Pearl Abyss Corp. and its affiliates or subsidiaries (hereinafter “Pearl Abyss” or “the Company”) provide related services (hereinafter “Services”) through games on PC, Console, Mobile, and other platforms, as well as through integrated websites. The Company collects, uses, retains, and processes Users’ personal information for the purposes of providing and operating the Services and is committed to ensuring such personal information is protected throughout this process.
Through this Privacy Policy, the Company intends to inform Users of the purposes and methods by which their personal information is used, as well as the measures the Company takes to protect such personal information.
1. What Personal Information Does Pearl Abyss Collect, for What Purposes, and How Long Is It Retained?
The Company collects the minimum amount of personal information necessary to provide its Services, including the provision and operation of game Services, integrated web services, and events/promotions, as described below. In addition, for the purposes of enhancing service quality and analyzing market trends, the Company may collect and analyze, within a limited scope, review data and other information publicly posted by Users through official APIs of external platforms such as Steam. The specific items of information collected may vary depending on how Users access and which platforms they use for the Services.
1.1 Categories of Personal Information Collected
[Information Collected for Service Provision]
• Information collected during the use of Services: platform identifier information, IP address, gameplay data, and device type of the access terminal.
[Information Collected for Service Improvement]
• Information necessary for resolving game errors (including dump files, error logs, in-game screenshots, and save data)
• Review metadata information (including Steam user identifiers, review content, and review URLs)
[Information Collected for Newsletter Subscriptions, Event Participation, etc.]
• Newsletter subscription management and distribution: email address, IP address, and (in certain regions) date of birth
• Event/promotion participation and administration: name, mobile phone number, address, date of birth, email address
• Prize delivery: name, address, mobile phone number, email address
1.2 Retention and Use Period for Personal Information
[Information Collected for Service Provision and Improvement]
• Personal information is retained and used for the duration of the User’s service agreement and is destroyed without delay upon termination of the agreement (e.g., cessation of Service use).
[Information Collected for Newsletter Subscriptions, Event Participation, etc.]
• Personal information is retained and used for the period necessary to fulfill the applicable purpose, such as newsletter distribution, event/promotion operation, and prize delivery. Once the User cancels their subscription, or the event/promotion concludes and the purpose has been fulfilled, the information is destroyed without delay.
1.3 Procedures and Methods for the Destruction of Personal Information
• Personal information printed on paper (printouts, written documents, etc.) is destroyed by shredding or incineration. Personal information stored in electronic file formats is permanently deleted using methods that render recovery impossible.
2. Does Pearl Abyss Share Personal Information with Third Parties?
The Company shares personal information with third parties through lawful procedures in the following circumstances: where the User has provided prior consent; where it is necessary for the provision of Services; or where it is required to comply with applicable laws and regulations.
2.1 Partners and Service Providers
The Company entrusts the processing of personal information to the following entities for the provision of Services:
|
|
Umfang der beauftragten Verarbeitung
|
|
|
Cloud service provision |
|
|
|
|
|
|
The personal information provided to entrusted entities is limited to the scope necessary for the performance of the entrusted tasks. Such information is destroyed without delay upon the fulfillment of the purpose of the entrusted processing or upon the termination of the entrustment agreement, in accordance with applicable laws and the terms of the entrustment agreement.
2.2 Compliance with Applicable Laws
• The Company may disclose User data to public authorities and investigative agencies through lawful procedures to comply with applicable laws or to protect the rights, property, or safety of the Company, its employees, or other related parties.
• The Company may provide User data in response to requests from investigative agencies made in accordance with the procedures and methods prescribed by applicable law, where such requests are based on applicable legal provisions or are made for investigative purposes.
