Moonlight Sculptor: Dark Gamer

 

The Company informs the user of what purpose and method of personal information is being used and what measures are being taken to protect their personal information. Furthermore, the Privacy Policy is disclosed in the official website of XLGAMES so that the members can easily access and view the information.

 

The Privacy Policy can be amended according to changes in the relevant laws and internal operational policies. In the event that revisions are made, the reason and changes shall be informed to the members without any delay.

 

A. In case all or part of the business is transferred or the rights and duties are transferred due to merger, inheritance, etc., the users shall be informed through a notification to be displayed on the front page of the official website of XLGAMES (hereinafter referred to as the 'Service Website') for 30 days or more.

B. In case the Privacy Policy is revised, the users shall be informed at least seven days prior to the revision by a notice on the Service Website (or individual notice) or by posting the link of the Privacy Policy to the Service Website.

The Privacy Policy contains the following information:

 

The Company collects and uses the minimum amount of personal information necessary to provide services to users. Among them, the selection is collected to provide better quality services, but there is no restriction in using the service even if the information is not provided.

A. Items of Personal Information Collected

• Account usage

- Unique identifier of the members of partners, profile information, country information

• Items collected during the service

- User’s pc specification, system information, and cookies, including browser type, operating system, and IP address

- Connection time, location information, improper usage record, and service usage history service use record - Mobile device information (model name, mobile carrier information, OS, language and country code, device's unique identification number, advertising ID, cookies)

• 1:1 Inquiry

- Game information (character name, class, server, level), mobile device model name, OS, transaction record, transaction account, order number, product/package name, transaction amount

B. Methods of Collecting Personal Information

• Service website, support forum, email, event application, and delivery request
• Partners and suppliers
• Collecting using generated information tools
• Monitoring bad users

 

"Personal information" refers to information about a living individual, the content of which can be used to identify the individual (including a piece of information that may not be able to identify a particular individual alone, but can still be used to identify if combined with other information). The purpose of collection and use of personal information by the company is as follows.

• Email address: Ensuring effective communication channel to deliver notices, confirm users’ opinion, handle complaints etc., providing information on new products/services or promotional events, customer satisfaction survey.
• E-mailing: Information about events, updates and new services.
• Official documentation for member identification: Identification to protect user rights or resolve disputes between a user and the company
• Service usage history, access log, access IP information, improper usage history: Prevention of recurrence of improper usage by bad users, checking access frequency, statistical data on service use of the members.
• Fulfillment of contract and service fee for service provision: Provision of content, purchase and transaction, refund, delivery of goods, identity verification, fee collection

 

In principle, the company destroys the information without delay once the purpose of collecting and using personal information is achieved. However, the following information is retained for the specified period for the reasons listed below, and is never used for any other purpose.

• Records on improper use

- Purpose: Prevention of improper use

- Period of retention: 1 year

• Registration information

- Purpose: Avoid confusing users, handling customer complaints and resolving disputes

- Period of retention: 6 months

• Records on non-member consultation

- Purpose: Consulting non-member, handling customer complaints and resolving disputes

- Period of retention: 1 year

 

In principle, users' personal information shall be destroyed once the purpose has been achieved.

The procedures and methods for destroying users' personal are as follows.

A. Destruction Procedure

• The information provided by the users for service use shall be collected and transferred to a separate secured database (if necessary, protected under the company's security policy or a separate document box if incase on paper form) and destroyed after a certain period of time in accordance with its internal policy.

• Personal information transferred to a separate secured database shall not be used for other purposes other than those held by the law or re-registration processing, etc.

• Personal information whose retention period has ended should be destroyed

B. Method of Destruction

• Personal information printed on paper should be shredded or destroyed by incineration.

• Personal information stored in electronic file form is deleted using a technical method that cannot be reproduced.

 

The Company will not provide personal information to third parties under any circumstances beyond the range notified in the [Purpose of Collecting and Using Personal Information] except in the case of users' consent or unless demanded by applicable laws. Exceptions are provided in the following cases:

• The user agrees as follows in advance

• When the data is required for statistical analysis, academic or market research, the data must be processed so that individuals cannot be recognized

 

The Company commissions external professional companies to process personal information as follows to improve service quality. When commissioning subcontractors, the company stipulates the necessary matters in order to secure safety of personal information in accordance with the relevant regulations.

The company has overseas consignment tasks to provide stable game services to users.

