Project Moon Personal Information Processing Policy
① Project Moon Co. Ltd. (hereinafter referred to as the “Company”) complies with the personal information protection regulations of relevant laws and regulations that information and communication service providers must comply with, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., the Personal Information Protection Act, the Protection of Communications Secrets Act, and the Telecommunications Business Act, is doing its best to protect the rights and interests of users by establishing a personal information processing policy under the relevant laws and regulations.
② The Company discloses this personal information processing policy to the initial service page and customer center so users can easily browse it.
Article 1 (Purpose of processing personal information)
The Company processes personal information for the following purposes. The processed personal information will not be used for any purpose other than the following purposes. If the purpose of use changes, the Company will take necessary measures, such as obtaining separate consent under Article 18 of the Personal Information Protection Act.
① Fulfillment of contracts related to service provision and settlement of fees according to service provision
Provision of contents, purchase and payment, refund, event winning guide, delivery of goods and invoice, etc., identity, and fee collection,
② Member management
Identity verification according to the use of membership, personal identification, prevention of illegal use and unauthorized use of bad members, confirmation of intention to join, age verification, restriction of registration and number of registration, preservation of records for dispute, handling of complaints such as the delivery of notices,
③ Used for new service development, marketing, and statistical analysis
Development and specialization of new services, delivery of promotional information such as events and provision of participation opportunities, provision of services and advertisement according to demographic, identification of access frequency or statistical analysis of members’ use of service, verification of service, promotion, and provision of event services,
Article 2 (Processing and Retention Period of Personal Information)
Under the 「Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.」 and the Enforcement Decree thereof, the Company may take necessary measures such as converting the account to a dormant account and separating and storing, managing or destroying the personal information of users who have not used the service for the past one consecutive year. One year after the start of the service, the Company will announce the measures taken against dormant accounts through the official community and in-game. In addition, the following information will be retained for the period specified in the following grounds and will never be used for any other purpose.
① The Company retains and uses the user’s personal information Only from the date of signing the service contract to the period in which the service is provided, and in principle, the Company destroys the information without delay after the purpose of collecting and using personal information is. However, the following information will be retained for the retention period according to the grounds specified in the retention grounds.
1) Information collected for service provision: 30 days
– Grounds: For consumer complaints and dispute resolution when withdrawing from the game
2) Selection of event/promotion winners
– Information collected for the event: 3 months
– Information collected for the promotion: 6 months
– The retention period may vary depending on the event/promotion, and the period indicated for the individual event/promotion will be prioritized.
② If it is necessary to preserve it under the provisions of the relevant laws and regulations, the Company may keep the user’s personal information for a certain period as stipulated by the relevant laws as follows. In this case, the Company will use the information it keeps only for storage.
1) Protection of Communications Secrets Act
– Login-related records: 3 months
2) Act on Consumer Protection in Electronic Commerce, etc.
– Records on /advertisement: 6 months
– Records on contract or withdrawal of subscription: 5 years
– Records on payment and supply of goods: 5 years
– Records on handling consumer complaints or disputes: 3 years
3) Basic National Tax Act
– Books and supporting documents for all transactions stipulated by the tax law: 5 years
Article 3 (Items of Personal Information to be Processed))
The Company collects only essential information for providing basic services, such as conclusion of a contract of use, smooth response to inquiries and provision of various services, and information necessary to provide more faithful services.
① Personal information items to be collected
1) The Company collects the following personal information to conclude a contract of use, smoothly respond to inquiries, and provide various services.
– Nickname, device information (model name, OS version, unique device identification number, etc.), carrier information, store information, game version, e-mail, game, and service use record, access record, cookie, payment record, paid billing information, promotion/event participation record, product delivery related information, IP address,
2) When using external platform-based services, the following information may be collected:
– Steam: Member identifier, e-mail (ID), profile picture, profile name
– Google Plus: Member identifier, e-mail (ID), profile picture, profile name
– Apple Game Center: Member identifier, profile, nickname
Provided that, when using external platform-based services, the personal information items collected may differ depending on the information disclosure standards set by the account.
