conversation content (anonymous) | Transferred via network upon user registration or when entering personal information | Until account deletion or for the legally required retention period |
Article 14 (Retention and Use Period of Personal Information)
1.
The Company retains and uses users' personal information for the period necessary to achieve the purposes of its collection and use.
2.
Notwithstanding the foregoing, in accordance with internal policies, the Company retains records of service misuse for up to one year from the time of membership withdrawal to prevent fraudulent sign-ups and misuse of the service.
Article 15 (Retention Period Based on Legal Requirements)
The Company retains personal information based on applicable laws, including:
1.
Retention of Information and Retention Periods Under the Act on the Consumer Protection in Electronic Commerce, Etc.
•
Records on contracts or withdrawal of offers: 5 years
•
Records on payment settlements and supply of goods, etc.: 5 years
•
Records on consumer complaints or dispute resolution: 3 years
•
Records on labeling and advertisements: 6 months
2.
Retention of Information and Retention Periods Under the Protection of Communications Secrets Act
•
Website log records: 3 months
3.
Retention of Information and Retention Periods Under the Electronic Financial Transactions Act
a.
Records on electronic financial transactions: 5 years
4.
Retention of Information and Retention Periods Under the Act on the Protection and Use of Location Information
a.
Records on personal location information: 6 months
Article 16 (Principle of Personal Information Disposal)
In principle, the Company promptly destroys users' personal information when the purpose of processing the information has been achieved, the retention and usage period has expired, or the information is no longer needed.
Article 17 (Procedures for Personal Information Disposal)
1.
The information entered by users for membership registration and other purposes is transferred to a separate database (or stored in a separate file cabinet in the case of paper records) after the purpose of processing personal information has been achieved. It is then retained for a certain period in accordance with internal policies and relevant laws (refer to the retention and usage period) before being destroyed.
2.
The Company destroys personal information for which a reason for disposal has arisen after obtaining approval from the Data Protection Officer.
Article 18 (Methods of Personal Information Disposal)
The Company deletes personal information stored in electronic file format using technical methods that render the records irrecoverable, and personal information printed on paper is destroyed by shredding or incineration.
Article 19 (Transmission of Marketing Information)
1.
The Company obtains the explicit prior consent of users before transmitting commercial advertising information via electronic communication media. However, prior consent is not required in the following cases:
a.
If the Company has directly collected the recipient’s contact information through a transaction involving goods or services and intends to send commercial advertising information regarding similar goods or services within six months from the transaction’s completion date.
b.
If a telemarketing salesperson, as defined under the Door-to-Door Sales Act, verbally informs the recipient of the source of their personal information before making a solicitation call.
2.
Notwithstanding the provisions of the preceding paragraph, the Company does not send commercial advertising information if the recipient has expressed a refusal to receive such messages or has withdrawn prior consent. The Company also notifies the recipient of the processing results regarding their refusal or withdrawal of consent.
3.
If the Company transmits commercial advertising information using electronic communication media between 9:00 PM and 8:00 AM, separate prior consent from the recipient is required, regardless of the provisions of Paragraph 1.
4.
When transmitting commercial advertising information via electronic communication media, the Company clearly discloses the following details within the advertisement:
a.
The Company’s name and contact information.
b.
Information regarding the recipient’s ability to refuse further messages or withdraw their consent.
5.
The Company does not engage in any of the following actions when transmitting commercial advertising information via electronic communication media:
a.
Actions that evade or obstruct the recipient’s ability to refuse messages or withdraw consent.
b.
Automatically generating phone numbers, email addresses, or other contact information by combining numbers, symbols, or letters.
c.
Automatically registering phone numbers or email addresses for the purpose of sending commercial advertising information.
d.
Concealing the sender's identity or the origin of the advertisement.
e.
Deceptively inducing a recipient to respond to a message by misleading them for the purpose of sending commercial advertising information.
Article 20 (Protection of Children's Personal Information)
1.
To protect the personal information of children under the age of 14, the Company allows membership registration only for users aged 14 and older.
2.
Notwithstanding Paragraph 1, if the user is a child under the age of 14, the Company obtains consent for the collection, use, and provision of personal information from the child's legal guardian.
3.
In the case of Paragraph 2, the Company additionally collects the legal guardian’s name, date of birth, gender, duplicate registration verification information (ID), and mobile phone number.
Article 21 (Access to Personal Information and Withdrawal of Consent for Collection)
1.
Users and their legal representatives may, at any time, access or modify their registered personal information and request the withdrawal of their consent for personal information collection.
2.
To withdraw consent for the collection of personal information, users and their legal representatives may contact the Company's Data Protection Officer or the designated personnel via written request, phone, or email, and the Company will take immediate action.
Article 22 (Personal Information Modification Requests)
1.
Users may request the correction of errors in their personal information through the methods specified in the preceding article.
2.
In such cases, the Company will not use or provide the personal information until the correction is completed. If the incorrect personal information has already been provided to a third party, the Company will promptly notify the third party of the correction to ensure that the necessary adjustments are made.
Article 23 (User Obligations)
1.
Users must ensure that their personal information remains accurate and up to date. The User is responsible for any issues caused by inaccurate information.
2.
If a User registers an account using another person’s personal information, they may lose their User status or face legal consequences under personal information protection laws.
3.
Users are responsible for safeguarding their email addresses, passwords, and other account credentials, and they must not transfer or share them with third parties.
Article 24 (Company’s Management of Personal Information)
The Company applies technical and administrative safeguards to protect Users’ personal information from loss, theft, unauthorized access, leaks, modification, or destruction. In addition, the Company continuously improves its security systems and internal policies to comply with relevant data protection laws.
