Privacy Policy

1.7 / 2024-04-25 ~ 2024.07.16

Privacy Policy

This personal information processing policy (“this Privacy Policy”) has been prepared in accordance with the laws of the Republic of Korea.

HYBE IM Co., Ltd. (the “Company”) attaches great importance to the personal information of customers (“Users”) who use game and other services (“Services”) provided by the Company, and complies with all laws and regulations such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection. As such, in accordance with Article 30 of the Personal Information Protection Act, the following Privacy Policy is established and disclosed to inform data subjects of the procedures and standards for handling personal information, and to handle complaints related thereto quickly and smoothly. This Privacy Policy applies not only to game services, but also to additional services directly or indirectly related to the game service, and we will inform you through the website announcements (or individual announcements) when it is revised.


 

1. Items and purpose of collection/use of personal information

1) The Company collects personal information from Users as follows for the purpose of subscription, consultation, provision of services, etc. However, sensitive personal information (nature, ethnicity, ideology and belief, origin and legal status, political tendencies and criminal records, health conditions, sex life, etc.) and personally identifiable information that may violate Users’ basic human rights are not collected.


 

ClassificationItems collected/usedPurpose of collection/usePeriod of retention/use
Mandatory Information for RegistrationNickname, User-linked identification value (when using Google or Apple accounts)Authentication of game account, confirmation/identification in accordance with the use of game services (related to plays and response to inquiries)30 days after deleting the game account
Additional Information Collected during Service UseUser-linked identification value (when using an Weverse account, when using Facebook accounts)
Name, date of birth, email address, legal representative name and email addressIdentification of legal representative and intention to consentFor the management of consent history, 30 days after a minor member deletes the game account
Nickname, email address, payment information, other information necessary for consultation (there may be additional personal information collected according to the type of inquiry)Confirmation/identification in response to inquiries30 days after deleting the game account
Name, mobile phone number, gender, date of birth, email address, SNS IDConfirmation of participation in events and identificationPeriod of time indicated on the individual event page
Name, mobile phone number, telephone number, address, bank name, account holder name, bank account numberDelivery of event prizes and goods (including cash prizes)Period of time indicated on the individual event page
Name, resident registration number, address, mobile phone numberHandling of taxes and public imposts related to an event5 years
Bank name, account holder name, bank account number, payment informationRefund processing5 years

Information related to using Service, including information on advertisement identifier

- Android (ADID)/iOS (IDFA)

Refund processingUpon the game account being deleted or refusal of receipt of advertising information (for details, see Section 6)
Optional InformationMobile phone number, email address, app pushTransmission of service advertising information such as event promotion announcements, User identification to check/prevent fraudulent use of event information and marketing utilization

Until the game account is deleted or refusal to receive advertising information

 

 



 

During the User’s use of the Services, cookies, records on the use of services (including date and time of visit, IP, records of bad use, etc.), and device information (unique device identification value, OS version, hardware information, language information, etc.) may be collected for the purpose of securing service stability, preventing fraudulent Users, protecting accounts and items, and limiting acts of violation of laws and service terms. Nicknames, profiles, and interlocking key values may be provided when linking social logins through external platforms, but the Company collects/uses only interlocking key values, and User membership numbers may be automatically generated and collected.


 

2) The Company uses the information entered in order to subscribe to the Service of the User who expressed his or her consent through the consent procedure of the terms of conditions to create a User account, and the User may use the Service provided by the Company in the created account. In case of the use of Services through the accounts of other companies (such as Google, Apple, Facebook, and Weverse), such as social logins, the Company is only provided with data for the purpose of identifying Users from those companies and the personal information that the Users have consented to, and such data and information are processed only within the scope of the purpose for which Users have consented.


 

3) When using the Service through applications, access to the device information is notified and approval for the access is required to be received. The right to access device information through applications is requested to the User as mandatory, when necessary, or as optional, and the User can change the permission through “settings” in the device.


 

4) When advertising the Company’s services on a device, the Company may use the User device’s advertisement identifiers and other information linked to those identifiers to assist the Company in delivering advertisements relevant to User interests and improving and measuring the effectiveness of the advertisement campaigns. By changing the device settings, the User can block the User device’s advertising identifiers from being used for advertising based on his or her interests or reset the User devices’ advertising identifiers.


 

[Method of Setting up Device]

Android: Settings > Google > Ads > Opt out of Ads Personalization

If iOS 14 or higher: Settings > Privacy > Tracking > Turn off Allow apps to request track

If iOS 14 or less: Settings > Privacy > Ads > Limit Ad Tracking



 

2. Use of personal information for purposes other than the intended purpose and provision to third parties


 

The Company does not provide personal information to a third party without the prior consent of the User or use it for purposes beyond the purpose of collection/use.


