Kkusa Privacy Policy

 

MUSTGAMES Co., Ltd.(hereinafter referred to as "Company") protects the personal information of users who use Kkusa (hereinafter referred to as "Service") in accordance with the "Personal Information Protection Act" and other relevant laws, handles related grievances quickly and smoothly, and establishes and discloses this Privacy Policy to inform users about the purposes and methods by which personal information is used.

 

Article 1 (Purpose of Processing Personal Information)

1. The Company processes personal information for the following purposes:

(1) Member registration and management: Confirmation of membership registration intention, identity verification, confirmation of duplicate registration, maintenance and management of membership qualifications, prevention of fraudulent use of services, confirmation of legal representative's consent when processing personal information of children under 14, various notifications and notices, grievance handling

(2) Provision of goods or services: Provision of various content and services such as AI photography/editing/generation, delivery of notices, management and processing of in-app product purchases and purchase history, refund of transaction amounts such as purchase cancellation, provision of basic/customized services

(3) Customer consultation: Verification of user identity, confirmation of inquiries, contact/notification/notification of processing results for fact-finding

(4) Use in marketing and advertising: Provision of customized advertising, provision of events and advertising information, and provision of participation opportunities

(5) Service improvement and development: Improvement of existing services and development of new services and customized services

2. The Company will never use users' personal information for purposes other than those stated in the preceding paragraph, and if the purpose of use changes, necessary measures such as obtaining separate consent will be implemented in accordance with the "Personal Information Protection Act."

 

Article 2 (Personal Information Items Processed)

1. The Company collects and processes the following personal information items for service users:

(1) Basic information collected at membership registration (required items): Email, member ID (identification information), display name

(2) Information automatically collected during service use: Service usage records, access logs, in-app product purchase information, consultation content, advertising identifier

(3) During customer consultation: Items necessary for processing inquiries from users are collected and processed (mobile phone number, mobile device model name, carrier information, OS information and version, device identification number, device language and country information, etc.)

Article 3 (Processing and Retention Period of Personal Information)

1. When a user withdraws from the Service or loses membership qualifications, the Company shall promptly delete and destroy the collected user information even without a separate request. However, despite member withdrawal or loss of membership qualifications, the following information shall be retained for the reasons stated below:

(1) Until the completion of investigation/inquiry when investigation/inquiry is in progress due to violation of relevant laws

(2) Until the settlement of credit/debt relationships when credit/debt relationships remain due to service use

2. Provision of AI photography/editing/generation services

(1) Photos and gender provided by users: Until result generation

(2) Results: Temporarily stored for 7 days and deleted for fact verification, recovery, and victim protection in case of damage due to personal information theft, bugs, etc.

3. Event participation: Until the end of the event or delivery of prizes

4. The Company shall retain personal information until the end of the relevant period in the following cases:

(1) Personal information related to service use (log records)

① Reason for retention: Protection of Communications Secrets Act

② Retention period: 3 months

(2) Records concerning contracts or withdrawal of subscription, and records concerning payment and supply of goods, etc.

① Reason for retention: Act on Consumer Protection in Electronic Commerce, etc.

② Retention period: 5 years

(3) Records concerning consumer complaints or dispute resolution

① Reason for retention: Act on Consumer Protection in Electronic Commerce, etc.

② Retention period: 3 years

(4) Records concerning display and advertising

① Reason for retention: Act on Consumer Protection in Electronic Commerce, etc.

② Retention period: 6 months

(5) Account books and supporting documents for all transactions stipulated by tax law

① Reason for retention: Framework Act on National Taxes

② Retention period: 5 years

Article 4 (Sharing and Provision of Personal Information)

1. The Company provides personal information to third parties only with the user's consent or when there are special provisions in the Personal Information Protection Act or other laws.

2. The Company uses personal information within the purpose notified at the time of collection and, in principle, does not share or provide personal information to external parties or third parties without the user's prior consent. However, the following cases are exceptions:

(1) When the user has consented to disclosure in advance

(2) When the terms of use posted on the website or service or other member service terms or operational policies are violated .

(3) When there are sufficient grounds to determine that personal information must be disclosed in order to take legal action for causing mental or material damage to others by using the Service

(4) When it is judged in good faith to be required by law: When the provision of data is compelled by relevant laws or when there is a request from courts, investigative agencies, or other administrative agencies through lawful procedures .

Article 5 (Entrustment of Personal Information Processing)

1. The Company entrusts personal information processing tasks to overseas third parties as follows:

(1) Entrusted company: Google (Google Cloud Platform)

(2) Country of transfer: United States

(3) Entrusted task content: Cloud server operation and management

(4) Personal information items transferred: Member ID (identification information), service usage records, access logs, in-app product purchase information, advertising identifier

(5) Retention/use period of the recipient: Consistent with the retention/use period stated in Article 3

2. If the entrusted company or the content of entrusted tasks changes, it will be disclosed without delay through this Privacy Policy.

Article 6 (Use and Provision of Personal Information Within a Reasonably Related Scope to the Collection Purpose)

The Company may use personal information or provide it to third parties without user consent, considering the following criteria within a reasonable scope related to the original collection purpose:

1. Whether there is relevance to the original collection purpose: Determined by considering whether the original collection purpose and the additional use or provision purpose are related in nature or tendency

2. Whether there is predictability for additional use or provision of personal information in light of the circumstances of collecting personal information or processing practices: Determined by considering the relationship between the personal information processor and the user, the level and speed of technological development, general circumstances (practices) established over a considerable period, etc.

3. Whether it unfairly infringes on the user's interests: Determined by considering whether the user's interests are substantially infringed in relation to the additional purpose of use and whether such infringement of interests is unfair

4. Whether measures necessary to ensure safety, such as pseudonymization or encryption, have been taken: Determined by considering whether safety measures are taken considering the possibility of infringement

Article 7 (Rights, Obligations, and Exercise Methods of Users and Legal Representatives)

1. Users may exercise their rights to access, correct, delete, and request suspension of processing of personal information against the Company at any time.

