Pearl Abyss

1. What type of information does Pearl Abyss collect?
2. Why does Pearl Abyss collect information?
3. Who does Pearl Abyss share your information with?
4. How long does Pearl Abyss retain the information, until it is deleted?
5. How does Pearl Abyss transfer information overseas?
6. How is your information protected?
7. What information is automatically collected?
8. What rights and choices do I and my legal guardian have pertaining to my personal information?
9. Is there an age restriction for the use of Pearl Abyss’ services?
10. How do you contact Pearl Abyss?
  
Pearl Abyss and its affiliated companies (Hereinafter referred to as “Pearl Abyss” or the “Company”) provide PC, mobile, console, official website, and other game related services (“Services”). Pearl Abyss stores, processes, and shares personal information in certain circumstances in order to provide you with these services. However, the security of your personal information is a priority to us and ample measures will be taken to protect it.  
 
This Privacy Policy provides information on how your personal data is used for which purpose, and which measures the company is taking to protect your personal data.

This policy is subject to change due to government regulations or internal policy changes by the Company, and the Company strives to comply with laws and their subordinate regulations. Depending on the location of users accessing the website, the Company discloses the policy in the appropriate language. Please check the privacy policy for the region in which you are playing.

When a revision is made, it is disclosed on the official website.  
  
1. What type of information does Pearl Abyss collect?  
The company collects the following personal information when you sign up on our official website, use provided services (including mobile services), create data, edit personal information, or submit inquiries via phone call, fax, or through customer support, as well as when partners collect your information.
  
1) Information provided by you
① Information provided during Pearl Abyss account creation.
- Email address (account name), password, name, region, and date of birth
* Signing up with an SNS account will collect additional user identification information.
※ The Company does not collect personal information from users regarded as minors in their respective countries (e.g. 13 or under in the US/Canada, 13-16 or under in Europe, and 18 or under in Brazil). (However, users between the ages of 13 to 18 that are residents of United Kingdom, the British Indian Ocean Territory, and the British Virgin Islands must receive consent from their legal guardians to utilize the company’s game services.)
 
② Information provided during Pearl Abyss account creation using a Steam account.
- Member identification number, Email address, name, region, and date of birth
 
③ The following information of legal guardians of users registered on the official website between the ages of 13 and 18 may be collected for residents of United Kingdom, the British Indian Ocean Territory, and the British Virgin Islands in order to utilize game and payment services.
- Email address, name, and date of birth
 
④ The following additional services collect respective personal information.

* Additional information may be gathered from users using certain services and participants of certain events or promotions.
* When in need of additional data, we will ask for your consent after notifying you on the type of data to be collected, the purpose, and the storage period.
 
2) Data created while using our Services.
The company collects the following data that is created while you use our services with or without an account.
- Game progress data
- Chat records, IP address, PC information (e.g.: CPU, RAM, graphic card, vRAM, etc.)
- Gameplay data, interactions with other players while using our services, and all data related to the use of our Services
- Error information, MAC address
- Game screenshot (for game client errors)
- The information collected through cookies and related technology
- Web browser information, location information
- Advertising ID
- MAC address, HDD serial (when using PC Café services)
- Data required to verify payment
   
2. Why does Pearl Abyss collect information?
The company collects information for the following reasons.  

1) We process the necessary data to provide services.
The Company collects information to provide services to you on your contractual relationship with us.
- To allow you to make an account and allow us to provide you services;
- To access our services;
- To provide products and services requested by you;
- To provide information about the products and services you request;
- To settle payments for purchases and paid services;
- To abide by relevant legislation
  
2) The company collects information to provide appropriate services.
The company collects the following information out of legitimate interest as the information is used:
- To improve and develop the services provided by the company;
- To improve and develop optimization of services and overall game experience;
- To update and develop player profiles;
- To set and manage registered accounts;
- To provide software updates;
- To maintain settings and provide content;
- To reply and provide support to submitted opinions or inquiries;
- To provide notices on changes made to Terms of Service, service errors, updates, security warnings, support, etc.;
- To create events and promotion programs for customers;
- To send event and promotion gifts  
 
3) The company processes relevant data to provide safe and fair services.
The company has legitimate interest in collecting and processing the data necessary to accomplish the following purposes in order to keep your services safe and fair. Please see our Terms of Services for legal usage policies:
- To prevent abusive and unauthorized use of malicious users;
- To provide services to protect personal information;
- To allow quality game experience across multiple devices;
- To allow appropriate automatic or manual chatting;
- To find bugs, errors, and provide solutions;
- To comply with relevant laws and to investigate and deter disputes, fraud, and other illegal activities.
  