 

1) The Company uses the personal information of Users within the scope of this Privacy Policy and does not provide such information externally. However, exceptions are made in the following cases:

- If the User has consented in advance

- Where there is a request from an investigation agency pursuant to the relevant laws and regulations or in accordance with the procedures and methods prescribed in the laws and regulations for the purpose of investigation


 

2) If personal information is provided after the User’s consent, the Company shall notify the status thereof through this Privacy Policy.



 

3. Data Subject’s Rights


 

The Company shall actively take measures necessary for requests for access to, provision and correction of Users’ personal information.


 

1) Users may inspect/correct their registered personal information at any time. In the case of children under 14 years of age, it is possible to do so after verifying their identity at the request of a legal representative.


 

2) Users may withdraw consent to use (delete a game account), or request the Company to suspend collection and processing personal information or delete personal information. However, when deleting personal information that is absolutely necessary for the provision of the Service, the relevant Service may not be provided in whole or in part.


 

3) When the consent to use is withdrawn (game account is deleted), personal information of the relevant User will be deleted, but if the retention period is determined by the relevant laws and regulations, it shall be retained for such period based on the retention and use period of personal information of this Privacy Policy.


 

4) If provided by applicable laws, Users may exercise their rights related to personal information to the Company in accordance with the requirements and limitations imposed by the relevant laws.


 

5) Data subject’s rights may be exercised through deletion of game accounts or by contacting the relevant service customer center.


 

6) The Company does not collect personal information if the User’s age is such that he or she is in need of a legal representative’s consent under the Personal Information Protection Act. If we become aware of the fact that personal information has been collected, we induce you to contact the customer center so that we can receive the consent of the legal representative in accordance with the internal process, and in that case, the User may continue to use the Service. If the User does not want to use the Service, the personal information will be deleted through withdrawal of consent for use (deletion of game accounts) and the provision of the Service will be suspended.


 

4. Period of retention and use of personal information


 

The Company shall immediately destroy the above information when the purpose of collection and use of personal information is achieved, or when the retention period expires. However, exceptions are made in cases prescribed by the relevant laws, in cases where prior notice of the retention period has been made, and personal consent of the User has been obtained.


 

In the event of deletion of a game account, the information collected for the provision of the Service shall be deleted after the storage for 30 days from the date of deletion for the purpose of resolving consumer complaints and disputes, and the records of fraudulent use shall be removed after storage for one year from the account deletion date to prevent fraudulent use. Information collected for events and others will be retained for a maximum of 1 year, which may vary for each event and will be as described on the individual event page. In cases where storage is required or permitted by law, personal information may be stored after User’s deletion of game account.


 

1) Records of visits to websites

Preservation basis: Protection of Communications Secrets Act

Preservation period: 3 months


 

2) Records on labeling and advertising

Preservation basis: Act on the Consumer Protection in Electronic Commerce

Preservation period: 6 months


 

3) Records on contract or withdrawal of subscription

Preservation basis: Act on the Consumer Protection in Electronic Commerce

Preservation period: 5 years


 

4) Records on payments and supply of goods, etc.

Preservation basis: Act on the Consumer Protection in Electronic Commerce

Preservation period: 5 years


 

5) Records on handling of consumer complaints or disputes

Preservation basis: Act on the Consumer Protection in Electronic Commerce

Preservation period: 3 years


 

6) Records of processing in accordance with tax laws

Preservation basis: Framework Act on National Taxes and Income Tax Act

Preservation period: 5 years



 

5. Procedures and methods for destroying personal information


 

When personal information becomes unnecessary, such as expiration of the retention period of personal information or achievement of the purpose of processing, the Company immediately destroys the personal information in a non-renewable manner. If personal information must be preserved pursuant to other laws even after the personal information retention period consented to by the data subject has elapsed or the purpose of processing has been achieved, the relevant personal information is transferred to a separate database (DB) or preserved at a different storage location. The procedure, method, and timing of destruction are as follows.


 

1) Destruction procedure

- The Company destroys without delay all personal information, except for the items set as exceptions in 4. Period of retention and use of personal information. Items subject to exceptions are moved to a separate DB (in case of paper, a separate filing cabinet) and stored for a set period in accordance with internal policies and other relevant regulations, and are destroyed.

- Personal information transferred to a separate DB is not used for any other purpose unless it is prescribed by law.


