Company IDaNote ("IDaNote" or the "Company") collects, uses, and provides personal information based on the user's consent and actively ensures the user's rights (right to self-determination of personal information).
The Company complies with the "Personal Information Protection Act" and related laws and regulations to lawfully process and securely manage personal information for the protection of user's personal information. When the Company collects, uses, and provides the user's personal information, it notifies the user in advance, goes through the consent process, and does not collect, use, or provide the user's personal information if the user does not consent. However, if consent is refused, there may be restrictions on the use of all or part of the services.
The "Privacy Policy" refers to the guidelines that IdeaNote must comply with in order to protect the user's valuable personal information and allow the user to use the services with confidence.
This privacy policy contains the following contents:
The Company collects the minimum necessary personal information for providing services, and collects the following personal information for basic service provision such as member registration, smooth handling of user inquiries, and various service provision. Additional optional information necessary for providing more comprehensive services is collected separately. The collected personal information includes the following:
1) Items of personal information collected:
(1) When the user runs the game to facilitate smooth game service usage, the Company automatically collects the device identifier (device ID or IMEI). If the user refuses to automatically collect the device identifier, they cannot use the game. In addition, for membership registration, smooth customer consultation, and various service provision, the Company collects the following personal information when the user initially registers or uses the game service through the following platforms:
- Guest login: Nickname, device ID, game membership number (game creation information)
- Using Google account: Google ID, public profile (name, age, gender information), nickname, game membership number (game creation information)
- Using APPLE account: APPLE ID, public profile (name, age, gender information), nickname, game membership number (game creation information)
※ Depending on the information disclosure criteria set at the time of Google, APPLE, and account membership registration, the collected personal information items may vary.
(2) The following information may be automatically generated and collected during the service usage process or business processing:
IP address, cookies, the date and time the user accessed the service, service usage records, records of fraudulent use, connecting telephone numbers, records of service suspension, user's mobile device information (model name, OS version, device unique identifier, etc.)
(3) When using direct payment, the following payment information may be collected:
When the Company utilizes payment methods provided by each mobile communication carrier and app store operator according to the user's device type, payment information is not collected.
- Using payment agencies: Unique payment number, payment amount
- Mobile phone payment: Mobile phone number, subscriber name, payment approval number, mobile communication carrier, device ID
- Landline payment: Telephone number, subscriber name
- Credit card payment: Card issuer name, card number, cardholder name, card expiration date
- Bank transfer: Bank name, account number, account holder name
- Gift certificate: Affiliate ID, gift certificate number, password
- Event prize delivery: Address, contact information
The Company processes personal information for the following purposes. The processed personal information is not used for purposes other than those stated below. If the purpose of processing personal information is changed, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
1) User identification, confirmation of intent to join and limitation on the number of registrations, prevention of improper use by malicious users, confirmation of parental consent and verification of the legal representative's identity
2) Handling user inquiries or complaints, delivering notices
3) Providing services, calculating fees for purchasing and using paid services
4) Notifying users of participation opportunities in new service development and event promotions, marketing and advertising
5) Analyzing service usage records and frequency of access, providing customized services and improving services through statistical analysis of service usage
6) Establishing a safe usage environment for the protection of user's personal information
The Company processes personal information within the scope specified in the purpose of processing personal information, and personal information of users is provided to third parties only with the user's consent or in accordance with special provisions specified by laws and regulations.
The Company entrusts some of the necessary tasks for providing services to external companies. When entering into an entrustment agreement, the Company documents the purpose of the entrusted task, prohibits the processing of personal information beyond the scope, and implements technical and administrative protective measures. The Company manages and supervises the entrusted company to ensure compliance with relevant laws and regulations. When outsourcing tasks to external companies, the Company notifies the members of the outsourcing details.
The Company processes personal information within the retention and use period consented by the user during membership registration and service usage. When a user requests withdrawal of membership or revokes consent for the collection and use of personal information, or when the collection and use purposes have been achieved or the retention period has expired, the user's personal information is promptly destroyed. However, even after the withdrawal of membership or revocation of consent, the Company retains the user's personal information for a period of 7 days, and after this period, the personal information is completely deleted. However, in cases where there is a need to retain personal information in accordance with the Commercial Act or other relevant laws and regulations, or for the protection of personal information pursuant to internal policies or other related laws and regulations, the Company retains user information for a certain period as follows:
1) Retention of information according to internal policies:
Records of fraudulent use are retained for 5 years to prevent improper use.
2) Retention of information according to relevant laws and regulations:
"E-commerce Act":
- Records related to contracts or withdrawal of offers: 5 years
- Records of payment, supply of goods, etc.: 5 years
- Records related to consumer complaints or dispute resolution: 3 years
- Records related to display or advertisements: 6 months
The Company generally destroys personal information as soon as the purpose of collection and use of personal information has been achieved. The procedures and methods for destruction are as follows:
1) Order of destruction:
Information entered by users for user registration and other purposes is destroyed after being retained for a certain period for the purposes of personal information collection and use, as well as for protection reasons specified in internal policies and other relevant laws and regulations (refer to "Retention and Use Period of Personal Information" under Section 5).
2) Method of destruction:
Personal information stored in electronic file format is deleted using technical methods that make it impossible to regenerate the records. Printed personal information is shredded or incinerated for destruction.
1) User's rights and how to exercise them:
Users and legal representatives can request access, correction, withdrawal of consent, deletion, or suspension of processing regarding their personal information at any time. However, if consent is revoked or personal information is deleted, there may be restrictions on the use of all or part of the services.
