Privacy Policy
In an aim to protect the freedom and rights of data subjects, CALIVERSE (hereinafter "the Company") processes and manages personal information in a lawful and secure manner in compliance with Personal Information Protection Act and related laws and regulations. The following Privacy Policy provisions established and disclosed by the Company pursuant to Article 30 of the Personal Information Protection Act informs data subjects of the procedures and basis of processing personal information and promotes an efficient and effective processing of related complaints.
Article 1. Purpose of Processing, Collecting items, and Retention and Usage period of Personal Information
① The company shall collect personal information in the minimum necessary scope to provide its services in accordance with Personal information protection act.
(1) Personal information items to be processed without agreement of data subject
The company processes the following personal information items without agreement of data subjects.
Article 15. 1. 4 of
Personal Information Protection Act
(Fulfillment of agreement)
Membership registration and management
Checking the intention of joining membership,
Identification and authenticating due to providing membership service,
Retention and management of membership,
Various notifications for preventing unauthorized use of services
6 months from membership withdrawal
Article 15. 1. 4 of
Personal Information Protection Act
(Fulfillment of agreement)
Delivery of goods
Delivery of goods,
Processing returned goods
Name, phone number, and address
Until delivery and supply of goods are completed
Article 15. 1. 2 of
Personal Information Protection Act
(Regulated by law)
Article 6 of
Act of the consumer protection in electronic commerce. etc.
(Preservation, etc. of transaction records)
Provision of goods or services
Processing of orders and payment
E-mail, Country, Access IP, Identification data, and Payment data
5 years
Article 15. 1. 2 of
Personal Information Protection Act
(Regulated by law)
Article 6 of
Act of the consumer protection in electronic commerce. etc.
(Preservation, etc. of transaction records)
customer counseling
Consultation, handling grievances, responding to member inquiries, and preventing unauthorized use of services
Nickname, E-mail, Purchase record, Chat contents (optional), and Records on consumer complaints or dispute resolution
3 years
Article 15. 1. 2 of
Personal Information Protection Act
(Regulated by law)
Article 15. 2 of
Protection of communications secrets act
(Obligation to commerce business)
Management of service usage
Retention of communication facts checking data
Registry, OS data, Cookie, and Social media account
6 months
(2) Personal information items to be processed with agreement of data subject
The company processes the following personal information items with agreement of data subjects in accordance with Articles 15. 1. 1 and 22. 1. 7 of Personal information protection act.
Participation of events and entry for prize
E-mail, phone number, and address
Immediately destroy on closing of the event
Personal information process for promoting service and recommended sales
E-mail and Cookie
Until membership withdrawal or Opt-out
② Notwithstanding the provisions of Article 1, the personal information may be processed until the end of an ongoing investigation of violation of applicable law, the settlement of claim and obligation based on the usage of homepage, or when required by other applicable laws.
Article 2. Destruction of Personal Information
① The Company will immediately destroy the personal information that is no longer needed, such as when the retention period has expired or the purpose of collecting the personal information is achieved.
② If the retention period as the data subject agreed has expired or the purpose of processing has been achieved but the personal information should be retained in accordance with other laws and regulations, The Company transfers such personal information to a separate database (DB) or a different storage location.
③ The procedures and methods for destroying personal information are as follows:
(1) Destruction procedure
The Company selects the personal information for which the cause for destruction has occurred and destroys the personal information with the approval of the personal information protection manager of The Company.
(2) Destruction method
The Company destroys information in the form of electronic files so that restoration is not possible, and destroys personal information recorded and saved in paper documents by shredding or incinerating them.
Article 3. Consignment of Personal Information Processing
① For smooth service provision, the Company consigns the following processing of personal information:
AWS, Inc.
Operation of storage where personal information is stored
NHN Cloud Corp.
Bulk email sending
Send text message
Onionfive Inc.
