Privacy Policy  

 

1. What information does PEARL ABYSS collect, and how is it collected?  
2. Why does PEARL ABYSS collect personal information?  
3. Does PEARL ABYSS share personal information with third parties?  
4. How long does PEARL ABYSS retain personal information and when is it deleted?  
5. What steps does PEARL ABYSS take when transferring personal information outside your country?  
6. How does PEARL ABYSS protect personal information?  
7. What information is collected automatically?  
8. What rights and choices do users have regarding personal information?  
9. Is there an age requirement to use the Services?  
10. How can I contact PEARL ABYSS?  

  

 

PEARL ABYSS CORP. together with its affiliates and subsidiaries (collectively, “PEARL ABYSS” or “we”), provides game services for PC, console, and mobile, as well as related website services (the “Services”). To operate and improve the Services, we may store and process your personal information and, in certain situations, share it. We take your privacy seriously and work hard to keep the personal information you provide to use the Services safe.  

Through this Privacy Policy, we explain how and why we use the personal information you provide, and the steps we take to protect it.  

This Privacy Policy may be updated if laws or regulations change, or if our internal policies are revised. We are committed to complying with applicable laws and regulations. If we make changes, we will post a notice on our website so you can easily review the updates.  

We also provide this Privacy Policy in multiple languages. Please review the version written in the language of your region.  

  

1. What information does PEARL ABYSS collect, and how is it collected?  

We collect personal information when you sign up, use the Services, generate content, update your account, contact us by phone or fax, get help from Support, enter events or promotions, or when our partners share information with us as permitted by law.  

 

1) Information you provide  

① When you create a PEARL ABYSS account, we collect: 

  • Email address, password, name, region, date of birth, account identifier 

※ Users aged 13 to 18 in the United Kingdom, British Indian Ocean Territory, and British Virgin Islands may use our Services subject to legal guardian consent. We do not collect personal information from children as defined by the laws of each country, including the United States/Canada (under 13), Europe (under 16 according to GDPR, or lower if established by individual member states), and Brazil (under 18).) 

② When you sign up via a Steam account, we collect: 

  • Account identifier, email address, name, region, date of birth 

③ To obtain legal guardian consent, we collect: 

  • Legal guardian's email address, name, date of birth 

④ Information collected when playing on PlayStation or Xbox: 

  • Console account identifier 

⑤ When we provide additional Services, we collect: 

  • When using My Page: nickname, mobile phone number, (secondary) email address, account identifier, console account identifier 
  • When making payments: Information necessary to use the chosen payment method 
  • When using Support: email address, name, mobile phone number, date of birth, address, automatically generated information, device identifier information, console account identifier, and other details needed to handle your inquiry 
  • Event/Promotion participation and processing: name, mobile phone number, address, date of birth, email address, Discord username, nickname, social media information, and any other information required by the event or promotion.  
  • Prize delivery: name, address, mobile phone number, email address  
  • Pre-registration applications and related updates: email address, mobile phone number  
  • Notices and other communications: email address, mobile phone number  
  • Tax reporting and processing: a unique identification number and other information required under the tax laws of each relevant country  
  • Refunds: bank account information 

 

2) Information collected during Service use  

The following information may be collected automatically while you use the Services:  

  • IP address, web usage logs, game activity, fraud/abuse logs, payment history, cookies  
  • Device information (e.g., MAC address, HDD serial number, etc. )  
  • When using the Black Desert Plus app: mobile device details (device model, OS information, advertising ID, etc.)  

 

 

2. Why does PEARL ABYSS collect personal information?  

We collect and use personal information for the purposes below.  