3. What Measures Does Pearl Abyss Take When Transferring Personal Information Overseas?
The Company transfers (and stores) personal information overseas for the stable provision of Services. The information transferred varies depending on the Service used, as follows:
3.1 When Using the Newsletter Subscription Service
Categories of Personal Information Transferred
|
Email address, IP address |
Country of Transfer and Recipient
|
United States, Microsoft Azure (02-531-4500, Domestic Representative: Microsoft Korea)
|
|
|
Transmission over a network in the course of Service use
|
|
|
Provision of newsletter distribution services |
|
|
Until withdrawal of consent
|
3.2 When Playing Games
Categories of Personal Information Transferred
|
Platform identifier information, IP address |
Country of Transfer and Recipient
|
|
|
|
Transmission over a network in the course of Service use
|
|
|
Game copy protection |
|
|
Until the termination of the contract with Denuvo
|
Users may contact the Privacy Officer or the Personal Information Grievance Department at any time to request the cessation of cross-border transfers of personal information. However, please note that if the cross-border transfer of personal information is discontinued at the User’s request, there may be limitations on the use of the Company’s website and Services.
Where the Company transfers personal information overseas for the provision of Services, such transfers are conducted in accordance with applicable laws, including transfers to countries for which an adequacy decision has been issued under the GDPR, the application of certified cross-border privacy frameworks (CBPR, Cross Border Privacy Rule), or on the basis of the User’s consent. In addition, the Company operates an international standard personal information protection management system (ISO/IEC 27701), and ensures the safe processing of personal information through technical and organizational safeguards, including data processing agreements (DPAs) with entrusted entities, management and supervision thereof, as well as access controls and encryption of personal data.
4. How Does Pearl Abyss Protect Personal Information?
The Company has implemented and maintains the following technical, organizational, and physical measures to ensure the security of personal information and to prevent loss, theft, leakage, alteration, or damage to Users’ personal information. Notwithstanding the foregoing, in the event of an unforeseen incident, the Company will faithfully fulfill all necessary measures, including reporting to the relevant authorities and cooperating with investigations within the timeframes prescribed by applicable law.
4.1 Technical Measures
• The Company applies safeguards such as encryption, de-identification, and transmission encryption based on the sensitivity level of data in order to provide secure Services.
• The Company continuously monitors its systems to prevent the leakage or damage of Users’ personal information due to hacking, computer viruses, or similar threats. The Company also performs periodic backups of personal information as a contingency measure, and employs a range of security measures, including antivirus programs and firewalls.
• The Company applies the necessary security measures to the systematically configured database systems used for processing personal information.
4.2 Organizational Measures
• The Company restricts access rights to Users’ personal information to the minimum number of personnel necessary.
• The Company conducts regular training for its personal information handlers and entrusted entities regarding their obligations for the protection of personal information.
• The Company has a dedicated department responsible for personal information protection that establishes and manages this Privacy Policy. The Company also conducts regular reviews to verify compliance with internal regulations and makes prompt corrections when issues are identified.
4.3 Physical Measures
• The Company maintains a separate physical storage location for the personal information systems that store personal information and has established and operates access control procedures for such facilities.
• Documents and auxiliary storage media containing personal information are stored in a secure location equipped with locking mechanisms.
5. What Personal Information Is Collected Automatically?
5.1 Was sind Cookies und warum werden sie verwendet?
Cookies are temporary files containing information generated when a User accesses a website, which are stored on the User’s computer.
The Company uses cookies to record Users’ language preferences and authentication information, to store environment information for the provision of personalized services, and to configure an environment that allows Users to use the website more conveniently.
Cookies are also used for the purposes of analyzing website usage trends, website administration, and collecting aggregate statistical information regarding Users’ website usage patterns.
(a) How to Block Third-Party Cookies in Web Browsers
• Chrome: Click [⋮] in the upper-right corner of the browser → [Settings] → [Privacy and Security] → [Third-party cookies or Site settings]
• Microsoft Edge: Click […] at the top of the browser → [Settings] → [Privacy, Search, and Services] → [Cookies or Site Data]
• Firefox: Click [≡] at the top of the browser → [Settings] → [Privacy & Security] → [Cookies or Site Data]
※ Menu names may vary depending on the browser version in use. Please verify the exact names and paths by searching for “Cookies” within the browser settings.