Provision of customer counseling software
Sending emails of customer counseling results
Xsolla
Proxy for processing order and payment
1. If you refuse to receive bulk emails in the process or do not utilize customer inquiry, personal information will not be entrusted to each subcontractor according to the consigned tasks.
2. When the Company enters into an consignment contract related to processing of personal information, it specifies matters related to the prohibition of personal information processing beyond the purpose of consignment according to Article 26 of the Personal Information Protection Act, technical and administrative protective measures, restrictions on re-consignment, management and supervision of subcontractors, liability for damages, etc., in documents such as contracts, and monitors whether consignees are handling personal information securely.
3. If the content of the consigned tasks or the consignee changes, the Company will promptly inform the members of the changed content through this Privacy Policy.
② The Company consign the processing of personal information overseas to provide stable global services, and you can refuse the transfer of personal information overseas through the personal information protection manager or the customer center.
Article 28. 8. 1. 1. of
Personal Information Protection Act
(Agreement of data subject)
Name, UID, email address, profile photo, phone number (optional)
- Country: United States
- Recipient: AWS (Oregon region, aws-korea-privacy@amazon.com)
- Mandatory information: Transmitted via network at the time of member registration
- Optional information: Transmitted via network during phone verification
- Purpose of use: Storage of member information for service usage
- Retention/use period: Upon membership withdrawal or termination of outsourcing contract
- Method for refusal: Transfer can be stopped by withdrawing membership.
- Membership withdrawal for refusal: Website login > Account information window > [More options] button > Click on Account Withdrawal
- Effects: Service usage will be unavailable.
Article 28. 8. 1. 1. of
Personal Information Protection Act
(Agreement of data subject)
E-mail, Country, Access IP, Identification data, and Payment data
- Country_ United States
- Recipient: Xsolla, Inc. (gdpr@xsolla.com)
Transfer by network on payment
- Purpose of use: Proxy for order and payment
- Retention and usage period:
Until settlement of payment
- Method: Transfer can be denied by stopping payment.
- Procedure: Payment suspension
- Effects: Contents will be unavailable for use.
③ Even if you withdraw membership according to the provisions of paragraphs ① and ② of this Article, the Company may retain personal information for a certain period if it falls under the items listed in paragraph ② of Article 1 of this policy.
Article 4. Rights and Obligations of Data Subjects & Methods of Exercising Such Rights
① Data subjects may exercise the rights to demand access to, correction and deletion of, and suspension of processing of their personal information at any time against The Company.
② The exercise of the rights under Article 6. 1 shall be made in writing, by email or fax, or other means to The Company in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and The Company shall take necessary measures without delay.
③ The exercise of the rights under Article 6. 1 may also be made by the data subject’s legal representative or agent who has been delegated. In this case, a power of attorney in accordance with the form of Appendix 11 to the "Guidelines for the Processing of Personal Information" (No. 2023-12) must be submitted.
④ The right to demand access to and suspension of processing of personal information may be restricted under Article 35(4) and Article 37(2) of the Personal Information Protection Act.
⑤ The right to demand correction and deletion of personal information cannot be exercised if the personal information is specified to be collected by relevant laws and regulations.
⑥ The Company shall verify whether the person who demands access to, correction and deletion of, and suspension of processing of personal information under a data subject’s rights is the data subject or a his/her authorized representative.
Article 5. Measures for Ensuring the Protection of Personal Information
The Company takes the following measures to ensure the protection of personal information:
(1) administrative measures: establishment and implementation of internal management plans, operation of dedicated organizations, and regular employee training;
(2) Technical measures: management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation and update of security programs; and
(3) Physical measures: access control to computer rooms, data storage rooms, etc.
Article 6. Installation, Operation, and Refusal of Devices That Automatically Collect Personal Information
① The Company uses "cookies" that help store and retrieve member’s visit information in order to provide personalized services to its members.
② A cookie is a small amount of information sent from a server (http) that operates a website to a member's browser and may be stored on a member's hard disk in the PC.
