Privacy Policy

Utplus Interactive (the "Company") values the protection of user personal information on its services or games (the "Service") and is committed to protecting User personal information at all times.

Chapter 1 General

Personal Information is information about a living individual, including information such as symbols, text, voice, sound, and images that can be readily combined with other information to recognize that individual, even when that information alone does not identify the individual.

  1. The Company values the protection of your information the most and complies with THE ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND DATA PROTECTION, ETC. and the PERSONAL INFORMATION PROTECTION ACT and related laws.
  2. In this Privacy Policy, we will inform you of the purpose and manner in which the personal information you provide is being used and of our efforts to effectively and actively protect your personal information.
  3. The Company discloses this Privacy Policy on the front page of the web (www.utplus.co.kr) or on the Service signup page so that users can easily view it at any time.
  4. This Privacy Policy is subject to change as applicable laws and regulations change or as internal operating policies change. When the Privacy Policy is changed, we will post the revised content on the web so that users can easily recognize it.

Chapter 2 What We Collect and How We Use It

Category Items Purpose
OPEN ID
Login
Google Login: Login information Identification value, email Sign up, log in, and manage members
Facebook Login: Login information Identification value, email
Apple Login: Login information Identification value, email
Personal User (Optional) Date of birth, Sex User Identification, children Identification
Legal Representative (Required) legal representative information (If User is under the age of 14)
e-mail
Legal representative consent
Enterprise User (Required) Company name, contact name contact phone number, business license number Building a custom service
Identity Verification Name, gender, date of birth, phone number, carrier name Identity verification

Identification and age restrictions Provision of services, handling of complaints related to the use of services, prevention of unauthorized use by users, etc.

  1. Personal User : E-mail, full name, date of birth, gender, created using OPEN ID and available for collection.
    1. Common: IP Address, date and time of visit, Service usage records, suspension records, usage records, access logs, cookies Information automatically generated in the process of using the Service (IP, access records, Service usage records, bad usage records, payment records, cookies, etc.) and information that can identify devices (device type and OS information, device specification information, UUID, advertising identifiers, etc.
    2. Provision of service-related information (service failure, system inspection, change of terms and conditions, delivery of notices such as notification of service usage history and personal information usage history, confirmation of identity, service-related consultation, complaint handling, and delivery of usage guidelines/notices such as use of cash products)
  2. Consent of legal representative and personal information of legal representative and user
    (When registering an individual user under the age of 14 and purchasing a paid service for an individual user under the age of 19)

    Information collected/used/stored upon consent of legal representative

    1. Authentication method: If the User is a child, the legal representative shall be deemed to have approved the authentication of the legal representative and the User's use through the authentication method prescribed by the Company.
    2. Information used for authentication: The method of confirming consent during authentication is email authentication. Upon completion of authentication, it is deemed that children have agreed to use the Service.

Chapter 3 Consent to Collection

The Company has a procedure for users to click the "I agree" or "I disagree" button on the contents of the collection and use of personal information, and by clicking the "I agree" button, the user is deemed to have agreed to the collection of personal information.

Chapter 4 Collection Methods

The Company collects personal information required for the Service from the information entered in the OPEN ID provided during the subscription process.

Chapter 5 Consignment

  1. In order to provide basic services, provide better services, and provide user convenience, the Company consigns the following personal information processing tasks to external companies (or other services of the Company).

Consignees Consignment work Period
Xsolla, Inc Payment service Upon withdrawal or termination of consignment agreement
Payletter Identity verification service
Singular Usage analytics and statistics service
Google LLC Usage analytics and statistics service

  1. The tasks consigned to the following entities outside of Korea for the processing of personal information are as follows.

Consignees Xsolla, Inc
Country USA
When / How November 23, 2022 / For every Paid Service purchase made through Xsolla
Consigned Personal Information Paid Service Purchase information
Purpose Paid Service Operations and management
Period Same as the retention period described in the Personal Information Processing Policy Until withdrawal of Service or termination of consignment contract
Contact support@xsolla.com

Consignees Singular
Country USA
When / How August 31, 2022 / Every time access the User service
Consigned Personal Information User behavior information
Purpose Usage analytics and statistics service
Period Same as the retention period described in the Personal Information Processing Policy Until withdrawal of Service or termination of consignment contract
Contact privacy@singular.net

Consignees Google LLC
Country 미국
When / How August 31, 2022 / Every time access the User service
Consigned Personal Information User behavior information
Purpose Usage analytics and statistics service
Period Same as the retention period described in the Personal Information Processing Policy Until withdrawal of Service or termination of consignment contract
Contact 구글 애널리틱스 Customer Center

  1. The Company manages to comply with the laws and regulations related to the protection of personal information, maintain the confidentiality of personal information, prohibit the provision of personal information to third parties, assume responsibility in the event of an accident, the consignment period, and the obligation to return or destroy personal information after the end of processing, etc. through the consignment agreement.