 

1) To provide the Services  

We process the data needed to perform our contract with you and run the Services, including to:  

  • let you create an account and use the Services  
  • operate the Services  
  • provide our products and Services  
  • share Service-related information  
  • process billing and payments for paid features  
  • comply with applicable laws  

  

2) To offer a better, more relevant experience  

We collect and process data to make the Services work better for you, including to:  

  • improve the Services  
  • update profiles and develop features  
  • set up and manage registered accounts  
  • deliver updates  
  • remember your preferences and deliver content  
  • handle questions and complaints and provide support  
  • send notices such as changes to terms, Service outages, support updates, security alerts, and other important messages  
  • run events and promotions  
  • ship prizes for events and promotions  
  • manage newsletter subscriptions  

 

3) To keep the Services safe and fair  

We collect and process data as needed to:  

  • prevent and restrict fraud, abuse, and unauthorized use  
  • provide Services that protect your information  
  • enable smooth gameplay across multiple devices  
  • find bugs and errors and fix issues  
  • analyze data to handle and resolve disputes  

  

4) To deliver personalized ads and marketing  

We process data to:  

• track the content you access related to your Service use and online activity  

• personalize ads and send targeted marketing and promotional offers  

• provide customized Services, including content and features that better match your interests  

  

5) To analyze data in de-identified form  

We may convert the data we collect into a form that does not identify you and use it for analysis and classification.  

  

3. Does PEARL ABYSS share personal information with third parties?  

We share personal information only when you have agreed in advance, when it’s necessary to provide the Services, or when we must comply with law. We follow the appropriate legal process in doing so.  

 

1) With your prior consent  

Before collecting from or sharing with a third party, we explain who will receive your information, what will be shared, and why, and then obtain your consent.  

  

2) When it’s necessary to provide the Services  

2-1) Other users and the public  

  • If you post on our website forums, your posts are visible to other users or the public.  
  • If you use public in-game chat, your messages are visible to other users.  
  • If you violate our terms or policies, or if you are selected as an event participant or winner, certain gameplay information about you may be disclosed on in-game pages, our website, or official community notices.  

 

2-2) Business partners and vendors  

We may share personal information with the following partners to operate the Services:  

  • Payment processors: to process payments and share the results of those transactions  
  • Cloud platform providers: to host the Services and store/process data in cloud environments  
  • Event agencies: to manage tickets and run online/offline events  
  • Marketing agencies: to deliver Services and offers tailored to your interests  
  • Other partners: to detect and prevent fraud/abuse, respond to customer inquiries, and otherwise support the operation of the game Services  

  

3) To comply with law  

3-1) Public authorities and law enforcement  

  • We may disclose data to public authorities when required to comply with law or to protect PEARL ABYSS, our employees, or the rights, property, or safety of others, following due process.  
  • We may provide data to investigative agencies when legally required or when a lawful request is made for an investigation under applicable procedures.  

  

 

4. How long does PEARL ABYSS retain personal information and when is it deleted?  

   

1) Retention and deletion periods  

We keep personal information while your account remains active. As a rule, we delete it without undue delay once the purpose of collection and use has been fulfilled (for example, when you request account deletion or when an event’s stated retention period ends). In the cases below, we retain data for a limited period and delete it after that period expires:  

 

1.Under our internal retention/deletion policies  
  • To prevent harm from identity theft (e.g., unauthorized account deletion or payment fraud), we retain key account data for 15 days after an account deletion request.  
  • To prevent fraud, abuse, and unauthorized use by malicious users, we retain enforcement/sanction records.  
  • To prevent duplicate item grants after re-registration, we retain console account identifiers, Steam account identifier, and records of package, Pearl Box, and DLC item grants.  
2. As required by law  
  • We retain personal information when, and to the extent, required under the laws of each applicable country.  
3. Legal guardian information:  
  • We delete legal guardian information immediately when the user deletes their website account or reaches the age of majority.  

 

2) How we delete personal information  

Paper records (printouts, hard copies) are destroyed by shredding or incineration. Electronic records are permanently erased using technical methods that make recovery impossible.  

