1. What types of information does Pearl Abyss collect and how?
2. Why does Pearl Abyss collect personal information?
3. Does Pearl Abyss share personal information with third parties?
4. How long does Pearl Abyss retain personal information and when is it deleted?
5. How does Pearl Abyss transfer personal information overseas?
6. How does Pearl Abyss protect personal information?
7. What personal information is collected automatically?
8. What rights and choices do users have regarding their personal information?
9. Are there age restrictions for using Pearl Abyss’ Services?
10. How do you contact Pearl Abyss?
Pearl Abyss and its affiliates or subsidiaries (hereinafter “Pearl Abyss” or the “Company”) provide game services for PC, console, mobile, and related website services (hereinafter “Services”). To provide these Services, the Company may store, process, and, in certain situations, share your personal information. The Company values your privacy and is committed to protecting the personal information you provide when using its Services.
This Privacy Policy explains what personal information the Company collects, for what purposes, and how it uses it, as well as the efforts it makes to protect your data.
This Privacy Policy may be amended to reflect changes in applicable laws, regulations, or the Company’s internal policies. The Company remains committed to maintaining full compliance with all relevant laws and subordinate regulations. In the event of any changes to this Policy, notice will be provided via the Company’s website to ensure users can easily review the updated terms. As this Privacy Policy is made available in multiple languages, please refer to the version provided in your regional language for the most accurate and applicable information.
1. What types of information does Pearl Abyss collect and how?
The Company collects personal information through account registration, service use, information updates, phone, fax, customer support, event participation, and through partners, as described below.
1) Information you provide
① Information collected during Pearl Abyss account creation
- Email address, password, name, region, date of birth, social login identifier
※ Users aged 13–18 in the UK, British Indian Ocean Territory, and British Virgin Islands may use the Company’s Services with parental consent. The Company does not collect personal information from children as defined by each country’s regulations (e.g., under 13 in the US/Canada, under 16 in the EU per GDPR unless a lower age is set by a member state), under 18 in Brazil.
② Information collected during Pearl Abyss account creation using a Steam account
- Social login identifier, email address, name, region, date of birth
③ Information collected for parental consent
- Parent/guardian’s email address, name, date of birth
④ Information collected for additional services
- For Account Information page: Nickname, mobile phone number, (secondary) email address, social login identifier
- For payments: Information required for the payment method
- For customer support: Email address, name, mobile phone number, date of birth, address, automatically generated information, device identifiers, and other information necessary for support
- For event/promotion participation: Name, mobile phone number, address, date of birth, email address, and other required information
- For prize delivery: Name, address, mobile phone number, email address
- For pre-registration and related notifications: Email address, mobile phone number
- For notifications and announcements: Email address, mobile phone number
- For tax reporting: Information required by each country, such as unique identification numbers
- For refunds: Bank account information
2) Information collected during service use
The following information may be collected automatically during service use.
- IP address, web service usage records, game information, records of misuse, payment records, cookies
- Device information (MAC address, HDD serial number, etc.)
- When using the Black Desert+ app: Mobile device information (model, OS, advertising ID, etc.)
2. Why does Pearl Abyss collect personal information?
Pearl Abyss collects and uses personal information for the following purposes.
1) To process data necessary for service provision
The Company processes data necessary to:
- Allow users to create accounts and use the Company’s Services
- Operate the Company’s Services
- Provide products and services
- Provide service-related information
- Process payments for paid services
- Comply with applicable laws
2) To provide better, more relevant Services
The Company collects and processes data necessary to:
- Improve the services
- Update user profiles and enhance features
- Set up and manage user accounts
- Provide updates
- Maintain user preferences and deliver content
- Respond to user inquiries and complaints
- Send notifications regarding changes to the Terms, service interruptions, customer support, updates, security alerts, and other important messages
- Organize events and promotions
- Deliver event and promotion prizes
3) To maintain a safe and fair service environment
The Company collects and processes data to:
- Prevent and restrict misuse and unauthorized use
- Provide protective measures for user information
- Ensure smooth gameplay across multiple devices
- Detect and resolve bugs and service errors
- Analyze data for dispute resolution
4) For personalized advertising and marketing
The Company processes data to:
- Track users’ access to content and online behavior
- Personalize ads, deliver targeted marketing, and promotional offers
- Provide customized content and features based on user interests
5) The Company may analyze and classify all collected data in a non-identifiable format.
