Privacy Policy 

1. What type of information does Pearl Abyss collect?  

2. Why does Pearl Abyss collect information?  

3. Who does Pearl Abyss share your information with?  

4. How long does Pearl Abyss retain the information, and how is it deleted?  

5. How does Pearl Abyss transfer information overseas?  

6. How is your information protected?  

7. What information is automatically collected (e.g. cookies)?  

8. What rights and choices do I and my legal guardian have pertaining to my personal information?  

9. Is there an age restriction for the use of Pearl Abyss’ services?  

10. How do you contact Pearl Abyss?  

Pearl Abyss and its affiliated companies (hereinafter referred to as “Pearl Abyss” or the “Company”) provides PC, mobile, console, official website, and other game related services (“Services”). Pearl Abyss stores, processes, and shares personal information in certain circumstances in order to provide you with these services. However, the security of your personal information is a priority to us, and ample measures will be taken to protect it.    

This Privacy Policy provides information on how your personal data is used for which purpose, and which measures the Company is taking to protect your personal data.   

The Company’s Privacy Policy is subject to change in accordance with the modifications made to the government’s relevant law or guideline, or to the regulation of the company. When a revision is made, it is disclosed on the official website. Therefore, users are recommended to look to the official website for any changes made to the policy.   

This Privacy Policy applies to all services provided by the Company.  

1. What type of information does Pearl Abyss collect?  

The Company collects the following personal information when you sign up on our official website, use provided services, edit personal information, or submit inquiries via phone call, fax, or through customer support, as well as when partners provide and collect your information using a data collection tool.  

1) Information provided by you  

① The following information is collected when creating an account: 

- Facebook: User identification information  

- Google: User identification information  

- Apple: User identification information 

- Line: User identification information  

* Signing in or syncing to an official account with a Facebook, Google, Apple, or Line account will only collect information on the user identification code provided by each social networking service. 

② The following additional services collect respective personal information:

※ Additional information may be gathered from users using certain services on the website and participants of certain events or promotions.  

※ When in need of additional data, we will ask for your consent after notifying you on the type of data to be collected, the purpose, and the storage period.  

※ Information on payment and withdrawal is stored and processed via the payment service provided from the open market and adheres to the service policy of each company. The Company does not collect nor provide information on payment.   

2) Data created while using our Services 

- Use of games and services, chat records, usernames, unauthorized gameplay records, ban records, login history, login date, IP address, payment history, game version  

- Device information (model, operating system version), advertising ID, store information, cookies 

2. Why does Pearl Abyss collect information?  

The Company collects information for the following reasons. 

1) We process the necessary data to provide services.  

The Company collects information to provide services to you on your contractual relationship with us.  

- To allow you to make an account and allow us to provide you services;  

- To access our services;  

- To provide products and services requested by you;  

- To provide information about the products and services you request;  

- To settle payments for purchases and paid services;  

- To abide by relevant legislation  

2) The Company collects information to provide appropriate services.  

The Company collects the following information out of legitimate interest as the information is used:  

- To improve and develop the services provided by the Company;  

- To improve and develop optimization of services and overall game experience;  

- To update and develop player profiles;  

- To set and manage registered accounts;  

- To provide software updates;  

- To maintain settings and provide content;  

- To reply and provide support to submitted opinions or inquiries;  

- To provide notices on changes made to Terms of Service, service errors, customer service, updates, security warnings, support, etc.;  

- To create events and promotion programs for customers;  

- To send event and promotion gifts  

3) The Company processes relevant data to provide safe and fair services.  

The Company has legitimate interest in collecting and processing the data necessary to accomplish the following purposes in order to keep your services safe and fair (Please see our Terms of Services for legal usage policies):  

- To prevent abusive and unauthorized use of malicious users;  

- To provide services to protect personal information;  

- To allow for a quality game experience across multiple devices;  

- To allow for appropriate automatic or manual chatting;  

- To find bugs, errors, and provide solutions;  

- To comply with relevant laws and to investigate and deter disputes, fraud, and other illegal activities.    

4) The Company processes necessary data to create targeted advertisements.  

The Company has legitimate interest in collecting and processing the data necessary to establish targeted advertisements on our services, other websites, and emails. However, commercial advertisements (direct marketing information) will only be sent to users who have agreed to receiving commercial advertisements (receiving marketing information).  

- To track content accessed by users in relation to services and online behaviors;  

- To customize advertisements and offer targeted marketing and promotions;  

- To recommend or suggest information on services users may find interesting  

5) For all the aforementioned cases and purposes, the Company may analyze and classify the entirety of the collected data.  