  

 

5. What steps does PEARL ABYSS take when transferring personal information outside its country?  

Your data may be processed by PEARL ABYSS CORP. and its affiliates or subsidiaries around the world. It may also be transferred to or stored in the cloud regions or data centers (IDCs) we use.  

You may contact Support or our privacy officer and related team at any time to ask us to stop cross-border transfers of your personal information. Please note that if, per your request, cross-border transfers of your personal information are stopped, you may be unable to use some or all features of our website or game Services.  

 ※ For users in the European Economic Area (EEA)  

  • We apply appropriate safeguards to protect the personal data of EEA residents. For more on our protections, see “6. How does PEARL ABYSS protect personal information?”  
  • The EU and the Republic of Korea have adopted a GDPR adequacy decision for personal data transfers to the Republic of Korea. Under this decision, personal data can be safely transferred from the EU to the Republic of Korea, which guarantees a level of data protection equivalent to the EU GDPR. 
  • When your personal data is transferred to our partners or service providers outside the EEA, we enter into contracts that incorporate the EU Standard Contractual Clauses so that such transfers occur with appropriate safeguards.  

 

 ※ For users in Japan  

  • The servers where personal information is stored or managed are located in the United States of America and the Republic of Korea. Both countries participate in the APEC Cross-Border Privacy Rules (CBPR) system and maintain privacy protection systems and supervisory authorities equivalent to those of Japan. 
  • We utilize Microsoft Azure and AWS cloud servers, strictly apply necessary security controls, and comply with all eight OECD Privacy Principles. 

  

 

6. How does PEARL ABYSS protect personal information?  

We use technical, administrative, and physical measures to help ensure your information is not lost, stolen, leaked, altered, or destroyed.  

  

1) Technical measures  

  • Beyond items specified by law, we encrypt additional categories of personal information.  
  • We protect important data that contains personal information by encrypting files and transmissions or using file-locking and similar security features.  
  • We continuously monitor to guard against hacking and malware. We also back up personal information regularly and use a range of security tools, such as anti-virus solutions and firewalls.  
  • We apply required security controls to our structured database systems that handle personal information.  

  

2) Administrative measures  

  • We limit access to personal information to the minimum number of authorized personnel.  
  • We provide regular privacy and security training to employees and entrusted processors.  
  • A dedicated team manages our privacy program and policies. We conduct regular internal compliance checks and take immediate corrective action when issues are found.  

 

3) Physical measures  

  • We maintain separate, controlled facilities for systems that store personal information and operate access-control procedures for those locations.  
  • Documents and removable media that contain personal information are kept in locked, secure locations.  

  

 

7. What information is collected automatically?  

   

1) What are cookies and why do we use them? 

Cookies are small files saved on your device when you visit a website. We use cookies to remember your language and sign-in details, store settings to deliver a more personalized experience, and make the site easier to use. We also use cookies to analyze usage trends, manage the website, and compile statistics about how visitors use our site.  

a. How to block third-party cookie collection in browsers  

  • Chrome: Click the menu [⋮] (top right) → Settings → Privacy and security → Cookies and other site data 
  • Microsoft Edge: Click the menu […] (top right) → Settings → Privacy, search, and services → Cookies and site data 
  • Firefox: Click the menu [≡] (top right) → Settings → Privacy & Security → Cookies and Site Data  

※ Menu names may vary depending on the browser version you are using. Please check the exact name and path by searching for "cookies" in your browser settings. 

b. How to block saving of all web browser cookies 

By using a "New Incognito Window" or "InPrivate Window" for each browser, your browsing history, cookies and site data, and information entered in forms will not be saved on your device.  

 

2) What is web analytics?  

We use Google Analytics to understand users’ preferences and interests on our website.  

  

3) What is personalized advertising?  

