Pearl Abyss

Privacy Policy

1. What type of information does Pearl Abyss collect?

2. Why does Pearl Abyss collect information?

3. Who does Pearl Abyss share your information with?

4. How long does Pearl Abyss retain the information, and how is it deleted?

5. How does Pearl Abyss transfer information overseas?

6. How is your information protected?

7. What information is automatically collected (e.g. cookies)?

8. What rights and choices do I and my legal guardian have pertaining to my personal information?

9. Is there an age restriction for the use of Pearl Abyss’ services?

10. How do you contact Pearl Abyss?

11. Overseas Transfer of Personal Information (for Korean users)



Pearl Abyss and its affiliated companies (Hereinafter referred to as “Pearl Abyss” or the “Company”) provides PC, mobile, console, official website, and other game related services (“Services”). Pearl Abyss stores, processes, and shares personal information in certain circumstances in order to provide you with these services. However, the security of your personal information is a priority to us and ample measures will be taken to protect it.  


This Privacy Policy provides information on how your personal data is used for which purpose, and which measures the company is taking to protect your personal data. 


The company’s Privacy Policy is subject to change in accordance with the modifications made to the government’s relevant law or guideline, or to the regulation of the company. When a revision is made, it is disclosed on the official website. Therefore, users are recommended to look to the official website for any changes made to the policy. 


This Privacy Policy applies to all services provided by the Company.

    


1. What type of information does Pearl Abyss collect?

The company collects the following personal information when you sign up on our official website, use provided services (including mobile services), edit personal information, or submit inquiries via phone call, fax, or through customer support, as well as when partners provide and collect your information using a data collection tool.


1) Information provided by you

① Information provided during Pearl Abyss account creation.

- Email address (account name), password, name, region, and date of birth

* Signing up with an SNS account will collect additional user identification information.


② Information provided during Pearl Abyss account creation using a Steam account.

- Member identification number, Email address, name, region, and date of birth


* The Company intentionally does not collect or request personal information from users regarded as minors in their respective countries (e.g. 14 or under in Korea, 13 or under in the US/Canada, 13-16 or under in Europe, and 18 or under in Brazil)


③ The following information is collected when a Korean user verifies his/her identity.

- Name, date of birth, connecting information (CI). 


④ In the event a Korean user between the age of 15 and 19 uses the game and/or paid content service, the following information of the legal representative may be collected.

- Name, date of birth, connecting information (CI), email address of the legal representative.

* The CI of the legal representative will not be stored in the database and will only be used for verification purposes and be deleted afterwards.  


⑤ The following information of legal representatives of users registered on the official website between the ages of 13 and 18 may be collected for residents of England, the British Indian Ocean Territory, and the British Virgin Islands in order to utilize game and payment services.

- Email address, name, and date of birth  


⑥ The following additional services collect respective personal information.

TypeCollected/OptionalCollected personal information
Customer SupportCollectedEmail address
Optional

Name, mobile number, date of birth, address, automatically formed information, device identification number, and other information required for support.
* Collected personal information may differ depending on the type of inquiry, and there may be additionally collected personal information.

Events/PromotionsOptionalName, mobile number, address, gender, date of birth, email address
* Collected personal information may differ depending on the type of event and promotion, and there may be additionally collected personal information.
Gift deliveryCollectedDelivery of physical products: Name, address, mobile number
Mobile/online products: mobile number, email address
Notice on new services and updatesOptionalEmail address, mobile number
Taxes and the PublicCollectedResident Registration Number, name, address (Republic of Korea)
Passport number, name, address (other regions)
Refund (Republic of Korea)CollectedBank account information (name of the account holder, account number, name of the bank)
Alternative EmailOptionalEmail address
* Additional information may be gathered from users using certain services and participants of certain events or promotions.
* When in need of additional data, we will ask for your consent after notifying you on the type of data to be collected, the purpose, and the storage period.

2) Data created while using our Services.
The company collects the following data that is created while you use our services with or without an account.
- Game progress data
- Chat records, IP address, PC information (e.g.: CPU, RAM, graphic card, vRAM, etc.)
- Gameplay data, interactions with other players while using our services, and all data related to the use of our Services
- Error information, MAC address
- Game screenshot (for game client errors)
- The information collected through cookies and related technology
- Web browser information, location information
- Advertising ID
- MAC address, HDD serial (when using PC Café services)
- Data required to verify payment  


2. Why does Pearl Abyss collect information?

The company collects information for the following reasons.


1) We process the necessary data to provide services.

The Company collects information to provide services to you on your contractual relationship with us.

- To allow you to make an account and allow us to provide you services;

- To access our services;

- To provide products and services requested by you;

- To provide information about the products and services you request;

- To settle payments for purchases and paid services;

- To abide by relevant legislation


2) The company collects information to provide appropriate services.

The company collects the following information out of legitimate interest as the information is used:

- To improve and develop the services provided by the company;

- To improve and develop optimization of services and overall game experience;

- To update and develop player profiles;

- To set and manage registered account;

- To provide software updates;

- To maintain settings and provide content;

- To reply and provide support to submitted opinions or inquiries;

- To provide notices on changes made to Terms of Service, service errors, updates, security warnings, support, etc.;

- To create events and promotion programs for customers;

- To send event and promotion gifts


3) The company processes relevant data to provide safe and fair services.