3) The following information may be automatically generated and collected during the service use process or business processing process.
– Game service use record, access record and access date, download record, payment record, illegal use, suspension record, IP address, cookie
– User’s mobile phone terminal information (model name, OS version, unique device number, etc.), mobile carrier information, device identification number (UUID), International Mobile Device Identification Code (IMEI), Google advertising ID (Android OS only), terminal language and country, mobile phone number,
Provided that payment and subscription withdrawals are stored and processed through the payment service provided by the open market, they are subject to each provider’s terms of service. The Company does not directly collect or provide payment-related information.
4) To resolve users’ complaints related to event delivery, the following information may be collected in some cases.
– Event Delivery: Address, Contact
② How the Company collects personal information
1) Collected through the provision of consent procedures when subscribing to the Company’s service
2) For promotion and event progress it is collected through a separate consent procedure.
3) Automatically collected through platforms in partnership with the Company for service provision
4) When responding to users during payment and use, voluntarily provided by the user or collected after a request by necessity
③ Refusal to collect and use personal information
Users may refuse the collection and use of the above personal information. However, if users refuse to collect and use personal information, it may be difficult to use part or all of the service.
Article 4 (Processing of Unique Identification Information)
① Unique identification information refers to information prescribed by Presidential Decree under the Personal Information Protection Act and the Enforcement Decree thereof and refers to resident registration number, passport number, and alien registration number.
② The Company collects and processes unique identification information for each of the following and collects it with separate consent.
1) Taxation of in-kind prize winners
2) When required by other laws
③ The collected unique identification information shall not be used or provided for purposes other than those specified in Paragraph 2, except as otherwise stipulated by law, and will be encrypted and safely managed when stored.
Article 5 (Matters concerning the provision of personal information to third parties)
① The Company uses the user’s personal information within the prescribed scope and, without the user’s prior consent, does not use it beyond the scope nor provide it to a third party. However, in the following cases, personal information may be used beyond the scope stipulated, or personal information may be provided to a third party.
1) When the Company provides personal information to a third party, the user is notified in advance of the personal information receiving personal information, the purpose of use of personal information by the person receiving personal information, the items of personal information provided, and the period of retention and use of personal information by the person receiving personal information, and the consent of the user is obtained,
2) Personal information is necessary for the performance of a contract regarding the provision of services; it is remarkably difficult to obtain prior consent for economic or technical reasons
3) When there is an obligation to disclose information under the law or when there is a request from an investigative agency under the procedures and methods prescribed by laws and regulations for the investigation
② The Company may provide the user’s personal information to the paid item provider only to the extent necessary to solve various problems that occur when users purchase paid items, and users agree to provide such information.
③ The Company may provide personal information without the user’s consent under the relevant laws in the following cases.
1) When necessary for the settlement of fees according to the provision of services
2) When necessary for statistical writing, academic research, or market research, it is processed and provided in a form that cannot identify a specific individual.
3) When there are special provisions in laws such as the Act on the Use and Protection of Credit Information, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Consumer Protection Act, the Bank of Korea Act, the Criminal Procedure Act, etc.,
Article 6 (Procedure and method of destruction of personal information))
In principle, the Company destroys the information without delay after the purpose of collecting and using personal information is achieved. The destruction procedure and method are as follows.
① Destruction procedure
The information entered by the user for user registration, etc., is destroyed after it is retained for a certain period for reasons for information protection according to internal policies and laws (refer to “Period of Retention and Use of Personal Information”) after the purpose of collecting and using personal information is achieved.
② Destruction method
1) Personal information preserved in electronic files will be deleted using a technical method that cannot reproduce the record.
2) Personal information printed on paper is shredded with a shredder or incinerated and destroyed.
Article 7 (Rights and obligations of users and legal representatives and how to exercise them)
① The user may exercise the following personal information protection-related rights against the Company at any time.
1) Request to view personal information
2) Request for correction if there is an error, etc.
3) Request for deletion
4) Request to stop processing
② The exercise of rights under Paragraph 1 may be made in writing, by telephone, e-mail, fax, etc., to the Company, and the Company will take action without delay.