4) The company processes necessary data to convey targeted advertisements and marketing information.
The Company collects and processes data necessary to establish targeted advertisements on our services, other websites, and emails, only if users agree to receive marketing information (direct promotional information).
- To track content accessed by users in relation to services and online behaviors;
- To customize advertisements and offer targeted marketing and promotions;
- To recommend or suggest information on services users may find interesting
  
5) For all the aforementioned cases and purposes, the Company may analyze and classify the entirety of the collected data.
The Company may have legitimate interest when collecting and processing the data necessary to meet contracts, provide and retain appropriate services, transmit advertising information when users consent to receiving marketing information. However, any personal data users have not agreed to provide will not be used.
 
3. Who does Pearl Abyss share your information with?
The company shares information with third parties if it is required by law, is consented by the user, or is deemed necessary to enforce our rights, property, or operations or to protect users or third parties or if we engage partners and service providers in order to provide our services to you by the due process of law.  

1) Other players and users
- If you post on the forums, it will be displayed for the public to see.
- If you chat using our services, it will be displayed for other players.
- In the event you violate the Terms of Service or Operating Policies, is selected as a participant or winner in an event, parts of your in-game family name, character name, guild name, and other information may be displayed on in-game pages, the official website, or forums for the public to see.
  
2) In the event the user consented in advance
- Before collecting or providing information, the Company informs users of to whom the information will be provided, which information will be provided, and the reason for providing the information, and obtain consent before providing personal information to third parties.
  
3) Partners and service providers
- To prevent abnormal game use and other unauthorized activities in the game, the Company may provide data to other companies through legitimate procedures.
- The Company may provide user information to its vendors, consultants, marketing partners, research firms and other service providers or business partners in each country for localized service delivery or the transmission of advertising agreed upon by users.
  
4) Public authorities and investigative bodies
- The Company may share your information with third parties and public authorities by the due process of law to protect the safety and property of the company, employees of the company, and you.
- The Company may provide user data upon request from an investigative body according to the appropriate procedure and process specified in the regulation or statute law.
 
5) Advertising companies and social media
- The company shares your information with advertising companies and social media (Meta (Facebook), Google, X (Twitter)). Relevant third parties will have access to your information in accordance with the Privacy Policy to use tools that interact with social media, in-game advertising, and other operations of third-party companies. For more details on how these third-party companies handle your information, please refer to the relevant third-party company’s Privacy Policy.
- Meta (Facebook): https://www.facebook.com/about/privacy  
- Google: https://policies.google.com/privacy  
- X (Twitter): https://twitter.com/en/privacy
  
6) Delivery companies
- The company may share your address and contact information you provided to delivery companies only with the motive of shipping prizes.
  
7) Payment service company
- If deemed necessary for settlement of charges based on service provision, the user’s data may be provided to the payment service company.
 
4. How long does Pearl Abyss retain the information and how is it deleted? 
1) Personal Information Retention and Deletion Period
① Membership Registration Information
The Company maintains and uses the collected information for the duration of users’ membership with their given consent. In principle, once the purpose of gathering and using provided personal information is fulfilled (ex. on request of membership withdrawal, closing of a participatory event), the relevant information will be eliminated immediately.
However, to prevent undesired membership withdrawal due to any identity theft and account-takeover identity theft, the user’s personal information will be stored for 15 days after requesting account deletion.

② Information collected through event promotions, etc.
The Company may retain personal information collected through events or promotions for a maximum of 1 year. The duration may differ depending on each event or promotion, and the period of collecting and utilizing data guided in each event or promotion will be employed first.

2) Procedures and Methods of Personal Information Deletion
In principle, the Company instantly eliminates users’ personal information once the purpose of collecting and utilizing relevant information is fulfilled or the duration for preserving and utilizing relevant data is expired. The procedure of deleting personal information is as follows:
  
① Cases of Deletion
Users’ personal information will be instantly erased once the purposes of collection and use have been achieved under the following circumstances:
• When the user withdraws their membership
• When the agreed-upon period of use expires
• When the user requests deletion of personal information
• When the purpose of collection, agreed upon at the time of collection, has been achieved
  
② Deletion Method
Personal information printed out on paper (printed material, papers, etc.) is shredded or incinerated, and information saved in the form of an electronic format is permanently deleted in such a way that it cannot be recovered.