The Company may have legitimate interest when collecting and processing data necessary to meet contracts, provide and retain appropriate services, and set up targeted advertisements. However, any personal data users have not agreed to provide will not be used.  

3. Who does Pearl Abyss share your information with?  

The Company does not share identifiable personal information with a third party without the consent of the relevant user. When requesting consent from a user, the Company will provide information on the subject receiving the data, the purpose, and the type of data shared. However, the company shares information with third parties if it is required by law, or is deemed necessary to enforce our rights, property, or operations or to protect users or third parties or if we engage partners and service providers in order to provide our services to you by the due process of law.    

1) Other players and users  

- If you post on the forums, it will be displayed for the public to see.  

- Public chat via our services will be displayed for other players. 

- In the event you violate the Terms of Service or Operating Policies, or win an event, parts of your in-game Family name, character name, and guild name may be displayed on the website or forums for the public to see.  

2) In the event the user consented in advance  

- Before collecting or providing information, the user shall be notified of to whom the information will be provided, which information will be provided, and the reason for providing the information. The Company will go through the procedure to obtain consent, but if the user does not agree, it will not be provided to a third party.  

3) Partners and service providers  

- The Company may provide user information to its vendors, consultants, marketing partners, research firms and other service providers or business partners. The information will be provided according to the clauses of this Privacy Policy.     

Our consigned companies for processing personal information and their consigned duties are as follows: 

4) Public authorities and investigative bodies  

- The Company may share your information with third parties and public authorities to comply with the law and to curb fraud and illegal behavior.  

- The Company may share your information with third parties and public authorities by the due process of law to protect the safety and property of the Company, employees of the Company, and you.  

- The Company may provide user data upon request from an investigative body according to the appropriate procedure and process specified in the regulation or statute law.    

5) Advertising companies and social media  

- The company shares your information with advertising companies and social media (Facebook, Google, Twitter). Relevant third parties will have access to your information in accordance with the Privacy Policy to use tools that interact with social media, in-game advertising, and other operations of third-party companies. For more details on how these third-party companies handle your information, please refer to the relevant third-party company’s Privacy Policy.  

- Facebook: https://www.facebook.com/about/privacy  

- Google: https://policies.google.com/privacy  

- Twitter: https://twitter.com/en/privacy  

6) Delivery companies  

- The company may share your address and contact information you provided to delivery companies only with the purpose of shipping prizes. 

7) Payment service companies 

- If deemed necessary for settlement of charges based on service provision, the user’s data may be provided to the payment service company.  

4. How long does Pearl Abyss retain the information and how is it deleted?  

The Company maintains and uses the collected information for the duration of users’ membership with their given consent. In principle, once the purpose of gathering and using provided personal information is fulfilled (ex. on request of membership withdrawal, closing of a participatory event), the relevant information will be eliminated immediately. (However, to prevent undesired membership withdrawal due to any identity theft and account takeover fraud, the user’s personal information will be stored for 7 days after requesting account deletion.)    

However, the following information will be retained for the specified period of time under respective reasons in accordance with the relevant act on data in the Republic of Korea. They will not be used for any other purposes.  

1) Reasons for retaining information under relevant laws  

① Protection of Communications Secrets Act  

- Log-in records: 3 months  

② Act on the Consumer Protection in Electronic Commerce, etc.  

- Records of labeling and advertisement: 6 months  

- Records of contracts or withdrawal of membership: 5 years  

- Records on payment and supply of goods, etc.: 5 years  

- Records on consumer complaint and conflict settlement: 3 years  

③ Framework Act on National Taxes, Corporate Tax Act  

- Account book and evidential document for all transactions stipulated in the tax law: 5 years  

2) Reasons for retaining personal information under the Company's internal guidelines  

The Company may retain personal information collected through events or promotions for a maximum of 1 year. The duration may differ depending on each event or promotion, and the period of collecting and utilizing data guided in each event or promotion will be employed first.  

In principle, the Company instantly eliminates users’ personal information once the purpose of collecting and utilizing relevant information is fulfilled or the duration for preserving and utilizing relevant data is expired. The procedure and operation of deleting personal information are as follows:  

① Deletion Procedure  

Users’ personal information will be instantly erased once the purpose of collecting and utilizing relevant information is fulfilled (7 days after the grace period for membership withdrawal). However, it is held for a certain period, for the purpose of information protection as stipulated by the law (refer to “4. How long does Pearl Abyss retain the information?”).  