 

2) Destruction method

- Personal information stored in electronic files is deleted using a technical method that cannot be reproduced.

- Personal information printed on paper is destroyed by shredding with a shredder.

 

 

6. Matters concerning the installation, operation, and rejection of automatic personal information collection devices


 

The Company uses cookies that store information about Users and find information from time to time. A cookie is a small amount of lettering information that websites servers send to Users’ browsers (Internet Explorer, Safari, Chrome, Firefox, etc.) or apps. Cookies identify your computer and cellphone, but do not personally identify you.


 

1) Purpose of operation of cookies

- To provide differentiated information according to the areas of interest to Users

- To use as a measure of service reorganization by analyzing Users’ use patterns


 

2) Method of rejecting cookies setting

Users have a choice regarding the installation of cookies. You can allow all cookies by setting them in your web browser and cellphone settings or options, or choose to send individual notices when cookies are installed, or refuse to save any cookies. However, if you refuse to store cookies, some of the services provided by the Company cannot be used.


 

[Method of setting up the browser]

- Edge: Setting menu to the right of the web browser > Cookies and Site Authority > Management and Deletion of Cookies and Site Data

- Chrome: Setting menu to the right of the web browser > Advanced Settings in the bottom of screen > Personal Information and Security > Cookies and Other Site Data

- Other browsers are in accordance with the different browser settings.


 

3) Cookies expire when you close your browser or log out.


 

4) You can use Google Analytics on your website as an analytical tool. For Google Analytics, you can opt out of the use of data at https://tools.google.com/dlpage/gaoptout/. Other weblog analysis tools are subject to separate methods of rejection.


 

5) The Company allows analytics companies and advertising companies to automatically collect users’ advertising identifiers and related information for the purpose of conducting and analyzing marketing campaigns.

Behavioral information collected: advertising identifier (ADID, IDFA), country, city, IP address, device information (OS, hardware information, language, service usage history)

  - How to collect behavioral information: Automatic collection when running the app

  - Purpose of collecting behavioral information: Improving service quality using user behavioral information and inducing activation of use

  - Period of retention and use of behavioral information, information processing method thereafter: up to 25 months (refer to the period for each provider), automatic destruction by electronic method

  - How to exercise user control: Refer to the setting method for each device (Article 6, Section 6)

  - User damage relief method: Game operation team (hybeim_privacy@hybecorp.com)

- Items of provided behavioral information: advertising identifier (ADID, IDFA), country, city, IP address, device information (OS, hardware information, language, service usage details)

- How to collect behavioral information: Automatic collection and network transmission when using the service

- Purpose of use by those who receive behavioral information: Collect and analyze marketing data using user behavioral information, operate advertisements

- Retention and use period: Google Ads, Twitter (18 months), Adjust (25 months), META, Tiktok (6 months), MOLOCO (3 months), Criteo, etc. (13 months)

- Details regarding the behavior of advertising partners in handling information can be found in the Privacy Policy of each respective business operator. 

- List of Advertising Partners and Privacy Policy [Link]

6) When the company advertises the company's services on the device, the advertisement identifier of the user's device and the advertisement identifier associated therewith are used to help the company deliver advertisements related to the user's interests and improve and measure the effectiveness of the advertising campaign. Other information may be used. You can block your device's advertising identifier from being used for interest-based advertising or reset your device's advertising identifier by changing your device settings.

 

[Method of Setting up Device]

Android: Settings > Google Settings > Ads> Opt out of Ads Personalization

If iOS 14 or higher: Settings > Personal Information Protection > Tracking > Turn off Allow apps to request track

If iOS 14 or less: Settings > Personal Information Protection> Ads > Limit Ad Tracking



 

7. Technical/managerial protection measures for the protection of personal information

The Company is actively committed to protecting Users’ valuable personal information.


 

1) The Company encrypts and stores important personal information such as User IDs’ passwords and email addresses, and the Company may only verify and change encrypted personal information upon request from the User himself/herself.


 

2) The Company detects and blocks intrusions of hackers, etc. for 24 hours in order to protect personal information of Users. In addition, an antivirus program is installed and operated to prevent infection by malicious code or virus.


 

3) The Company ensures that only the minimum number of employees handle personal information, and the PC handling personal information is blocked from using external websites. In addition, the Company always emphasizes the compliance with the Company’s Privacy Policy through occasional training of employees handling personal information.