3) Cases Where Personal Information is Not Deleted
In the following cases, personal information will not be deleted but retained and will not be used for other purposes.
• To prevent duplicate item provision through re-registration by a Steam member, for the sake of the Company's legitimate interests
- Steam member identification numbers, DLC item provision information
• When retention of personal information is required under relevant laws of each country
- Information and period as mandated by law for retention

5. How does Pearl Abyss transfer information overseas?
Your information may be sent overseas as the Company provides services worldwide. Each country may have different laws pertaining to information protection. In particular, if you are residing in a European country, laws on the protected range of information in other countries outside of the EEA (European Economic Area) may be different to that of your own country of residence. The company will comply with the relevant laws to protect your information. Please refer to ‘6. How is the information protected?’ for details on how your information will be protected.
 
The Republic of Korea and the EU have adopted the Personal Information Protection Adequacy Decision for the transfer of personal information to the Republic of Korea in accordance with the GDPR.
- The Personal Information Protection Act in the Republic of Korea guarantees equal protection of personal information as the GDPR of the EU.
- Personal information can be safely transferred from the EU to the Republic of Korea without the need for additional authentication according to the Adequacy Decision.
 
You can always reach Support or the personnel or department in charge of privacy protection and request discontinuance of an overseas transfer of your personal data. However, if some information is not provided to an overseas partner per your request, you may experience some limitations when using our official website or game services.
 
When transferring your information to partners and service providers listed under ‘3. Who does Pearl Abyss share your information with?’, the Company transfers information in compliance with the European Commission’s Standard Contractual Clauses. Your information will be transferred with adequate protection. For more information, please feel free to contact Support on our official website or the personnel or department in charge of privacy protection.
 
6. How is the information protected?
The Company uses the following technology, management, and physical measures to prevent data loss, theft, breach, alteration, and destruction.

1) Technology Measures
- The Company encrypts the information specified within, as well as additional relevant laws and regulations, when it gets stored.
- Files and data transfers containing important information (including your personal information) are protected by encryptions, file locks, or other such protection methods.
- The Company has backup systems to prevent your information from getting leaked or destroyed. The company utilizes anti-virus programs, firewalls, and other various security devices to protect your information.
- The Company is taking the necessary security measures for its systematically organized database system to process personal information.
  
2) Management Measures
- The Company keeps access rights to your information to a minimum. The minimum number of personnel given access to your information are the following:
① Personnel that are directly involved with marketing, events, customer support, and delivery (including personnel in partner companies and service providers);
② Personnel that are in charge of personal information including our Data Protection Officer;
③ Parties handling personal information for inevitable business purposes.
- The Company carries out a training program for personnel and consigned companies handling personal data on their obligation to protect personal information.
- The company established and manages Privacy Policy with the department in charge of personal information protection. Additionally, the company aims to enforce internal regulations and rectify issues as soon as they are discovered.
  
3) Physical Security Measures
- The company has a separate location where personal information is physically stored. Entry to and operation of this location is strictly monitored with an established entry protocol.
- Documents with personal information and other forms of information storage are installed by locking devices in safe locations. 
 
7. What information is automatically collected?
The Company uses ‘cookies’ that store and retrieve user information on an ongoing basis. Cookies are small text files sent by the company’s official website that are stored in your hard drive. The Company uses cookies for the following purposes.
  
1) Purposes for using cookies
Analysis of subscribers and non-subscribers accessing our official website and duration, to understand and track user preferences and interests, provide other personalized services by tracking the number of times the website has been accessed.
The Company and third-party analysis service providers use tracking technologies such as cookies, beacons, tags, or scripts. These technologies are generally used by the company to collect statistics about the websites to analyze tendencies, manage the website, and to understand how our website is used. The Company may receive collected statistical data from analysis service providers using these technologies.
  
2) How to block cookies from getting saved
You have the right to choose your cookie settings. This can be done by going to your web browser’s option settings to allow all cookies, ask for permission each time cookies get saved, or to block all cookies from getting saved. However, if the user refuses to have cookies saved, some services may be no longer available.
- Chrome: Go to [⋮] at the top-right of the browser → [Settings] → [Privacy and security] → [Third-party cookies] to change your settings.
- Microsoft Edge: Go to […] at the top-right of the browser → [Settings] → [Cookies and site permissions] → [Cookies and data stored] 
- Firefox: Go to [≡] at the top-right of the browser → [Settings] → [Privacy & Security] → [Cookies and Site Data]
* Other web browsers adhere to their respective settings.
  
The Company may use various external weblog analyzing tools such as Google Analytics and allow advertisers to provide targeted advertisement online and collect behavioral data.
① How to change Google Analytics settings:
- https://tools.google.com/dlpage/gaoptout/ 
* Other weblog analyzing tools adhere to the respective blocking method.  
  
② How to withdraw consent for receiving targeted advertising:
- Online advertisers providing targeted advertisement: Google, Meta (Facebook), X (Twitter)
- Behavioral data collection method: Automatically collected when the user visits the official website or opens the application.