Chapter 6 Access and Correction

  1. Users may view or change their registered Personal Information at any time.
  2. If a User requests correction of an error in Personal Information, the Company will not use or provide such Personal Information until the correction is completed.
  3. If we have already provided incorrect personal information to a third party, we will immediately notify the third party of the result of the correction process and take measures to correct it.

Chapter 7 Withdrawal of consent to collection, use, and provision

  1. Users may withdraw their consent to the collection, use, and provision of personal information at any time through registration. If you follow the withdrawal procedure posted on the Company's website or contact the person in charge of protecting personal information in writing, by phone, or by e-mail, the Company will immediately take the necessary measures to withdraw. When the Company takes measures such as withdrawing consent and destroying personal information, the Company will immediately notify the user. However, withdrawal of consent (withdrawal) does not occur even if the user deletes the APP, client, etc. that provides the "Service", so if you want to withdraw, you must give a request for withdrawal of consent (withdrawal).
  2. The Company takes necessary measures to make it easier to withdraw consent to the collection of personal information than to sign up.

Chapter 8 Period of Use

  1. The user's personal information is retained and used during the period of providing the service to the user, and is destroyed so that it cannot be viewed or used after withdrawal. However, in order to prevent the occurrence of unfair or illegal acts such as taking economic benefits such as discount coupons and event benefits provided by this service by repeatedly rejoining or arbitrarily terminating, or unauthorized use of the name in the process, and to respond to various inquiries related to the provision of the service, the personal information of the user who agreed to join the service is kept for one month after withdrawal, and if it is necessary to preserve it in accordance with the provisions of related laws and regulations, it is preserved in accordance with related laws and regulations.
  2. If it is necessary to preserve the user's personal information in accordance with relevant laws such as the COMMERCIAL ACT, ACT ON THE CONSUMER PROTECTION IN ELECTRONIC COMMERCE, ETC. and PROTECTION OF COMMUNICATIONS SECRETS ACT even after the user's withdrawal from the Service, the Company will keep the user's information for the period specified in the relevant laws. At this time, the Company will only use the retained information for the purpose of retention, and the retention period is as follows.
    1. The retention period promised when the user's consent is obtained individually.
    2. Log record data, IP address, etc. necessary for providing communication fact verification data: at least 3 months (PROTECTION OF COMMUNICATIONS SECRETS ACT)
    3. Records on display and advertising: 6 months (ACT ON THE CONSUMER PROTECTION IN ELECTRONIC COMMERCE, ETC.)
    4. Records on contract or withdrawal of subscription: 5 years (ACT ON THE CONSUMER PROTECTION IN ELECTRONIC COMMERCE, ETC.)
    5. Records on payment and supply of goods: 5 years (ACT ON THE CONSUMER PROTECTION IN ELECTRONIC COMMERCE, ETC.)
    6. Records on the handling of consumer complaints or disputes: 3 years (ACT ON THE CONSUMER PROTECTION IN ELECTRONIC COMMERCE, ETC.)
  3. If a user requests to view the transaction information held with the user's consent, the Company will immediately take measures to allow the user to view and confirm the information.

Chapter 9 Procedures and methods of destruction

  1. After the purpose of using the collected personal information is achieved, the Company will immediately destroy the information according to the storage period and usage period. The procedure, method, and time of destruction are as follows.
  2. Personal information entered by users for service subscription, etc. will be deleted or destroyed after the retention period for information protection reasons (see 8. Retention and use period of personal information) in accordance with internal policies and other relevant laws after the purpose of use is achieved, such as service termination.
  3. However, in order to prevent the occurrence of unfair or illegal acts such as taking economic benefits such as discount coupons and event benefits provided by this service by repeatedly rejoining or arbitrarily terminating the service, or using the name without permission in the process, and to respond to various inquiries related to the provision of the service, we will keep the user's information data for one month after withdrawal, and delete all the user's data after that.