 

4) The Company strives to verify the implementation of the Company’s personal information protection policy and compliance of the person in charge through the internal organization in charge of protection of personal information, etc., so that if any problem is discovered, it can immediately be corrected. However, despite the Company’s fulfillment of its duty to protect personal information, the Company shall not be liable for any damages that are not attributable to the fault of the Company, such as negligence of the User himself/herself or accidents in areas not managed by the Company.


 

8. Remedies for infringement of rights and interests


 

Users may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee and the Personal Information Infringement Report Center established by the Korea Internet and Security Agency, etc. in order to obtain remedy for infringement of personal information. For reporting and counseling on personal information infringement, please contact the following institutions.


 

ItemWebsite AddressTelephone Number
Personal Information Infringement Report Centehttp://privacy.kisa.or.kr118
Personal Information Dispute Mediation Committeehttp://www.kopico.go.kr1833-6972
Cyber Investigative Divisionhttp://www.spo.go.kr1301
National Police Agency Cyber Bureahttp://ecrm.cyber.go.kr182



 

9. Personal Information Protection Officer, etc.


 

The Company designates a personal information protection officer as follows, and the department in charge makes its best efforts to protect personal information. In addition, the department in charge of handling personal information complaints set forth below is responsible to handle a request to access personal information.


 

Chief Privacy Officer (CPO)Department for processing personal information complaints
Name (Title)

Sung Koo Ryeo (CPO)


 

Department NameIn the SEOM Biz Team
Emailhybeim_privacy@hybecorp.comEmailhybeim_privacy@hybecorp.com



 

10. Management of entrustment of personal information handling


 

The Company entrusts personal information as follows to provide the Service.

1) Cases where the processing of personal information is entrusted to a company for the provision of Service


 

Persons to be EntrustedDetails of the entrusted business activities
Amazon Web Services Inc (Seoul Region)Operation and management of cloud servers
ONIONFIVE Inc.Operation and agency of the customer center system
Add-Up Co., Ltd.Responding to the customer center inquiries


 

2) Cases where the processing of personal information is entrusted to an offshore company for the provision of Service (including the outbound transfer of personal information offshore)

Person to be Entrusted (Information Management Entity)


 

Outbound Destination

Items of Transferred Personal InformationTiming and Methods of TransferPurpose of UseRetention and Use Period

HYBE JAPAN: hybeim_privacy@hybecorp.com

 

JapanNickname, email address, settlement information, other information necessary per consultationNetwork transmission when using ServiceService operation agency covering Japan, responses to questions from a call center30 days after game account is deleted or upon expiry of entrustment agreement

Digital Hearts hybeim_privacy@hybecorp.com

 

JapanNickname, email address, settlement information, other information necessary per consultationNetwork transmission when using ServiceService operation agency covering Japan, responses to questions from a call center30 days after game account is deleted or upon expiry of entrustment agreement

3) When executing the entrustment agreement, the Company clearly states matters related to liability, such as prohibition of handling personal information for purposes other than the performance of the entrusted business activities, technical and administrative protection measures, restriction on re-entrustment, management and supervision of the consignee, compensation for damages, etc. in documents such as contracts, as prescribed by the Personal Information Protection Act, and supervises whether the consignee safely handles personal information.

4) In cases where an overseas entrustment of personal information processing is necessary for the performance of a Service provision contract and the promotion of Users’ convenience, etc., the disclosure of this Privacy Policy may substitute for the consent to the overseas entrustment in accordance with Article 39-12 of the Personal Information Protection Act, and in cases where there is a change in the content or the consignee of the handling entrusted matters in relation thereto, the Company shall without delay disclose such change through this Privacy Policy.

5) Users may refuse the international transfer of personal information, but in such cases, services that require international transfer of personal information will be restricted. If you do not wish to have your information transferred overseas, you can withdraw your membership by accessing the page specified below or request the suspension of the processing of your personal information through the Personal Information Protection Officer or Personal Information Complaint Resolution Department.
- [Log-in > Settings > Account Management > Deactivate > Deactivate > Enter nickname]
 

 

11. Obligation to notify


 

This Privacy Policy was first enacted on May 30, 2023

, and any addition, deletion or revision of the contents in accordance with the government’s and the Company’s policy changes shall be notified in advance through the website, and any matters that may materially affect Users shall be notified 30 days in advance.


 

 

Enacted: June 28, 2022

1st Amendment: October 26, 2022

2nd Amendment:  January 02, 2023

3rd Amendment:  March 10, 2023

4th Amendment: April 7, 2023

5th Amendment: May 30, 2023

6th Amendment: November 15, 2023

7th Amendment: April 25, 2024