SNOWBALLS Privacy Policy
Guidance on Collection and
Usage of Personal Information
SNOWBALLS
abides by the privacy protection rules set on Protection of Communications
Secrets Act, Telecommunications Business Act, Act on Promotion of Information
and Communications Network Utilization and Information Protection and other
Acts for telecommunication service providers and ensures its best effort to
protect the user rights by setting this Privacy Policy based on regarding Acts.
This
Privacy Policy contains contents as below.
1. Collection of Personal Information
2.
Procession of Unique Identification Information
3.
Storage and Usage Term of Personal Information
4.
Deletion Procedure and Means of Personal Information
5.
Provision and Sharing of Personal Information
6.
Rights of User Legal Representative and How to Exercise It
7.
Technical / Managerial Protection Measures of Personal Information
8.
Installation/Operation and Refusal of Automated Personal Information Collection
Device
9. Personal Information Petition Service
10. Duty of Prior Notice
1.
Collection of Personal Information
1) Mobile Service
1 Identification of the user and multiple entry
prevention for mobile service usage
-
(Mandatory) ID, nickname, password, cell phone number, email address
2)
Customer Support
1 User
identification and reference check
-
(Mandatory) Email address
-
(Optional) ID, name, nickname, cell phone number, information of the device
with transaction, ID certificate, Google account, gender, address, phone number,
mobile service provider information
3)
Event and Marketing Service
1 Promotion of a new service or event
information
-
(Optional) Cell phone number, email address
2 Delivery of goods, invoice or prize
-
(Mandatory) Name, cell phone number, address
3 Public utility tax charge on an event prize
-
(Mandatory) (Korean citizen) ID Card or its copy with the registration number
visible, driver’s license or its copy, name, address
4 Prevention of multiple event entries and
provision of event services
-
(Optional) AAID / ADID / IDFA (advertisement identifier)
4)
Automated Collected/Created Personal Information upon Service Usage
- Device
information, mobile service provider information, IP, connection log, service
usage log, erratic behavior log, download log, transaction log
2. Procession of Unique
Identification Information
1)
Unique Identification Information refers to the information type designated by
Presidential Decree in Personal Information Protection Act of Republic of Korea
and includes registration number, passport number and foreign registration
number.
2)
The company collects and processes the Unique Identification Information for
the below purpose.
1 Public
utility tax charge on an event prize
3. Storage and Usage Term of
Personal Information
1)
The company by principle deletes any personal information without delay after
the personal information collection and usage purpose is met. However, certain
information shall be stored for the “Storage Term” set by each “Storage Cause”
below.
1 Information
collected for a mobile service provision
- Storage
Cause and Term: In order to settle any customer discomfort or dispute upon a
secession from membership of game, stored for 30 days
2 Information
collected for event and marketing service
- Storage
Cause and Term: In order to inform about marketing promotion, stored for 1 year
(The transmission log can be stored for another 6 months from the transmission
day.)
- Storage
Cause and Term: In order to inform about instructions on events and select
prize winners, stored for up to 1 year (The term is subject to changes for each
event, the term stated on the individual event page takes priority.)
2)
In requirements of a storage according to regarding Acts such as Act on the
Consumer Protection in Electronic Commerce of Republic of Korea, the company
shall store the user personal information for the term set by the Acts. The
company shall use the information on the sole purpose of storage itself in such
cases.
1 Act
on the Consumer Protection in Electronic Commerce of Republic of Korea
- Records
of agreements or refunds, 5 years
- Records
of payments or currency supplies, 5 years
- Records
of customer discomfort or dispute processes, 3 years
2 Protection
of Communications Secrets Act
- Records
of logins, 3 months
4. Deletion Procedure and Means
of Personal Information
The
company by principle deletes any personal information without delay after the
personal information collection and usage purpose is met.
Below
are the procedure and means of such deletion.
1)
Deletion Procedure
The
company deletes the personal information, after 30 days of storage in order to
settle any customer discomfort or dispute, by an
non-restorable means upon the user inactivity for a certain duration or the
user request of a secession.
2)
Deletion Means
1 Any
personal information stored as an electronic file format shall be deleted by a
non-restorable technical means.