2. The exercise of rights under Item 1 may be done through written documents, email, etc., and the Company will take action without delay. However, if the user's personal information is linked with external platforms such as SNS and chat services, personal information must be viewed/changed according to the method provided by the relevant platform company.

3. The exercise of rights under Item 1 may be done through an agent such as the user's legal representative or an authorized person. In this case, a power of attorney according to Form No. 11 of the "Notice on Methods of Processing Personal Information (No. 2020-7)" must be submitted.

4. When consent is required for the collection, use, and provision of personal information of children under 14 years of age (hereinafter referred to as "children"), the Company obtains the consent of the legal representative separately from the child's consent.

5. To obtain the consent of the legal representative, the Company may request minimum necessary information such as the legal representative's name and contact information, and the collected personal information of the legal representative shall not be used for purposes other than confirming the consent of the legal representative or provided to third parties.

6. The consent form of the legal representative is used for purposes such as contracts between children and the Company, withdrawal of subscription, payment, supply of goods, and resolution of consumer complaints and disputes.

7. Consent forms of legal representatives that have been withdrawn or whose validity period has expired shall be destroyed in a non-reproducible manner 30 days after the purpose of use has expired. However, if there is a need for preservation according to the provisions of the Commercial Act, the Act on Consumer Protection in Electronic Commerce, or other relevant laws, the Company shall retain the personal information of legal representatives for the period stipulated by relevant laws.

8. The legal representative of a child may request access to, correction of, or withdrawal of consent for the collection, use, and provision of the child's personal information, and when such a request is made, the Company shall take necessary measures without delay.

9. The exercise of rights such as access to, correction, deletion, and suspension of processing of users' personal information may be restricted in accordance with the Personal Information Protection Act and other relevant laws.

10. Requests for correction and deletion of personal information cannot be made if the personal information is specified as a collection target in other laws.

11. The Company verifies whether the person making the request for access, correction/deletion, or suspension of processing according to user rights is the person themselves or a legitimate agent.

Article 8 (Destruction of Personal Information)

1. The Company shall promptly destroy personal information when it becomes unnecessary due to the expiration of the personal information retention period or achievement of the processing purpose.

2. Even though the personal information retention period consented to by the user has expired or the processing purpose has been achieved, if personal information must continue to be retained in accordance with the laws stated in Article 3, Item 4, the personal information shall be transferred to a separate database (DB) or stored in a different storage location.

3. The procedures and methods for destroying personal information are as follows:

(1) Destruction procedure: The Company selects personal information for which reasons for destruction have occurred and destroys the personal information with the approval of the Company's personal information protection officer.

(2) Destruction method: The Company destroys personal information recorded/stored in electronic file format using technical methods so that the records cannot be reproduced, and personal information recorded/stored in paper documents is destroyed by shredding with a shredder or incineration.

Article 9 (Measures to Ensure the Safety of Personal Information)

1. The Company is taking the following technical and managerial measures to ensure safety so that personal information is not lost, stolen, leaked, altered, or damaged when handling users' personal information:

(1) Managerial measures: Establishment and implementation of internal management plans, regular employee training, etc.

(2) Technical measures: Technical measures against hacking, etc., encryption of personal information, access authority management of personal information processing systems, retention and prevention of forgery/alteration of access records, etc.

(3) Physical measures: Access control to data storage rooms, etc.

2. The Company shall not be held responsible for personal information leakage problems caused by the user's own carelessness.

Article 10 (Installation, Operation, and Rejection of Automatic Personal Information Collection Devices)

The Company uses "cookies" and similar technologies that store and retrieve usage information from time to time to provide individual customized services to users. Cookies are small amounts of information stored on the data subject's device when the data subject uses an application service or visits a website, and are used to provide optimized information when the data subject revisits the service.

1. Purpose of using cookies: Used for maintaining user access sessions, analyzing user usage and visit patterns to services and sites, secure access and management, service improvement, development of new services, and provision of customized services and advertising.

2. Installation/operation and rejection of cookies: Service users can allow all cookies, go through confirmation each time a cookie is stored, or reject the storage of all cookies by setting browser options when using services through the web. However, cookie setting options may not be supported in applications.

3. If you refuse to store cookies, difficulties may occur in using some services.

Article 11 (Personal Information Protection Officer)

The Company designates personal information protection officers and staff as follows to oversee and be responsible for tasks related to personal information processing, and to handle user complaints and provide relief from damages:

1. Personal Information Protection Officer

(1) Name: Kang Baek-joo

(2) Position: CEO

(3) Email: cs@mustg.kr

2. Personal Information Protection Manager

(1) Name: Yoon Hee-ho

(2) Position: Team Leader

(3) Email: cs@mustg.kr

Article 12 (Remedy for Rights Infringement)

Service users can inquire about reporting and consultation regarding personal information infringement through the following organizations:

Personal Information Infringement Report Center: (without area code) 118 (http://privacy.kisa.or.k)

Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)

Supreme Prosecutors' Office Cybercrime Investigation Division: (without area code) 1301 (www.spo.go.kr)

National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)

Article 13 (Changes to Privacy Policy)

The Company may revise the Privacy Policy for purposes such as reflecting changes in laws or services. When the Privacy Policy is changed, the Company shall post the changed matters at least 7 days before the effective date, and the changed Privacy Policy shall take effect on the stated effective date. However, when significant changes to user rights occur, such as changes to the items of personal information collected or the purpose of use, we will notify you at least 30 days in advance.

 

This "Privacy Policy" shall be effective from November 1, 2023.