* Online Behavioral Advertisement: A marketing strategy that provides customized services for users by analyzing their online behaviors and access records, etc.
- Android: Go to Settings - Security and privacy - More privacy settings - Ads - Reset advertising ID or Delete advertising ID
- iOS: Go to Settings - Privacy & Security - Apple Advertising - Personalized Ads to opt out.
※ Menus and methods may vary depending on your mobile OS version.

8. What rights and choices do I and my legal guardian have pertaining to my personal information? 
You may always inquire about your registered personal information, and if you do not want the Company to process your personal information, you may withdraw consent, restrict processing of your personal information, or request membership withdrawal. Yet, once your personal information is eliminated for membership withdrawal, related information the user has created or stored while using the company’s services may be eliminated as well.
  
You can view or edit your personal information on “My Page” after logging into the website, and membership withdrawal can be requested through My Page > Delete Account. You can also contact Support or the personnel or department in charge of privacy protection to view or edit your personal information or withdraw membership.

Once the user has requested the correction of an error in his or her personal information, the relevant information will not be used or provided until the rectification is made. Likewise, if any wrong personal information was already provided to a third party, corrected data will be delivered to the third party instantly for further correction.
 
The company processes personal information withdrawn or deleted under the request of the user following “4. How long does Pearl Abyss retain the information?” and limits the information from being used or searched for other purposes.
  
1) Privacy rights of users residing in the European Economic Area (EEA)
Users accessing the Services from the European Economic Area have the following additional rights relating to personal information, but their effectiveness and procedures may be determined in accordance with the laws and regulations of individual countries.
① The right to request the Company to send personal information to another company
② The right to contact the supervisory authority
  
2) Privacy rights of users residing in California
Under California law, you have the right to request the following information from the Company if you are a resident of California.
① A description of the categories of personal information disclosed to any third party to whom the company may have disclosed your personal information for that third party's direct marketing purposes within the previous calendar year.
② Information that identifies any such third party(ies)
  
The Company does not purposely share or sell your personal information to unaffiliated third parties for direct marketing purposes without your consent.
 
3) Parental Control Feature (For residents of the United Kingdom)
The Company provides the following services for legal guardians through the Parental Control feature.
① Set child’s gameplay limits
② Set child’s purchase limits
  
All the rights and functions listed above can be exercised by legal representatives through the following websites.
- Official Website Support
- Chief Privacy Officer and relevant department (privacy@pearlabyss.com)
- Parental Control Website (https://parents.pearlabyss.com/)
 
9. Is there an age restriction for the use of service?
1) Website service
- The Company intentionally does not collect or request personal information from users regarded as minors in respective countries (ex. 13 or under in the US/Canada, 13-16 or under in Europe, and 18 or under in Brazil). (However, users between the ages of 13 to 18 that are residents of United Kingdom, the British Indian Ocean Territory, and the British Virgin Islands must receive consent from their legal representative to utilize the company’s game services.)
- Underage users cannot send their personal information to the Company, and if their personal information is found collected, we will immediately delete relevant data.
- If you are an underage user, please do not send any of your personal information to the Company including your name, address, contact number, or email address. If you believe the Company is keeping data collected from such a user, please contact us immediately.
※ If a user aged 16 to 20 in Thailand agrees to receive commercial advertisements, it is considered that they have obtained the consent of their legal guardian.

2) Game service
- The age limit for the use of game services is set according to the game rating authorized in each service area.
  
10. How do you contact Pearl Abyss? 
If you have any questions about personal information protection or have issues related to personal information, please send an inquiry through Customer Support on our official website. The Company will answer your inquiries as soon as possible. Also, you may report any of your concerns regarding personal data while using our services to the personnel or department in charge of personal data protection. The Company will do its best to thoroughly address and answer all complaints as quickly as possible. Please contact the following institutions if you need to report or receive consultation about personal information.

  
Company and agency in charge of personal information protection in Europe
If you are residing in Europe, you may ask questions regarding your personal information through the following contact information.
Company in charge of personal information protection: Pearl Abyss Corp.    
Address: 48 Gwacheon-daero 2-gil, Gwacheon-si, Gyeonggi-do, 13824, Rep. of Korea 
Email: dpo@pearlabyss.com
 
Company and agency in charge of personal information protection in Europe
VeraSafe has been appointed as PEARL ABYSS H.K. LIMITED's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to dpo@pearlabyss.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contactdata-protection representative or via telephone at: +420 228 881 031 

  
Addendum
This policy shall enter into force starting March 27, 2024.