2) Access and correction of personal information:
Users can directly access and modify their personal information after undergoing identity verification procedures through the "Customer Center."
3) Withdrawal of consent, deletion, and suspension of processing of personal information:
Users can request withdrawal of consent, member withdrawal, and deletion through the "Settings" menu in the game or by contacting the "Customer Center." However, such requests may result in partial or complete restriction of service usage. In cases where information is collected in accordance with other laws, it may be difficult to withdraw consent, delete, or suspend processing.
4) Handling of personal information of children under 14 years old:
The Company generally does not collect personal information of children under 14 years old. If a legal representative requests the withdrawal of a child's membership from the Company's services, the withdrawal process will be explained to the legal representative. If it is necessary to process a child's personal information in order to handle a request from the user, the Company will obtain the consent of the legal representative and promptly destroy the relevant information after the completion of the related tasks.
1) Personalized Advertising
Personalized advertising provides users with relevant advertisements based on their visit history, activity logs, and search history (referred to as "behavioral information") in the service.
To deliver relevant advertisements to users, the Company uses an "Advertising ID." The Advertising ID is an identifier issued by the mobile operating system (OS) used to provide users with personalized information or advertisements.
2) Protection of User Information in Personalized Advertising
The Company does not collect sensitive information that can clearly infringe upon the rights, interests, or privacy of users. The Company does not combine behavioral information collected through the Advertising ID with personally identifiable information without the user's consent.
Behavioral information collected through the Advertising ID is retained for a maximum of one year to provide personalized advertisements and content based on demographic characteristics and interests, and is then destroyed using technical methods that make it impossible to recover or reproduce the information.
The Company does not collect activity logs or other information from online services that are primarily used by children under 14 years old, nor does it provide personalized advertising to children under 14 years old.
3) How to Opt-Out of Personalized Advertising
Users can block the reception of personalized advertising at any time, and once blocked, personalized advertising will no longer be displayed.
If users do not wish to receive interest-based advertising within mobile apps, they can disable personalized advertising using the following methods according to their respective operating systems:
(1) Android: Settings > Google > Ads > Opt out of Ads Personalization
(2) iOS: Settings > Privacy > Tracking > Allow Apps to Request to Track > Disable Tracking
4) Information about the Use of Cookies
The Company uses "cookies" to provide personalized services by storing and retrieving user information. Cookies are very small text files sent by the server operating the service to the user's mobile device/PC, where they are stored. When users use the service, the server reads the contents of the cookies stored on the user's mobile device, verifies the user's information, and provides personalized services.
The Company uses cookies for profile information integration and other personalized services, and users have the option to allow or reject the installation of cookies. Users can configure whether to allow cookies or delete them in the settings of their mobile device/PC. However, if the use of cookies is not allowed, there may be difficulties in using services that require login.
The Company considers user's personal information as the most valuable asset and makes efforts to ensure the security of personal information by implementing the following measures:
1) Establishment and implementation of internal management plans for personal information protection:
The Company has established and implemented internal management plans that secure the safe handling of user's personal information and regularly verifies their implementation.
2) Encryption of user's personal information:
The Company transmits user's personal information through encrypted communication channels, and stores important information such as passwords in encrypted form.
3) Efforts to protect against hacking and computer viruses:
To prevent the leakage or damage of user's personal information caused by hacking, computer viruses, and other threats, the Company installs systems in controlled areas to restrict external access. It continuously monitors and blocks hacking attempts and installs antivirus programs to prevent system infection by the latest malicious codes or viruses. The Company also continuously researches new hacking/security technologies and applies them to the services.
4) Minimization of access to valuable personal information:
The Company minimizes the number of employees handling personal information and blocks external internet access on work PCs to reduce the risk of personal information leakage. It establishes systematic criteria for creating and changing passwords for databases storing personal information and systems processing personal information, and conducts regular audits.
5) Regular education for employees on the protection of user's personal information:
Regular education and campaigns on the obligation of personal information protection and security are conducted for all employees handling personal information.
6) Management of personal ID and password:
IDs and passwords used by users are designed to be used exclusively by the users themselves. The Company is not responsible for problems arising from personal information leakage due to user's negligence or risks inherent in the internet. Users should have a security awareness regarding passwords, change passwords frequently, and pay attention to preventing personal information leakage when logging in on public PCs.
When considering additional use or provision of personal information without the user's consent, the Company will consider the following factors:
1) Relevance to the initial purpose of collection
2) Predictability of additional use or provision of personal information based on the circumstances of collection or processing practices
3) Whether it unreasonably infringes upon the user's interests
4) Whether necessary measures such as anonymization or encryption for security have been taken
The Company has designated a personal information manager to protect user's personal information and handle complaints related to personal information management. Users can direct any inquiries regarding personal information protection in the Company's services to the personal information manager or the responsible department. The Company will provide prompt and sufficient responses to user inquiries.
(1) Personal Information Manager:
Name: Hwang Jin-Sung
Email: idanotevoc@idanote.com
(2) Personal Information Protection Department (Game Development Team)
Email: idanotevoc@idanote.com
For consultations regarding personal information breaches, please contact the following organizations:
Personal Information Infringement Report Center: 118 (no area code) (http://privacy.kisa.or.kr)
Privacy Mark Certification Committee: 02-550-9531~2 (http://www.eprivacy.or.kr)
Cyber Crime Investigation Unit of the Prosecutor's Office: 02-3480-2000 (http://www.spo.go.kr)
Cyber Terror Response Center of the Police Agency: 182 (no area code) (http://www.ctrc.go.kr)