3. Does Pearl Abyss share personal information with third parties?
The Company shares personal information with third parties only with your prior consent, when necessary to provide services, or to comply with applicable laws.
1) With your prior consent
Before collecting or providing information, the Company informs you about the recipient, the data to be shared, and the purpose, and obtains your consent.
2) When necessary to provide services
2-1) Other users and the public
- Posts on our website forums are visible to other users or the public.
- In-game public chat is visible to other users.
- If you violate the Company’s Terms or policies, or are selected as an event winner, your Family name, character name, guild name, or other game information may be disclosed in-game, on the Company’s website, or in official community notices.
2-2) Business partners
The Company may share personal information with business partners and vendors as follows:
- Payment processors: For smooth payment processing and result notification
- Cloud platform providers: For cloud services and data storage
- Event agencies: For ticket management and event operation
- Marketing agencies: For personalized marketing and communications
- Other partners: For fraud detection, customer support, and other necessary services
3) To comply with applicable laws
3-1) Public and investigative authorities
- The Company may disclose user data to public authorities by the due process of law to comply with laws or protect the Company’s rights, property, or safety.
- The Company may provide user data to investigative authorities upon request and in accordance with applicable procedures and laws.
4. How long does Pearl Abyss retain personal information and when is it deleted?
1) Retention and deletion periods
The Company retains personal information while your account remains active. When the purpose of collection is fulfilled (e.g., account deletion, end of event retention period), the Company promptly deletes the information. In the following cases, data is retained and deleted after certain periods:
① Per the Company’s internal (deletion) policy:
- To minimize damage from unauthorized account or payment use, the Company retains data for 15 days after account deletion
- To prevent misuse and unauthorized use, the Company retains records of account restrictions
- To prevent duplicate item grants via re-registration, the Company retains Steam social login identifiers and DLC item grant information
② As required by law:
- When retention is required by national laws
③ Parental/guardian information:
- Deleted upon account deletion or when the user reaches adulthood
2) Deletion methods
Personal information on paper is shredded or incinerated. Electronic files are permanently deleted using methods that prevent recovery.
5. How does Pearl Abyss transfer personal information overseas?
Your data may be processed by Pearl Abyss, its affiliates, or subsidiaries worldwide, and may be transmitted to or stored in cloud service regions or data centers.
You may request to stop overseas transfers of your personal information at any time by contacting customer support or the Company’s privacy team. However, if your data is not provided to overseas vendors as requested, you may be restricted from using the Company’s website or game services.
* For EEA residents:
- The Company takes appropriate safeguards to protect EEA users’ personal information. See “6. How does Pearl Abyss protect personal information?” for details.
- The Republic of Korea and the EU have adopted an Adequacy Decision under the GDPR, allowing safe transfers of personal data from the EU to Korea without additional measures.
- Korea’s Personal Information Protection Act provides a level of protection equivalent to the EU GDPR.
- When transferring data to partners outside the EEA, the Company contractually requires compliance with EU Standard Contractual Clauses to ensure safe transfers of personal data.
* For Japanese residents:
- Third-party countries: United States, Korea
- Information on privacy regimes of these countries: CBPR member countries
- Data recipients (MS Azure, AWS) apply appropriate security measures and comply with all eight OECD privacy principles.
6. How does Pearl Abyss protect personal information?
The Company implements technical, administrative, and physical safeguards to prevent loss, theft, leakage, alteration, or damage of personal information.
1) Technical safeguards
- The Company encrypts both legally mandated items and additional personal data.
- Files or transmissions containing personal information are protected through encryption or file-locking mechanisms.
- The Company monitors for hacking and viruses, regularly backs up data, and uses anti-virus programs and firewalls.
- The Company applies security measures to its systematically organized databases to process personal data.
2) Administrative safeguards
- Access to personal information is limited to the minimum necessary personnel.
- The Company provides regular privacy training to staff and contractors.
- The Company’s dedicated privacy team manages this policy and regularly checks compliance, correcting issues promptly.
3) Physical safeguards
- The Company stores personal-information systems in dedicated, access-controlled physical facilities.
- Documents and storage media containing personal information are kept in locked, secure locations.
7. What personal information is collected automatically?
1) What are cookies and why are they used?
Cookies are temporary files created when you visit a website and are stored on your computer. The Company uses cookies to remember your language and authentication information, store personalized settings, and make the Company’s site easier to use. Cookies are also used for analytics, site management, and collecting statistical information about site usage.