• Protection of personal information of children

- If the Company intend to collect, use, or provide the personal information of users (hereinafter referred to as "children") who require a consent of a legal representative in accordance with the relevant laws and regulations of each country, the company obtains consent from the legal representative in addition to the consent of the children.

- In such cases, the company may ask for minimum personal information such as name and phone number of the user’s legal representative that is necessary to obtain the consent from the legal representative of the children. The Company does not use or provide the collected personal information to a 3rd party other than confirming the legal representative's consent.

- When there is a contract, withdrawal of subscription, payment, and supply of products between the children and the Company, the consent form of the legal representation shall be utilized to resolve the user's complaints and disputes.

- The Company destructs the legal representative’s consent form and the data related to withdrawal of the consent in nonrenewable way when the purpose of its use has been achieved and the grace period has expired. The information of the legal representative is retained for a period of time determined by the applicable laws and regulations if it is required to be preserved.

• The users can request to withdraw their consent provided before by cancelling their membership or contacting the Customer Support. In this case, the Company takes reasonable measures including destruction of personal information in compliance with this policy and applicable Laws after identification.

• Members have the rights to ask for access and correction to their own personal information. If the legal representative requests an access and correction to personal information of that children, the Company may ask for further information such as Power of Attorney in order to confirm the legitimacy of the power of representation

• The Company may reject a member's access or correction request only if there is good cause, and the Company will notify and explain the reasons to the member.

 

The Company can use 'cookies' as a method to provide the users with personalized services, such as analyzing service usage patterns and membership services.

 

Cookies are very small text files that are installed on the user's hard disk via a web server. The Company uses the minimum number of cookies required to provide services in an encrypted form, which recognizes computers but not specific individuals.

 

The user will have the option to refuse to store all cookies, check whenever a cookie is stored, or accept all cookies by specifying options in the web browser. In case the user reject cookies, however, usage of some services that require login may be limited

• How to Specify whether to Allow the Installation of Cookies (for Chrome)

① At the top right, click ‘More’ and ‘Settings’.

② Click ‘Privacy and security’ and ‘Cookies and other site data’.

③ Select an option ‘Allow all cookies’ or ‘ Block all cookies’.

 

The Company takes the following technical and administrative measures to ensure safety so that personal information is not lost, stolen, leaked, tampered with, or damaged in handling the user's personal information.

A. Technical Measures

• The user's account information is stored and managed in encrypted form.

• The Company is doing its best to prevent personal information of the users from being leaked or compromised by hacking or computer viruses. To prevent personal information from being damaged, data is frequently backed up. The latest vaccine programs are used to prevent leakage or damage of user information or data. Personal information will be transmitted safely on the network through encrypted communication. To control unauthorized access from the outside source, the Company uses intrusion prevention systems and tries to have all possible technical devices to ensure system security.

B. Administrative Measures

Only the person in charge in the Company is permitted to handle personal information related to the Company and for this, account credentials are separately granted and updated regularly. Furthermore, the Company always emphasizes compliance with the Company's Privacy Policy by regular training for the person in charge.

• The Company's Privacy Policy is maintained and implemented thoroughly by the Personal Information

• Protection Organization in the Company and in case any issue occurs, the Company will do best to correct it immediately.

• Regular in-house training or external outsourcing training is provided for the employees who handle personal information regarding the acquisition of new security technologies and the obligation to protect personal information.

• The handover of personal information-related handlers is carried out thoroughly while security is maintained, and the responsibility for personal information accidents after joining and resigning from the Company is clarified.

• The Company does not take any responsibility for the leakage of personal information caused by personal error of the user or the inherent risk of the Internet. The users must properly manage their account and password and take responsibility for protecting their personal information.

 

The Company operates a personal information management department to collect customer feedback and handle customer complaints regarding personal information and the staff of the Company responsible for managing personal information is as follows:

• Customer Support Department

- E-MAIL: account@xlgames.com

- FAX: 070-7614-3183

• Person in charge

- Name: Kim Kyoung min

- Company/Title: XLGAMES/Head of Infrastructure Department

- E-MAIL : privacy@xlgames.com

 

The Company may provide external links of other companies' websites or materials. In this case, as the Company has no control over external websites and materials, the Company shall not be liable for usefulness, integrity or legality of the services or data and cannot guarantee them. In case the user gets redirected to another website or webpage by clicking a link, the privacy policy of the website or webpage is irrelevant to the Company, thus, the user needs to check the policy of the newly visited website or webpage.

Effective Date: 6th of April, 2023