Privacy Policy
XLGAMES Co., Ltd. (hereinafter referred to as the 'Company') values the user's personal information and makes all the necessary efforts to effectively manage and secure the personal information of its members.
The Company informs the user of what purpose and method of personal information is being used and what measures are being taken to protect their personal information. Furthermore, the Privacy Policy is disclosed in the official website of XLGAMES so that the members can easily access and view the information.
The Privacy Policy can be amended according to changes in the relevant laws and internal operational policies. In the event that revisions are made, the reason and changes shall be informed to the members without any delay.
A. In case all or part of the business is transferred or the rights and duties are transferred due to merger, inheritance, etc., the users shall be informed through a notification to be displayed on the front page of the official website of XLGAMES (hereinafter referred to as the 'Service Website') for 30 days or more.
B. In case the Privacy Policy is revised, the users shall be informed at least seven days prior to the revision by a notice on the Service Website (or individual notice) or by posting the link of the Privacy Policy to the Service Website.
The Privacy Policy contains the following information:
The Company informs the user of what purpose and method of personal information is being used and what measures are being taken to protect their personal information. Furthermore, the Privacy Policy is disclosed in the official website of XLGAMES so that the members can easily access and view the information.
The Privacy Policy can be amended according to changes in the relevant laws and internal operational policies. In the event that revisions are made, the reason and changes shall be informed to the members without any delay.
A. In case all or part of the business is transferred or the rights and duties are transferred due to merger, inheritance, etc., the users shall be informed through a notification to be displayed on the front page of the official website of XLGAMES (hereinafter referred to as the 'Service Website') for 30 days or more.
B. In case the Privacy Policy is revised, the users shall be informed at least seven days prior to the revision by a notice on the Service Website (or individual notice) or by posting the link of the Privacy Policy to the Service Website.
- 1. Items and Methods of Collecting Personal Information
- 2. Purpose of Collecting and Using Personal Information
- 3. Period of Retention and Use of Personal Information
- 4. Procedure and Method for Personal Information Destruction
- 5. Sharing and Providing Personal Information
- 6. Commission for Personal Information
- 7. Rights and Exercise of the Rights of the Members and their Legal Representatives
- 8. Matters Concerning Installation/Operation and Rejection of Personal Information Auto-Collection Device
- 9. Lawful Processing of Personal Information under CCPA(California Consumer Privacy Act)
- 10. Lawful Processing of Personal Information under GDPR(General Data Protection Regulation)
- 11. Technical / Administrative Protection Measures for Personal Information
- 12. Staff Responsible for Managing Personal Information
- 13. Link Sites, Webpages
1. Items and Methods of Collecting Personal Information
The Company collects and uses the minimum amount of personal information necessary to provide services to users. Among them, the selection is collected to provide better quality services, but there is no restriction in using the service even if the information is not provided.
- A. Items of Personal Information Collected
- • Account registration
-
- Account registration and login: email address(account name), password, service token wallet address
- Google user identification information* - * When using the game through linkage with Google account, or if linking with the official community, no further collection or save is done other than the information provided by each social platform.
- • Items collected during the service
-
- User’s pc specification, system information, and cookies, including browser type, operating system, and IP address.
- Connection time, location information, improper usage record, improper usage monitoring record, and service usage record. - • Additionally, the Company may request user to provide selective personal information in connection with statistical data analysis for questionnaire poll or gift event.
- B. Methods of Collecting Personal Information
- • Service website, support forum, email, event application, and delivery request
- • Partners and suppliers
- • Collecting using generated information tools
- • Monitoring bad users
2. Purpose of Collecting and Using Personal Information
Without the user's approval, the company does not release the gathered personal information, and the collected personal information is used for the following purposes.
- • Account, password, service token wallet address: User identification according to member service use, personal identification, prevention of fraudulent use and unauthorized use, confirmation of the users’ will to use, handling complaints, and delivering notices.
- • Email address: Ensuring effective communication channel to deliver notices, confirm users’ opinion, handle complaints etc., providing information on new products/services or promotional events, customer satisfaction survey.
- • E-mailing: Information about events, updates and new services.
- • Service usage history, access log, access IP information, improper usage history: Prevention of recurrence of improper usage by bad users, checking access frequency, statistical data on service use of the members.