2 Any
personal information printed on paper will be deleted by a grinder.
5. Provision and Sharing of Personal
Information
1)
The company by principle does not provide any third party with user personal
information, except for cases stated below.
1 Case
where the user agreed on such provision in advance
2 Case
where an investigating agency inquires such information based on relevant Acts
such as Telecommunications Framework Act or Telecommunications Business Act or
in accordance with procedures set by relevant Acts in purpose of an
investigation.
3 Case
where certain services such as prize delivery shall be entrusted to an agency
6. Rights of User Legal
Representative and How to Exercise It
The user or its legal representative can
inquire, edit the personal information of the user itself or the child below 14
years old or can demand a secession.
The user or its legal representative can go to
‘Settings’ screen to inquire, edit or demand for a secession.
In cases where the user submits a request of a
correction of any personal information error, the company does not make usage
of or provide any third party with the personal information until it is
corrected accordingly. Also, in cases of any incorrect personal information is
provided to a third party member, the company shall
inform such third party of the correction status and procedure to reflect the
correction.
The company disposes of unsubscribed or
deleted personal information due to a request from the user or its legal
representative according to “3. Storage and Usage Term
of Personal Information” and ensures it shall not be inquired or used for
any other purpose.
7. Technical / Managerial
Protection Measures of Personal Information
The company devises technical /managerial
measures as below in order to prevent any loss, theft, leakage, forgery or impairment
of the user personal information.
<Technical
Measures>
1 The
company stores user email addresses, cell phone numbers plus other personal
information such as passwords and UIDs after additional encryption processes.
Any inquiry or edit of personal information is only accessible upon the user request.
2 The
company secures the transmission of any personal information based on encrypted
communication means.
3 The
company does its best to prevent any leakage or impairment of the user personal
information by any hacking or computer virus.
4 The
company regularly makes backup copies of the user personal information to
prevent any case of mass loss and takes measures to prevent any computer virus
damage through vaccine software.
5 The
company puts a continuing effort to reinforce the overall security through
system access management, authorization management and weakness maintenances.
<Managerial
Measures>
1 The
company keeps only the minimum amount of personnel for any access to the user
personal information. The personnel with any access to the user information is
set as below.
- Who
executes marketing, event, support, game operation or prize delivery directly
towards the user
- Who
executes personal information management jobs, such as the personal information
manager
- Who
must handle the personal information for a job purpose
2 The
company performs regular educational sessions for the personnel who handle the
user personal information and any third party member
who handles such information on duties of protecting the user personal
information.
3 The
company ensures a prompt resolve upon any case of any detected internal breach
of this Privacy Policy.
4 The
company does not take responsibility of any damage from outside the range of
the company coverage or from the user negligence despite the full effort from
the company as the personal information handler.
8.
Installation/Operation and Refusal of Automated Personal Information Collection
Device
1) The company automatically collects the user
phone number, device UID, email address and ADID / IDFA (advertisement
identifier) upon the first entry of a user to provide customized mobile
service, check multiple entries, provide customer support and advertisement
service.
2) The user can refuse to such automatic
collection of phone number, device UID, email address and ADID / IDFA
(advertisement identifier). A refusal might lead to restrictions on certain
services.
9.
Personal Information Petition Service
1) The company has designated personal
information officer as below to protect the user personal information and
process with any petition regarding the personal information usage.
- Name : Song Min Kyu
- Phone : +8202-540-1601
- Email :
support@snowballs.co.kr
2) Any report or inquiry about personal
information breach can be submitted to the agencies below.
[Korea Internet & Security Agency] +82118
URL - http://privacy.kisa.or.kr
[Supreme Prosecutors Office Internet Crime
Investigation Center] +8202-3480-2000 |
URL – http://www.spo.go.kr
[Korean National Police Agency Cyber Bureau] +82182
URL – http://cyberbureau.police.go.kr
[Korean Personal Information Dispute Mediation
Committee] +8202-2100-2499
URL - http://www.kopico.go.kr
10.
Duty of Prior Notice
The company, upon any case of change of this
Privacy Policy, shall inform the cause of change and effective date with the
body of Privacy Policy onto the service screen 7 days prior to the effective
date.