1. How to block cookies on PC web browsers
- Chrome: Click "⁝” in the top right > New Incognito Window (Ctrl+Shift+N)
- Edge: Click “...””in the top right > New InPrivate Window (Ctrl+Shift+N)
2. How to block cookies on mobile web browsers
- Mobile Chrome: Tap “⁝” > New Incognito Tab
- Safari: Device Settings > Safari > Advanced > Block All Cookies
- Samsung Internet: Tap “Tabs” > Turn on Secret Mode > Start
2) What is web log analysis?
The Company uses Google Analytics to analyze user preferences and interests on its website. To opt out:
- Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout/
3) What is personalized advertising?
The Company analyzes user behavior and accesses logs based on advertising identifiers to provide personalized ads. The Company uses the following online advertising partners and methods.
① Partners: Google, Meta (Facebook), X (Twitter)
② Collection method: Automatically when visiting the Company’s website or using the Company’s app
③ How to block ad identifier collection:
- Android: [Settings] → [Google] → [Ads] → [Delete advertising ID]
- iOS: [Settings] → [Privacy] → [Tracking] → [Allow Apps to Request to Track (OFF)]
8. What rights and choices do users have regarding their personal information?
You have the right to access, correct, delete, restrict processing, and withdraw consent for your personal information. The Company protects these rights.
You can view or edit your information at any time via the “Account Information” page. You can delete your account via “Account Information > Delete Account.” When your account is deleted, any information you created or accumulated during use will also be deleted.
You may also request access, correction, deletion, restriction, or withdrawal of consent through customer support or the Company’s privacy team.
The Company may refuse deletion or restriction requests if required by law.
1) Rights of EEA residents
EEA residents have the following additional rights regarding their personal information, which may vary by country.
① Right to contact supervisory authorities
2) Rights of California residents
Under the California Consumer Privacy Act (CCPA), California residents may request the following from the Company.
① A list of personal information disclosed to third parties for direct marketing in the past 12 months
② The identity of third parties who received such information
The Company does not sell personal information for direct marketing. For other marketing uses, see section 2 > “4) For personalized advertising and marketing.”
3) Parental controls (UK residents)
The Company provides the following parental controls.
① Set playtime limits for children
② Restrict paid purchases for children
All rights and controls above can be exercised at any time via:
- Pearl Abyss official website customer support
- Pearl Abyss privacy team (privacy@pearlabyss.com)
- Pearl Abyss parental control site (https://parents.pearlabyss.com/)
9. Are there age restrictions for using Pearl Abyss’ Services?
1) Website Services
- The Company does not knowingly collect or request personal information from children as defined by each country (under 13 in the US/Canada, under 16 in the EU per GDPR unless a lower age is set by a member state, under 18 in Brazil, etc.), nor does it target them with interest-based ads or intentionally allow them to use its Services. (Exception: UK, British Indian Ocean Territory, and British Virgin Islands users aged 13-18 may use the Company’s Services with parental consent.)
- Children may not send any personal information to the Company. If the Company learns it has collected data from such users, it will delete it as soon as possible.
- Children must not send any personal information (name, address, phone number, email, etc.) to the Company. If you believe the Company has such data, please contact it immediately.
※ In Thailand, users aged 16-20 who consent to receive commercial ads are considered to have parental consent.
2) Game Services
- The Company restricts game service access according to the age ratings approved in each service region.
10. How do you contact Pearl Abyss?
If you have questions or requests regarding privacy, please contact the Company’s customer support for prompt assistance.
EU Personal Data Protection Representative and Agency
If you reside in Europe, you may direct any privacy-related inquiries to the contact information below.
Personal Data Controller: Pearl Abyss Corp.
Address: 48 Gwacheon-daero 2-gil, Gwacheon-si, Gyeonggi-do, 13824, Rep. of Korea
Email: dpo@pearlabyss.com
EU Personal Data Protection Representative and Agency
VeraSafe has been appointed as PEARL ABYSS H.K. LIMITED's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to dpo@pearlabyss.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contactdata-protection representative or via telephone at: +420 228 881 031
VeraSafe Czech Republic s.r.o
Klimentská 46
Prague 1, 11002
Czech Republic
|
VeraSafe Netherlands BV
Keizersgracht 555
1017 DR Amsterdam
Netherlands
|
VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland
|
Addendum
This Privacy Policy is effective as of August 8, 2025.