② Deletion Method  

Personal information printed out on paper (printed material, papers, etc.) is shredded or incinerated, and information saved in the form of an electronic format is permanently deleted in such a way that it cannot be recovered.  

5. How does Pearl Abyss transfer information overseas?  

Your information may be sent overseas as the Company provides services worldwide. Each country may have different laws pertaining to information protection. In particular, if you are residing in a European country, laws on the protected range of information in other countries outside of the EEA (European Economic Area) may be different to that of your own country of residence. The Company will comply with the relevant laws to protect your information. Please refer to “6. How is the information protected?” for details on how your information will be protected. 

The Republic of Korea and the EU have adopted the Personal Information Protection Adequacy Decision for the transfer of personal information to the Republic of Korea in accordance with the GDPR.  

- The Personal Information Protection Act in the Republic of Korea guarantees equal protection of personal information as the GDPR of the EU.  

- Personal information can be safely transferred from the EU to the Republic of Korea without the need for additional authentication according to the Adequacy Decision.  

You can always reach Support, personnel, or department in charge of privacy protection (privacy@pearlabyss.com) and request discontinuance of an overseas transfer of your personal data. However, if some information is not provided to an overseas partner per your request, you may experience some limitations when using our official website or game services.  

When transferring your information to partners and service providers listed under “3. Who does Pearl Abyss share your information with?”, the Company transfers information in compliance with the European Commission’s Standard Contractual Clauses. Your information will be transferred with adequate protection. For more information, please feel free to contact Support on our official website or the personnel or department in charge of privacy protection (privacy@pearlabyss.com).  

6. How is the information protected?  

The Company uses the following technology, management, and physical measures to prevent data loss, theft, breach, alteration, and destruction. However, the company is not liable if the data is leaked due to your negligence such as poor password management or mishaps outside of the Company’s control.    

1) Technology  

- The Company encrypts the information specified within, as well as additional relevant laws and regulations, when it gets stored.  

- Files and data transfers containing important information (including your personal information) are protected by encryptions, file locks, or other such protection methods.  

- The Company has backup systems to prevent your information from getting leaked or destroyed. The company utilizes anti-virus programs, firewalls, and other various security devices to protect your information.  

- The Company is taking the necessary security measures for its systematically organized database system to process personal information.    

2) Management  

- The Company keeps access rights to your information to a minimum. The minimum number of personnel given access to your information are the following:  

① Personnel that are directly involved with marketing, events, customer support, and delivery (including personnel in partner companies and service providers);  

② Personnel that are in charge of personal information including our Data Protection Officer;  

③ Parties handling personal information for inevitable business purposes.  

- The Company carries out a training program about personal information protection on a regular basis for personnel and consigned companies handling personal data.  

- The company-established Privacy Policy with the department in charge of personal information protection. Additionally, the Company aims to enforce internal regulations and rectify issues as soon as they are discovered.  

3) Physical Security  

- The company has a separate location where personal information is physically stored. Entry to and operation of this location is strictly monitored with an established entry protocol.  

- Documents with personal information and other forms of information storage are installed by locking devices in safe locations.  

7. What information is automatically collected (e.g. cookies)?  

The Company uses "cookies.” Cookies are small text files sent by the company’s official website that are stored in your hard drive. The following information pertains to the use of cookies, etc.  

1) Purposes for using cookies  

Analysis of subscribers and non-subscribers accessing our official website and duration, to understand and track user preferences and interests, provide other personalized services by tracking the number of times the website has been accessed, as well as other information.     

The Company and third-party analysis service providers use tracking technologies such as cookies, beacons, tags, or scripts. These technologies are generally used by the company to collect statistics about the websites to analyze tendencies, manage the website, and to understand how our website is used. The Company may receive collected data as a whole from analysis service providers that use these technologies.  

2) How to block cookies from getting saved  

You have the right to block cookies from getting saved on your hard drive. This can be done by going to your web browser’s option settings to allow all cookies, ask for permission each time cookies get saved, or to block all cookies from getting saved. However, if the user refuses to have cookies saved, some services may be no longer available.  

- Internet Explorer: Go to [Tools] at the top of the browser → [Internet Options] → [Personal Information] → [Advanced]  

- Chrome: Go to [⋮] at the top-right of the browser → [Settings] → [Privacy and security] → [Cookie and other site data] to change your settings.  

※ Other web browsers adhere to their respective settings.  