(1) Purpose of using cookies: To provide members with optimized information by understanding the services that members visited, the patterns of using and visiting websites, popular search terms, and secure login status, client installation, etc.
(2) Installation, operation, and refusal of cookies: Members can refuse to store cookies through the option settings in the tool> internet options> privacy menu located at the top of their web browser.
(3) If a member refuses to store cookies, there may be difficulties in using the service of The Company.
Article 7. Link to the Websites of Other Companies
The Company may provide members with a link to external websites. The Company does not control such linked external websites and thus does not guarantee nor can be held responsible for the completeness and usefulness of services or information provided by the external websites. Please see the privacy policy offered by the external websites.
Article 8. Personal Information Protection Manager
① The Company has designated the following Personal Information Protection Manager who takes responsibility for the overall management of personal information and handles complaints and remedies related to the processing of personal information:
(1) Personal Information Protection Manager
- Name: Hong Ji-hoon
- Position: Head of Business Development Office
- Tel: +82 2 514 5007
- Fax: +82 2 514 5006
(The above numbers lead to the team in charge of personal information protection.)
(2) Team in charge of personal information protection
- Team name: Live Support
- Tel: +82 2 514 5007
- Fax: +82 2 514 5006
② Data subjects can contact the Personal Information Protection Manager or relevant team for all inquiries, complaints, and remedies related to personal information protection that may arise while using CALIVERSE services. The Company will respond to and handle the inquiries made by data subjects without delay.
Article 9. Request for Access to Personal Information
Data subjects may request access to their personal information under Article 35 of the Personal Information Protection Act by contacting the following team. The Company will make every effort to process the request promptly.
▸ Team in charge of requests for access to personal information
- Team name: Live Support
- Tel: +82 2 514 5007
- Fax: +82 2 514 5006
- E-mail: privacy@caliverse.io
Article 10. Remedies for Infringement of Data Subject’s Rights and Interests
① Data subjects may seek dispute resolution or advice on personal information infringement from the Korea Internet & Security Agency's Personal Information Infringement Report Center, the Korea Communications Commission's Personal Information Dispute Mediation Committee, or other organizations. If you need to report or consult about other personal information infringements, please contact the following organizations:
(1) Personal Information Dispute Mediation Committee: (without an area code) 1833-6972 (www.kopico.go.kr);
(2) Personal Information Infringement Report Center: (without an area code) 118 (privacy.kisa.or.kr);
(3) Supreme Prosecutors' Office: (without an area code) 1301 (www.spo.go.kr); and
(4) National Police Agency: (without an area code) 182 (ecrm.cyber.go.kr).
② The Company acknowledges a data subject’s right to determine his/her own personal information and makes every effort to provide advice and remedies for personal information infringement. If you need to report or consult about personal information infringements, please contact the following team:
▸ For requesting advice and reporting related to personal information protection
- Team name: Live Support
- Tel: +82 2 514 5007
- Fax: +82 2 514 5006
- E-mail: privacy@caliverse.io
③ Any person whose rights or interests are violated by any disposition or inaction of the head of a public agency with regard to a request made under the provisions of Article 35, 36 or 37 of the Personal Information Protection Act may file a petition for an administrative hearing in accordance with the Administrative Appeals Act.
▸ Central Administrative Appeals Commission: (Without an area code) 110 (www.simpan.go.kr)
Article 11. Amendment and Notification of Privacy Policy
This Privacy Policy becomes effective on the date of implementation. The Privacy Policy may be amended in accordance with changes in relevant laws, regulations and guidelines, or internal operation policy. The Company will notify of any addition, deletion, and/or modification in this Privacy Policy through ‘Notice’ at least 7 days prior to the scheduled amendment. However, if an important modification is made to the rights of members, the notification will be posted at least 30 days prior to any such modification.
Addendum
This privacy policy shall be effective on July 29, 2024.
Last updated