-
• A User can use Face Wallet. Use of Face Wallet is considered voluntary consent to the Privacy Policy found in the links and the BORA PORTAL service use contract will be signed between the user and METABORA SINGAPORE PTE. LTD.
https://policy.boraportal.com/#privacy
3. Period of Retention and Use of Personal Information
The user's personal information will only be used in a limited way and it will commence once the user starts using the service until the end of service. If the user demands to withdraw their consent to collect personal information, the purpose of collecting and using the information has been achieved, or the period of use and retention has ended, the users' information shall be destroyed without any delay.
- • Records on improper use
-
- Purpose: Prevention of improper use
- Period of retention: 1 year - • Registration information
-
- Purpose: Avoid confusing users, handling customer complaints and resolving disputes
- Period of retention: 6 months - • Records on non-member consultation
-
- Purpose: Consulting non-member, handling customer complaints and resolving disputes.
- Period of retention: 1 year - • Records on website visit
-
- Purpose: Handling customer complaints
- Period of retention: 3 months - • Records on customer complaint or dispute treatment
-
- Purpose: Handling customer complaints and resolving disputes.
- Period of retention: 3 years - • Records regarding contract or withdrawal
-
- Purpose: Accounting, handling customer complaints.
- Period of retention: 5 years - • Records on payment and supply of goods
-
- Purpose: Accounting, handling customer complaints.
- Period of retention: 5 years
4. Procedure and Method for Personal Information Destruction
In principle, users' personal information shall be destroyed once the purpose has been achieved.
The procedures and methods for destroying users' personal are as follows:
The procedures and methods for destroying users' personal are as follows:
- A. Destruction Procedure
- • The information provided by the users for service use shall be collected and transferred to a separate secured database (if necessary, protected under the company's security policy or a separate document box if incase on paper form) and destroyed after a certain period of time in accordance with its internal policy.
- • Personal information transferred to a separate secured database shall not be used for other purposes other than those held by the law or re-registration processing, etc.
- • Personal information whose retention period has ended should be destroyed.
- B. Method of Destruction
- • Personal information printed on paper should be shredded or destroyed by incineration.
- • Personal information stored in electronic file form is deleted using a technical method that cannot be reproduced.
5. Sharing and Providing Personal Information
The Company will not provide personal information to third parties under any circumstances beyond the range notified in the [Purpose of Collecting and Using Personal Information] except in the case of users' consent or unless demanded by applicable laws. Exceptions are provided in the following cases:
- • The user agrees as follows in advance
- • When the data is required for statistical analysis, academic or market research, the data must be processed so that individuals cannot be recognized.
6. Commission for Personal Information
The Company commissions external professional companies to process personal information as follows to improve service quality. When commissioning subcontractors, the company stipulates the necessary matters in order to secure safety of personal information in accordance with the relevant regulations.
Name of subcontractors | Description of commissioned works (services) | Items to be provided | Period of retention and use of personal information |
---|---|---|---|
Kamuse | Client download service | IP address and Port Number | Until the service is cancelled or consignment agreement is terminated. |
Wellbia | Xigncode security service | User ID, hardware information(operating systems, executable file name, execution time, path for executable files, etc.) to check the game execution and the error occurrence history | Until membership withdrawal or consignment agreement is terminated. |
Xsolla | Merchant of record | User ID, e-mail Address | Until a stated time in relevant regulation until membership withdrawal or consignment agreement is terminated. |
7. Rights and Exercise of the Rights of the Members and their Legal Representatives
- • Protection of personal information of children
- - If the Company intend to collect, use, or provide the personal information of users (hereinafter referred to as "children") who require a consent of a legal representative in accordance with the relevant laws and regulations of each country, the company obtains consent from the legal representative in addition to the consent of the children.
- - In such cases, the company may ask for minimum personal information such as name and phone number of the user’s legal representative that is necessary to obtain the consent from the legal representative of the children. The Company does not use or provide the collected personal information to a 3rd party other than confirming the legal representative's consent.
- - When there is a contract, withdrawal of subscription, payment, and supply of products between the children and the Company, the consent form of the legal representation shall be utilized to resolve the user's complaints and disputes.
- - The Company destructs the legal representative’s consent form and the data related to withdrawal of the consent in nonrenewable way when the purpose of its use has been achieved and the grace period has expired. The information of the legal representative is retained for a period of time determined by the applicable laws and regulations if it is required to be preserved.