③ If the user requests correction or deletion of errors in personal information, the Company will not use or provide the personal information until the correction or deletion is completed.
④ The exercise of rights under Paragraph 1 may be made through a legal representative of the user or a person authorized by her/him. In this case, the user must submit a power of attorney under Form No. 11 of the Enforcement Regulations of the Personal Information Protection Act.
⑤ The user shall not infringe on the personal information and privacy of the user or others processed by the Company in violation of related laws such as the Personal Information Protection Act.
Article 8 (Measures to Ensure the Stability of Personal Information)
To ensure safety, the Company has prepared and implemented the following technical, administrative, and physical measures to prevent the loss, theft, leakage, alteration, or damage of users’ personal information. However, even though the Company has fulfilled its obligation to protect personal information, the Company is not responsible for any problems caused by the leakage of important personal information due to the user’s negligence, such as the loss of the device or an accident in an area not managed by the Company.
① Technical measures
1) The Company encrypts and stores the items specified by the relevant laws and regulations among the user’s personal information. Confirmation and change of personal information are possible only after verifying the identity through the user’s request.
2) Important data containing personal information is protected using security functions such as encrypting the file and transmitted data or using the file lock function.
3) The Company continuously monitors to prevent leakage or damage of users’ personal information due to hacking or computer viruses. In addition, the Company regularly backs up our personal information in case of emergency, and the Company periodically manages vaccine programs to prevent infringement of personal information.
4) The Company is taking necessary measures in a database system that is systematically configured to process personal information.
② Administrative measures
1) The Company restricts the right of access to users’ personal information to a minimum number of people, and the minimum number of people is as follows.
– Those who perform marketing, event, customer support, and delivery work directly with users (including employees of consignment and partner companies)
– Persons in charge of personal information protection work, including the person in charge of personal information protection
– Those who are unavoidable to process personal information for other business reasons
2) The Company conducts regular education for personal information handlers and trustees on personal information protection obligations, etc.
3) The Company establishes and manages personal information processing guidelines in a department dedicated to personal information. The Company also regularly checks for internal compliance so that if any issues are found, they can be corrected immediately.
③ Physical countermeasures
1) The Company operates access control procedures for the physical storage location of the personal information system that stores personal information.
2) Documents, auxiliary storage media, etc., are stored in a safe place with a locking device.
Article 9 (Matters concerning the installation, operation, and refusal of devices that automatically collect personal information)
③ How to set cookies
– Internet Explorer: [Tools] at the top of the web browser→ [Internet Options] → [Privacy] → [Advanced]
– Chrome: [⋮] in the upper right corner of the web browser→ [Settings] → [Show advanced settings] → Personal information [Content Settings]
Article 10 (Consultation and Inquiries Concerning Personal Information))
① The Company designates a person in charge of protecting personal information to protect users’ personal information and handle complaints about personal information.
Chief Privacy Officer
Name: Hyun Min-sung
Department: Development Team
Phone Number: +82 10-5284-5588
e-mail address: email@example.com
② If necessary to report or consult about other personal information infringements, please contact the following organizations.
1) Electronic Transaction Dispute Mediation Committee (https://ecmc.or.kr / 1661-5714)
2) Personal Information Infringement Report Center (https://privacy.kisa.or.kr / 118 without area code)
3) Cyber Investigation Division, Scientific Investigation Department, Supreme Prosecutor’s Office (http://www.spo.go.kr / 1301 without area code)
4) National Police Agency Cyber Security Bureau (http://cyberbureau.police.go.kr / 182 without area code)
Article 11 (Linked Sites)
This personal information processing policy does not apply to collecting personal information from other companies’ sites that link to the Company’s services. When visiting this site, please check the personal information processing policy of the site.
Article 12 (Duty of Notification)
This personal information processing policy may occasionally change due to changes in related laws and guidelines or changes in the Company’s internal policy. If there is a change in the personal information processing policy, it will be announced through the official community, customer center, or in-game connection screen.
This policy will take effect on February 27, 2023.