We provide personalized ads by analyzing your Service usage patterns and access logs based on advertising identifiers. The online ad partners we allow to process your behavioral information and how they collect it are:  

  • Online ad partners: Google, Meta (Facebook), X (Twitter)  
  • How behavioral information is collected: Automatically when you visit our website or launch our apps  
  • How to limit collection/use of your advertising ID:  
  • Android: Settings → Google → Ads → Delete advertising ID (Learn more in device settings)  
  • iOS: Settings → Privacy → Tracking → Allow Apps to Request to Track (Off)  

  

 

8. What rights and choices do users have regarding personal information?  

You have the right to view, correct, delete, restrict processing of, and withdraw consent to the use of your personal information, and we respect and support these rights.  

You can view or edit your information at any time under My Page > View Account Info.  

You can delete your account under My Page > Delete Account. Deleting your account may also delete related information that was created or stored while you used the Services.  

You may also request access, correction, deletion, restriction, or withdrawal of consent through Support or our privacy inquiries team.  

We may refuse a request to delete or restrict processing if we are required by law to retain certain information.  

  

1) Rights of residents of the European Economic Area (EEA)  

EEA residents have additional rights regarding their personal information, which may vary by country.  

The right to contact a supervisory authority.  

  

2) Rights of California residents  

Under the California Consumer Privacy Act (CCPA) and California Consumer Rights Act (CPRA), California residents may request that we provide:  

  • A list of personal information disclosed to third parties for direct marketing purposes during the 12 months preceding the request date  
  • The identities of the third parties that received such information  

We do NOT sell personal information for direct marketing purposes. For other marketing-related uses of personal information, see “2.4 To deliver personalized ads and marketing.”  

 

3) Parental Controls (For UK residents)  

We provide the following parental control features for legal guardians:  

① Set game playtime for your child  

② Restrict your child's payments 

 

You may exercise all rights and features listed above at any time through the following channels: 

  • Official website Support 
  • Privacy officer and related team (privacy@pearlabyss.com) 

 

 

9. Is there an age requirement to use the Services?  

1) Website Services  

  • We do not knowingly collect or solicit personal information from, target interest-based advertising to, or knowingly allow use of our Services by users who are considered children under the laws of their country/region (e.g., under 13 in the U.S./Canada, under 16 in Europe (based on GDPR, or lower age if established by individual member states), under 18 in Brazil) (each, a “Child User”). (However, users aged 13 to 18 in the United Kingdom, British Indian Ocean Territory, and British Virgin Islands may use our Services subject to legal guardian consent.) 
  • Child Users must not send personal information to us. If we learn that we have collected personal information from a Child User, we will delete it as quickly as practicable. 
  • For Child Users, please do not send us any personal information, including your name, address, telephone number, or email address. If you believe we might have any information from or about a Child User, please contact us immediately. 

 

2) Game Services  

  • We limit access to our game Services based on the age ratings authorized in each service territory.  

 

 

10. How can I contact PEARL ABYSS?  

If you have questions about privacy or need help resolving a privacy issue, contacting Support is the fastest way to get assistance.  

Privacy Complaints Handling Department: Information Security Division  
Email: privacy@pearlabyss.com  

  

1) EU Data Protection Officer (DPO) and EU Representative — Contact  

If you reside in the European region, you may also contact:  
DPO: The Office of the Data Protection Officer  
Address: 48 Gwacheon-daero 2-gil, Gwacheon-si, Gyeonggi-do, 13824, Rep. of Korea   
Email: dpo@pearlabyss.com    

  

EU Representative — Contact  

VeraSafe has been appointed as PEARL ABYSS's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to dpo@pearlabyss.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031  

 

VeraSafe Czech Republic s.r.o  

Rohanské nábřeží 678/23  

Prague 8, 18600  

Czech Republic  

VeraSafe Netherlands BV  

Keizersgracht 555  

1017 DR Amsterdam  

Netherlands  

VeraSafe Ireland Ltd.  

Unit 3D North Point House  

North Point Business Park  

New Mallow Road  

Cork T23AT2P  

Ireland  

    

Effective Date:  

This Privacy Policy takes effect on November 27, 2025.  

  

 

 

-