- • The users can request to withdraw their consent provided before by cancelling their membership or contacting the Customer Support. In this case, the Company takes reasonable measures including destruction of personal information in compliance with this policy and applicable Laws after identification.
- • Members have the rights to ask for access and correction to their own personal information. If the legal representative requests an access and correction to personal information of that children, the Company may ask for further information such as Power of Attorney in order to confirm the legitimacy of the power of representation.
- • The Company may reject a member's access or correction request only if there is good cause, and the Company will notify and explain the reasons to the member.
8. Matters Concerning Installation/Operation and Rejection of Personal Information Auto-Collection Device
The Company can use 'cookies' as a method to provide the users with personalized services, such as analyzing service usage patterns and membership services.
Cookies are very small text files that are installed on the user's hard disk via a web server. The Company uses the minimum number of cookies required to provide services in an encrypted form, which recognizes computers but not specific individuals.
The user will have the option to refuse to store all cookies, check whenever a cookie is stored, or accept all cookies by specifying options in the web browser. In case the user reject cookies, however, usage of some services that require login may be limited
Cookies are very small text files that are installed on the user's hard disk via a web server. The Company uses the minimum number of cookies required to provide services in an encrypted form, which recognizes computers but not specific individuals.
The user will have the option to refuse to store all cookies, check whenever a cookie is stored, or accept all cookies by specifying options in the web browser. In case the user reject cookies, however, usage of some services that require login may be limited
- • How to Specify whether to Allow the Installation of Cookies (for Chrome)
- ① At the top right, click ‘More’ and ‘Settings’.
② Click ‘Privacy and security’ and ‘Cookies and other site data’.
③ Select an option ‘Allow all cookies’ or ‘ Block all cookies’.
9. Lawful Processing of Personal Information under CCPA(California Consumer Privacy Act)
The company abides by the California Consumer Privacy Act
- A. Personal information collected/shared for duty purposes
The company can collect/share the following categories of information that can directly/indirectly identify the user or their device, or information that can be reasonably connected to the user or their device("personal information") for business purposes. - • Identifiers - Nickname, unique identifier, online ID, IP, email address, account name or other similar ID
- • Commercial information - Purchased/obtained/collected item or service, other records on purchase, consumption history or tendency
- • Geolocation Data - Geographic location data such as country of residence
- B. Purpose of collection
- The personal information above is used/shared for purposes such as enhancing service quality, providing service, maintaining account, customer response service, customer confirmation, advertisement, and user pattern analysis as follows.
- • Resolving technical issues and enhancing quality of company service
- • Individual user identification to provide company service
- • Technical protection against use of unauthorized programs related to the company service
- • Preventing inappropriate gameplay that can negatively affect other users of the company service
- • Providing customer support on the company service through customer inquiry collection and response
- • Provide forum service on the company website
- • Provide information on company events and surveys, provide opportunities to participate in company events and surveys, provide company advertisement and use for other company marketing and promotional purposes
- • Track usage pattern, user trend analysis, calculate company service use statistics
- C. Ban of personal information sale
- The company does not “sell” the information of customers that use the company’s service for monetary benefit or specific benefits for the company.
- D. Ban discrimination.
- While some features of the service provided by the company can be saved or no longer provided, the company does not discriminate users that exercise their rights in accordance with CCPA.
- E. California Consumer Protection Act
- • California residents have the right to receive explanations on the identification information of company or duty consignment company that has utilized their personal information for marketing purposes, and the category of utilized personal information.
- • After receiving information reveal request that fits the requirements, the company provides the following information.
- - Personal information items of the requester collected by the company over the last 12 months.
- - Category of sources from which the personal information was collected over the last 12 months.
- - Personal information items that the company shares with duty consignment company.
- - The company’s business/commercial purpose of collecting and sharing the select personal information
- - Specific user personal information that the company collected over the last 12 months.
- - If the user’s personal information was disclosed for business purposes, explanation on what categories of personal information were collected and used by the recipient through what means
- • If the user is a California resident, the user has the right to request deleting the personal information collected and owned by the user in accordance with a specific exception. After the company receives and confirms the user’s request, if it is not an exception in accordance with CCPA, the user’s personal information is deleted.
10. Lawful Processing of Personal Information under GDPR(General Data Protection Regulation)
Processing personal information by the Company shall be lawful only if and to the extent that at least one of the following applies. The company may transfer Personal information outside of EU in order to achieve the purpose stated in this policy.