Chapter 10: Rights and Enforcement of Users and Legal Representatives

Users or their legal representatives (in the case of children under 14) have the right to request the deletion of their personal information collected by the Company. Users may exercise this right at any time by contacting the Company through the contact information provided below. Upon receiving a valid request for deletion, the Company will promptly delete the user's personal information from its records and notify the user of the completion of the process.

Data Deletion Contact Information:

Please note that while all personal data will be deleted as per the request, some information may be retained as required by applicable laws or for legitimate business purposes, such as resolving disputes or enforcing agreements. Retention periods are detailed under "Chapter 8: Period of Use".

Data Deletion Process:

  1. Submit your deletion request via the contact methods listed above.
  2. The Company will verify the identity of the requestor to ensure they have the right to make the request.
  3. Once verified, the Company will proceed with the deletion of all personal data within the legally required timeframe and notify the user upon completion.

This ensures compliance with privacy laws and respects the rights of users to manage their personal information.

Chapter 11 Rights and Obligations of Users

  1. Users have the right to receive sincere answers from the Company whenever they have questions.
  2. Please keep your personal information up to date and accurate to prevent unreasonable accidents. Users are responsible for accidents caused by entering inaccurate information, and may lose their user status if they enter false information, such as unauthorized use of other people's information.
  3. Users have the right to have their personal information protected, but they also have the obligation to protect their personal information and not to infringe on the information of others. Please be careful not to disclose your personal information, including the relevant OPEN ID and password you are using, and be careful not to damage the personal information of others, including your posts. If you fail to fulfill these responsibilities and damage other people's information, you may be punished under THE ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND DATA PROTECTION, ETC.

Chapter 12 Notice of Privacy Policy

  1. When the Company intends to obtain additional consent from the user to use the user's personal information beyond the scope of the user's consent or to provide it to a third party, the Company will notify the user individually in writing, by e-mail, by posting on the Internet homepage, etc. in advance and obtain the user's consent.
  2. When entrusting others to collect, store, process, use, provide, manage, and destroy users' personal information, the Company will disclose such matters on the Internet homepage through the Privacy Policy on the homepage.

Chapter 13 Techniques and Practices for Legal Representatives

The Company has Technical and Practices mitigations in place to protect users' personal information.

Technical mitigations

  1. The Company takes the following technical measures to prevent the loss, theft, leakage, alteration, or damage of users' personal information.
    1. The Company uses an antivirus program to prevent damage from computer viruses. The antivirus program is updated periodically, and if a virus suddenly appears, the Company provides the antivirus as soon as it is available to prevent personal information from being compromised by the virus.
    1. The Company is committed to security by using intrusion prevention systems and vulnerability analysis systems for each server in preparation for external intrusions such as hacking.

Practices mitigations

  1. The Company has established procedures for accessing and managing users' personal information and requires its employees to be familiar with and follow them.
  2. The Company limits access to users' personal information to a minimum number of persons. The minimum number of persons is as follows.
    1. Those who directly deal with users and perform marketing tasks
    2. Those who perform personal information management tasks, such as the person in charge of protecting personal information and the person in charge.
    3. Persons who are required to process personal information for other business purposes.
  3. The Company has established procedures for accessing and managing users' personal information and ensures that its employees are familiar with and comply with them, and conducts regular in-house training and outsourced training for employees who handle personal information on acquiring new security technologies and their obligations to protect personal information.
  4. The Company ensures that the handover of duties of personal information handlers is thoroughly carried out in a secure manner, and clarifies the responsibilities of personal information handlers for personal information incidents after they join and leave the company.
  5. The Company requires employees to sign a non-disclosure agreement when they leave the company to ensure that those who have handled users' personal information do not damage, infringe, or disclose personal information learned in the course of their duties.
  6. The Company takes measures to verify the identity of the User when collecting or providing information on payment such as credit card numbers and bank payment accounts to the User in order to conclude a service use contract or provide services.
  7. The Company is not responsible for any mistakes made by the User or for events that occur due to basic Internet risks. Therefore, each User must properly manage and be responsible for his/her OPEN ID and password (PASSWORD) to protect his/her personal information. In addition, you should avoid using a password (PASSWORD) that can be easily guessed by others, and it is desirable to change your password (PASSWORD) regularly.
  8. If you access the homepage from a shared PC and log in, please be sure to log out and exit the homepage when moving to other sites and when ending your use of the Service. Otherwise, your information, such as OPEN ID and PASSWORD, may be easily leaked to others through that browser.
  9. In addition, if personal information is lost, leaked, altered, or damaged due to an internal manager's mistake or technical management accident, the Company will promptly notify the user and take appropriate measures and compensation.