Article 25 (Handling of Deleted Information)
When a User or their legal representative requests the deletion of personal information, the Company processes it in accordance with the retention and use period policies outlined in this Policy. Deleted personal information cannot be accessed or used for any other purposes.
Article 26 (Encryption of Passwords)
Users’ passwords are stored and managed using one-way encryption, making them irrecoverable even by the Company. Only the User who knows their password can access and modify their personal information.
Article 27 (Security Measures Against Hacking and Unauthorized Access)
1.
The Company makes every effort to prevent hacking, cyberattacks, and unauthorized access to Users’ personal information.
2.
The Company uses the latest antivirus software to protect against malware, viruses, and security breaches.
3.
The Company operates an intrusion prevention system to counter unauthorized access attempts.
4.
If sensitive personal information is collected and stored, the Company ensures that it is securely transmitted using encryption technology.
Article 28 (Minimization of Personal Information Processing and Employee Training)
The Company limits access to personal information to only authorized employees responsible for data management. Moreover, employees handling personal information receive regular training on personal data protection laws and internal security policies.
Article 29 (Measures in Case of Personal Information Breach)
When the Company becomes aware of the loss, theft, or leakage (hereinafter referred to as "leakage, etc.") of personal information, it will promptly notify the affected user of all the following details and report the incident to the Korea Communications Commission or the Korea Internet & Security Agency:
1.
The types of personal information that have been leaked, etc.
2.
The time when the leakage, etc., occurred
3.
Actions the user can take
4.
The response measures taken by the information and communications service provider
5.
The department and contact information where users can submit inquiries or requests for consultation
Article 30 (Exceptions to Personal Information Breach Notification)
If the Company is unable to contact the affected Users (e.g., due to incorrect contact information), it may post a public notice on its website for at least 30 days as an alternative notification measure.
Article 31 (Protection of Personal Information Transferred Overseas)
1.
The Company does not enter into international agreements that violate the Personal Information Protection Act or other applicable laws regarding users' personal information.
2.
The Company obtains users' consent before providing (including cases where information is accessed), outsourcing the processing of, or storing users' personal information overseas (hereinafter referred to as "transfer"). However, if all the items in Paragraph 3 of this Article are disclosed in accordance with the Personal Information Protection Act and other applicable laws, or if users are informed through electronic mail or other methods prescribed by Presidential Decree, the Company may proceed with outsourcing the processing or storage of personal information without a separate consent procedure.
3.
To obtain consent for the transfer of personal information as stated in Paragraph 2, the Company provides users with prior notice of all the following details:
a.
The specific items of personal information to be transferred
b.
The country to which the personal information is transferred, along with the transfer date and method
c.
The name of the recipient of the personal information (or, in the case of a corporation, its name and the contact details of its data protection officer)
d.
The purpose for which the recipient will use the personal information and the retention and usage period
4.
When transferring personal information overseas with the user's consent under Paragraph 2, the Company implements protective measures in accordance with the Personal Information Protection Act, its Presidential Decree, and other applicable regulations.
Article 32 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)
1.
The Company uses automatic personal information collection devices (hereinafter referred to as "cookies") that store and retrieve user information from time to time to provide personalized services to users. Cookies are small pieces of data sent by the server (HTTP) operating the website to the user's web browser (including PC and mobile devices) and may be stored in the user's storage.
2.
Users have the option to manage cookie settings. They can allow all cookies, receive a notification each time a cookie is stored, or refuse the storage of all cookies by adjusting the settings in their web browser.
3.
However, if users refuse to store cookies, some of the Company's services that require login may be difficult to use.
Article 33 (How to Configure Cookie Preferences)
Users can configure cookie settings, including allowing or blocking cookies, through their web browser options.
1.
Edge: Settings menu at the top right of the web browser > Cookies and site permissions > Manage and delete cookies and site data
2.
Chrome: Settings menu at the top right of the web browser > Privacy and security > Cookies and other site data
Article 34 (Designation of the Company's Personal Information Protection Officer)
The Company designates the following department and Personal Information Protection Officer to protect users' personal information and handle complaints related to personal information.
Personal Information Protection Officer
•
Name: Jinjoong Kim
•
Position: CTO
•
Phone Number: 0502-1939-1129
•
Email: jinaplaymore.ai
Article 35 (Remedies for Personal Information Rights Violations)
1.
Data subjects may request dispute resolution or consultation regarding personal information infringement by contacting the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency’s Personal Information Infringement Report Center, or other relevant organizations. For reporting or consultation regarding personal information infringement, please refer to the institutions below:
a.
Personal Information Dispute Mediation Committee: (No area code) 1833-6972 (www.kopico.go.kr)
b.
Personal Information Infringement Report Center: (No area code) 118 (privacy.kisa.or.kr)
c.
Supreme Prosecutors’ Office: (No area code) 1301 (www.spo.go.kr)
d.
National Police Agency Cyber Investigation Division: (No area code) 182 (ecrm.cyber.go.kr)
2.
The Company is committed to protecting data subjects’ rights to self-determination over their personal information and strives to provide consultation and remedies for personal information infringement. If you need to report or consult on such matters, please contact the department specified in Paragraph 1.
3.
If a data subject suffers a violation of their rights or interests due to a disposition or omission by the head of a public institution in response to requests under the Personal Information Protection Act—such as Article 35 (Access to Personal Information), Article 36 (Correction or Deletion of Personal Information), and Article 37 (Suspension of Personal Information Processing)—they may file an administrative appeal in accordance with the Administrative Appeals Act.
a.
Central Administrative Appeals Committee: (No area code) 110 (www.simpan.go.kr)
Supplementary Provisions
Article 1. This policy shall take effect from February 3, 2025.