(b) How to Block All Cookies in Web Browsers
• By opening a new Incognito window or InPrivate window in the respective browser, browsing history, cookies, site data, and information entered in forms will not be saved on the device.
5.2 What Is Web Log Analysis?The Company uses the Google Analytics web log analysis tool to analyze Users’ usage patterns and areas of interest on its website. The method for opting out of Google Analytics is as follows:
• Opt-out of Google Analytics:
https://tools.google.com/dlpage/gaoptout/
6. What Are Users’ Rights and Choices Regarding Personal Information?
Users have the right to access, rectify, delete, port, restrict the processing of, and withdraw consent for the processing of their personal information. The Company protects Users’ rights in this regard. Users may request the exercise of these rights through the Customer Support Center or the Personal Information Grievance Department. The Company may refuse a request to exercise personal information rights where there are specific provisions under applicable law permitting such refusal.
6.1 Rights of Residents of the European Economic Area (EEA)
Residents of the European Economic Area (EEA) may exercise their rights in accordance with the GDPR and other applicable laws, and have the right to lodge a complaint with the competent data protection supervisory authority regarding the processing of personal information. The Company processes requests for the exercise of User rights in accordance with applicable laws.
6.2 Rights of California Residents
Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), California residents have the right to opt out of the sale of their personal information. The Company does not sell personal information without the User’s consent.
7. Are There Age Restrictions for Using the Services?
• The Company does not intentionally collect personal information from child Users, does not target child Users with interest-based advertising, and does not permit child Users to use the Services.
• Child Users are not permitted to transmit personal information to the Company. In the event that personal information has been collected from such Users, the Company will delete the relevant data as promptly as practicable.
• Legal representatives are requested to ensure that children do not provide personal information to the Company. If you believe the Company holds data collected from such Users, please contact the Company immediately.
8. How Can You Contact Pearl Abyss?
If you have any questions regarding the protection of personal information or wish to submit a request to resolve a personal information-related issue, please contact us through the Customer Support Center for a prompt response.
|
|
Personal Information Grievance Department
|
Officer: Jin Young Heo (CEO)
Email: privacy@pearlabyss.com
Fax: 82-31-624-5897
|
Department: Information Security Division
Email: privacy@pearlabyss.com
Fax: 82-31-624-5897
|
8.1 Reporting and Consultation Agencies for Personal Information Infringement within the Republic of Korea
If you reside in the Republic of Korea and require additional reporting or consultation regarding personal information infringement, you may contact the following agencies:
• Personal Information Infringement Report Center (privacy.kisa.or.kr / Dial 118 without area code)
• Supreme Prosecutors’ Office Cyber Investigation Division (spo.go.kr / Dial 1301 without area code)
• National Police Agency Cyber Crime Reporting System (ECRM) (ecrm.police.go.kr / Dial 182 without area code)
• Personal Information Dispute Mediation Committee (kopico.go.kr / Dial 1833-6972 without area code)
8.2 EU Data Protection Officer (DPO) and EU Representative ContactIf you reside in the European region, you may also contact:
DPO: The Office of the Data Protection Officer
Address: 48 Gwacheon-daero 2-gil, Gwacheon-si, Gyeonggi-do, 13824, Rep. of Korea
Email: dpo@pearlabyss.com
EU Representative ContactVeraSafe has been appointed as Pearl Abyss’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to dpo@pearlabyss.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form:
https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031
|
VeraSafe Czech Republic s.r.o
Rohanské nábřeží 678/23
Prague 8, 18600
Czech Republic
|
VeraSafe Netherlands BV
Keizersgracht 555
1017 DR Amsterdam
Netherlands
|
VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland
|
Addendum
This Privacy Policy is effective as of [03, 19, 2026].