Chapter 14 Collecting opinions and handling complaints

  1. For smooth communication with users, the Company will endeavor to respond to consultations using e-mail within 24 hours of receipt.
  2. In addition, if you need to consult about personal information infringement, you can contact the Personal Information Infringement Report Center of the Korea Internet & Security Agency or the Cyber Safety Guardian of the National Police Agency.
    1. Personal Information Infringement Report Center
      1. Phone: 118 (without area code)
      2. URL: privacy.kisa.or.kr
    2. Supreme Prosecutors' Office Cyber Investigation Division
      1. Phone: 1301 (without area code)
      2. URL: www.spo.go.kr
    3. National Police Agency Cyber Investigation Bureau
      1. Tel: (without area code) 182
      2. URL: ecrm.cyber.go.kr
    4. Personal Information Dispute Mediation Committee
      1. Tel: (without area code) 1833-1697
      2. URL: www.kopico.go.kr

Chapter 15 Data Protection Officer and Person in Charge

  1. The Company takes the protection of users' personal information very seriously and does its best to ensure that users' personal information is not damaged, infringed, or leaked. However, despite technical complementary measures, the Company is not responsible for any unexpected accidents due to basic network risks such as hacking, or for any damage to information or disputes arising from posts made by visitors.
  2. If you have any questions about the protection of your personal information, please contact the Customer Center, and if you would like to talk to the person in charge of personal information protection of this service, please contact us at the contact information below or by e-mail. We will respond promptly and sincerely.

    Name: Tae Min Kim
    Position: Director
    Telephone number: 031-716-2088
    E-mail address: tei@utplus.co.kr

Chapter 16 Protection of children under the age of 14

  1. The Company takes steps to protect children and their legal representatives from being disadvantaged by personal information provided by children under the age of 14 ("Children").
    1. We use antivirus programs to protect against computer viruses. The antivirus program is updated periodically, and if a virus suddenly appears, the Company provides a vaccine as soon as it is available to prevent personal information from being compromised by the virus.
    2. The Company is committed to security by using an intrusion prevention system and a vulnerability analysis system for each server in preparation for external intrusions such as hacking.
  2. The Company shall obtain the consent of the legal representative of the child when performing the following acts in relation to the child's personal information.
    1. Collecting personal information for children's subscription to the service, or using or providing personal information to a third party beyond the scope notified when subscribing to the service or disclosed in the terms of use of the service.
    2. If the person to whom the child's personal information is provided uses the child's personal information for purposes other than those purposes or provides it to a third party.
  3. In order to obtain the consent of the legal representative, the Company may require the minimum necessary information, such as the email of the legal representative. At this time, the Company will inform the Children of the purpose of collecting, using, or providing the Personal Information and that the consent of the legal representative is required in plain language that can be easily understood by anyone.
  4. Personal information of the legal representative collected to obtain the consent of the legal representative will not be used or provided to a third party for any purpose other than to confirm the consent of the legal representative.

Chapter 17 Transmission of Advertising Information

  1. The Company shall not send commercial information for commercial purposes without the prior consent of the User.
  2. When the Company transmits advertising information by e-mail to conduct user-oriented marketing, such as information on new products or events, the Company shall obtain the user's consent to transmit the advertising information in advance and take measures to ensure that the user can easily recognize the advertising information in the subject line and body of the e-mail as follows. When transmitting advertising information to App. PUSH, the Company obtains prior consent from the user to transmit advertising information and takes measures to ensure that the user can easily recognize that it is advertising information as follows in the body of App. PUSH.
  3. When sending commercial information to users who have agreed to receive advertisements via e-mail or other methods other than App.PUSH, the Company takes necessary measures such as indicating the name of the sender.

Chapter 18 Collection of Service Usage Logs and Device-Generated Information

The Company collects Service usage information generated in the course of the User's use of the Device without combining it with personally identifiable information, and obtains the User's express consent if it is necessary to combine it with the User's personally identifiable information.

Chapter 19 Notice Obligations

The Company will notify you of any additions, deletions, or modifications to the content due to changes in government policy or security technology through the 'Notice' section of the web at least 7 days prior to the revision.

Addendum

Notice Date Nov. 26, 2024
Effective Date Nov. 26, 2024