Personal information can only be transferred to countries where appropriate safeguards in line with the privacy policy set by European Commission are in place. In case of transferring personal information to a country that does not implement an acceptable level of security, the Company shall supervise the security of personal information according to the GDPR.
The users or their legal representatives, as main agents of the information, may exercise the rights regarding the collection, use and sharing of personal information by the Company. Details can be found in ‘Article 7. Rights and Exercise of the Rights of the Members and their Legal Representatives‘, and for requests for rights, please send an email to privacy@xlgames.com.
Personal information can only be transferred to countries where appropriate safeguards in line with the privacy policy set by European Commission are in place. In case of transferring personal information to a country that does not implement an acceptable level of security, the Company shall supervise the security of personal information according to the GDPR.
The users or their legal representatives, as main agents of the information, may exercise the rights regarding the collection, use and sharing of personal information by the Company. Details can be found in ‘Article 7. Rights and Exercise of the Rights of the Members and their Legal Representatives‘, and for requests for rights, please send an email to privacy@xlgames.com.
- • A user has given consent to the processing of his or her personal information.
- • Processing is necessary for the performance of a contract to which a user is party or in order to take steps at the request of a user prior to entering into a contract:
- - Member management, identification, etc.
- - Performance of a contract in relation to providing the services required by users, payment and settlement of fees, etc.
- • Processing is necessary for compliance with a legal obligation to which the Company is subject
- - Compliance with relevant law, regulations, legal proceedings, requests by the government
- • Processing is necessary in order to protect the vital interests of users, or other natural persons
- - Detection of, prevention of, and response to fraud, abuse, security risks, and technical issues that may harm users or other natural persons
- • Processing is necessary for the performance of a task carried out in the public interest or in the excise of official authority vested in the Company
- • Processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child).
11. Technical / Administrative Protection Measures for Personal Information
The Company takes the following technical and administrative measures to ensure safety so that personal information is not lost, stolen, leaked, tampered with, or damaged in handling the user's personal information.
- A. Technical Measures
- • The user's account information is stored and managed in encrypted form.
- • The Company is doing its best to prevent personal information of the users from being leaked or compromised by hacking or computer viruses. To prevent personal information from being damaged, data is frequently backed up. The latest vaccine programs are used to prevent leakage or damage of user information or data. Personal information will be transmitted safely on the network through encrypted communication. To control unauthorized access from the outside source, the Company uses intrusion prevention systems and tries to have all possible technical devices to ensure system security.
- B. Administrative Measures
- • Only the person in charge in the Company is permitted to handle personal information related to the Company and for this, account credentials are separately granted and updated regularly. Furthermore, the Company always emphasizes compliance with the Company's Privacy Policy by regular training for the person in charge.
- • The Company's Privacy Policy is maintained and implemented thoroughly by the Personal Information
- • Protection Organization in the Company and in case any issue occurs, the Company will do best to correct it immediately.
- • Regular in-house training or external outsourcing training is provided for the employees who handle personal information regarding the acquisition of new security technologies and the obligation to protect personal information.
- • The handover of personal information-related handlers is carried out thoroughly while security is maintained, and the responsibility for personal information accidents after joining and resigning from the Company is clarified.
- • The Company does not take any responsibility for the leakage of personal information caused by personal error of the user or the inherent risk of the Internet. The users must properly manage their account and password and take responsibility for protecting their personal information.
12. Staff Responsible for Managing Personal Information
The Company operates a personal information management department to collect customer feedback and handle customer complaints regarding personal information and the staff of the Company responsible for managing personal information is as follows:
- • Customer Support Department
- - E-MAIL: account@xlgames.com
- FAX: 070-7614-3183 - • Person in charge
- - Name: Kim Yong Kon
- Company/Title: XLGAMES/Chief Operating Officer
- E-MAIL: privacy@xlgames.com
13. Link Sites, Webpages
The Company may provide external links of other companies' websites or materials. In this case, as the Company has no control over external websites and materials, the Company shall not be liable for usefulness, integrity or legality of the services or data and cannot guarantee them. In case the user gets redirected to another website or webpage by clicking a link, the privacy policy of the website or webpage is irrelevant to the Company, thus, the user needs to check the policy of the newly visited website or webpage.
Announcement Date: 17th of March, 2023
Effective Date: 24th of March, 2023
Effective Date: 24th of March, 2023