① How to withdraw consent for receiving targeted advertising:  

- Online advertisers providing targeted advertisement: Google, Facebook, Twitter  

- Behavioral data collection method: Automatically collected when the user visits the official website or opens the application.  

※ Online Behavioral Advertisement: A marketing strategy that provides customized services for users by analyzing their online behaviors and access records, etc.  

- Android: Go to Settings – Privacy – Customization Service – Stop customizing all devices - Stop all customization  

- iOS: Go to Settings – Privacy – Apple Advertising then turn off Personalized Ads 

8. What rights and choices do I and my legal guardian have pertaining to my personal information?  

You may always inquire about your registered personal information, and if you do not want the Company to process your personal information, you may withdraw consent, restrict processing of your personal information, or request membership withdrawal. Yet, once your personal information is eliminated for membership withdrawal, related information the user has created or stored while using the Company’s services may be eliminated as well.   

The user or the legal guardian can withdraw consent to providing personal information (membership withdrawal) anytime. You can cancel agreement to providing personal information by tapping “Delete Account” from the “Settings” menu on the game app to request membership withdrawal. Your personal information will be discarded after 7 days of membership withdrawal. Also, you can view or edit your personal information or information of one who falls under the legal definition of a child in the following regions: United States/Canada (under 13), European countries (under 13 to 16), and Brazil (under 18). You can view or edit your personal information on “My Page” after logging into the website, and request membership withdrawal through My Page > Delete Account. 

You can also contact Support or the personnel or department in charge of privacy protection (privacy@pearlabyss.com) to view or edit your personal information or withdraw membership.  

If the Company has legitimate reason to deny your request to view or edit your registered personal information, we will contact you immediately to address said reason. 

Once the user has requested the correction of an error in his or her personal information, the relevant information will not be used or provided until the rectification is made. Likewise, if any wrong personal information was already provided to a third party, corrected data will be delivered to the third party instantly for further correction.  

The Company processes personal information withdrawn or deleted under the request of the user following “4. How long does Pearl Abyss retain the information?” and limits the information from being used or searched for other purposes.  

1) Privacy rights of users residing in the European Economic Area (EEA)  

Users accessing the Services from the European Economic Area have the following additional rights relating to personal information, but their effectiveness and procedures may be determined in accordance with the laws and regulations of individual countries.  

① The right to request the Company to send personal information to another company  

② The right to contact the supervisory authority  

2) Privacy rights of users residing in California  

Under the California Consumer Privacy Act (CCPA), you have the right to request the following information from the Company if you are a resident of California.  

① A description of the categories of personal information disclosed to any third party to whom the company may have disclosed your personal information for that third party's direct marketing purposes within 12 months 

② Information that identifies any such third party(ies)  

The Company does not purposely share or sell your personal information to unaffiliated third parties for direct marketing purposes without your consent.  

9. Is there an age restriction for the use of service?  

The Company intentionally does not collect or request personal information from users regarded as minors in respective countries (ex. 13 or under in the US/Canada, 13-16 or under in Europe, and 18 or under in Brazil). However, users between the ages of 13 to 18 that are residents of England, the British Indian Ocean Territory, and the British Virgin Islands must receive consent from their legal representative to utilize the company’s game services. 

Underage users cannot send their personal information to the Company, and if their personal information is found collected, we will immediately delete relevant data.  

If you are an underage user, please do not send any of your personal information to the Company including your name, address, contact number, or email address. If you believe the Company is keeping data collected from such a user, please contact us immediately.  

10. How do you contact Pearl Abyss?  

If you have any questions about personal information protection or have issues related to personal information, please send an inquiry through Customer Support on our official website. The Company will answer your inquiries as soon as possible. Also, you may report any of your concerns regarding personal data while using our services to the personnel or department in charge of personal data protection. The Company will do its best to thoroughly address and answer all complaints as quickly as possible. Please contact the following officer or department if you need to report or receive consultation about personal information. 

1) Company and agency in charge of personal information protection in Europe 

If you are residing in Europe, you may ask questions regarding your personal information through the following contact information. 

Company in charge of personal information protection: Pearl Abyss Corp.  

Address: 48 Gwacheon-daero 2-gil, Gwacheon-si, Gyeonggi-do, 13824, Rep. of Korea  

Email: dpo@pearlabyss.com  

Company and agency in charge of personal information protection in Europe 

VeraSafe has been appointed as PEARL ABYSS H.K. LIMITED's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to dpo@pearlabyss.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative representative or via telephone at: +420 228 881 031

Addendum  

This Privacy Policy shall be effective as of Nov 15, 2022.