The company has legitimate interest in collecting and processing the data necessary to accomplish the following purposes in order to keep your services safe and fair. Please see our Terms of Services for legal usage policies:

- To prevent abusive and unauthorized use of malicious users;

- To provide services to protect personal information;

- To allow quality game experience across multiple devices;

- To allow appropriate automatic or manual chatting;

- To find bugs, errors, and provide solutions;

- To comply with relevant laws and to investigate and deter disputes, fraud, and other illegal activities.  


4) The company processes necessary data to create targeted advertisements.

The company has legitimate interest in collecting and processing the data necessary to establish targeted advertisements on our services, other websites, and emails. However, commercial advertisements (direct marketing information) will only be sent to users who have agreed to receiving commercial advertisements (receiving marketing information).

- To track content accessed by users in relation to services and online behaviors;

- To customize advertisements and offer targeted marketing and promotions;

- To recommend or suggest information on services users may find interesting


5) For all the aforementioned cases and purposes, the Company may analyze and classify the entirety of the collected data.

The Company may have legitimate interest when collecting and processing data necessary to meet contracts, provide and retain appropriate services, and set up targeted advertisements. However, any personal data users have not agreed to provide will not be used.

  


3. Who does Pearl Abyss share your information with?

The company does not share identifiable personal information with a third party without the consent of the relevant user. When requesting consent from a user, the company will provide information on the subject receiving the data, the purpose, and the type of data shared. However, the company shares information with third parties if it is required by law, or is deemed necessary to enforce our rights, property, or operations or to protect users or third parties or if we engage partners and service providers in order to provide our services to you by the due process of law.  


1) Other players and users

- If you post on the forums, it will be displayed for the public to see.

- If you chat using our services, it will be displayed for other players.

- In the event you violate the Terms of Service or Operating Policies, or win an event, parts of your in-game family name, character name, and guild name may be displayed on the website or forums for the public to see.


2) In the event the user consented in advance

- Before collecting or providing information, the user shall be notified of to whom the information will be provided, which information will be provided, and the reason for providing the information. The Company will go through the procedure to obtain consent, but if the user does not agree, it will not be provided to a third party.


3) Partners and service providers

- The Company may provide user information to its vendors, consultants, marketing partners, research firms and other service providers or business partners. The information will be provided according to the clauses of this privacy policy.   


Our consignment company for processing personal information and its consigned duties are as follows:

Consigned CompanyConsigned Service ProvidersConsigned DutiesLocation
Epic Games S.a.r.l.Black Desert Korea Service
Black Desert NA/EU Service
Black Desert SA Service
Shadow Arena
Detect and block hacking and malicious behaviors through service data analysisLuxembourg
Paymentwall Ltd.Black Desert NA/EU ServicePayment tasksEngland
Mogi Group LtdBlack Desert NA/EU ServiceProviding customer service, handling complaints, sending matters of notificationIreland
BoaCompraBlack Desert SA ServicePayment tasksBrazil
Payletter Inc.Black Desert Korea Service
Shadow Arena
Identity verification and payment tasks (within Republic of Korea region)
(Re-entrusted agency: SK M & Services Co., Ltd.: Support customer counseling related to payment)
Republic of Korea
MetaMBlack Desert Korea Service
Shadow Arena
Deliver notices, perform customer support and outbound tasks related to giveaway shipping (within the Republic of Korea)Republic of Korea
SUREM Co., Ltd.Black Desert Korea Service
Shadow Arena
Provide and manage a message transmission system (within the Republic of Korea)Republic of Korea
Elite GlobalBlack Desert NA/EU Service
Black Desert SA Service
Shadow Arena
Perform customer counseling, complaint and other affairs handling, deliver notices, perform customer support tasks (in South America region and English speaking regions of Shadow Arena)Philippines
Brazil
GURU COMPANYBlack Desert Korea Service
Black Desert NA/EU Service
Black Desert SA Service
Shadow Arena
Giveaway shippingRepublic of Korea


4) Public authorities and investigative bodies

- The Company may share your information with third parties and public authorities to comply with the law and to curb fraud and illegal behavior.

- The Company may share your information with third parties and public authorities by the due process of law to protect the safety and property of the company, employees of the company, and you.

- The Company may provide user data upon request from an investigative body according to the appropriate procedure and process specified in the regulation or statute law.  


5) Advertising companies and social media

- The company shares your information with advertising companies and social media (Facebook, Google, Twitter). Relevant third parties will have access to your information in accordance with the Privacy Policy to use tools that interact with social media, in-game advertising, and other operations of third-party companies. For more detail on how these third-party companies handle your information, please refer to the relevant third-party company’s Privacy Policy.

- Facebook: https://www.facebook.com/about/privacy

- Google: https://policies.google.com/privacy

- Twitter: https://twitter.com/en/privacy


6) Delivery companies

- The company may share your address and contact information you provided to delivery companies only with the motive of shipping prizes.  


7) Payment service company

- If deemed necessary for settlement of charges based on service provision, the user’s data may be provided to the payment service company.

 


4. How long does Pearl Abyss retain the information and how is it deleted?

The Company maintains and uses the collected information for the duration of users’ membership with their given consent. In principle, once the purpose of gathering and using provided personal information is fulfilled (ex. on request of membership withdrawal, closing of a participatory event), the relevant information will be eliminated immediately. (However, to prevent undesired membership withdrawal due to any identity theft and account-takeover identity theft, the user’s personal information will be stored for 15 days after requesting account deletion.)  


However, the following information will be retained for the specified period of time under respective reasons in accordance with the relevant act on data in the Republic of Korea. They will not be used for any other purposes.


1) Reasons for retaining information under relevant laws

① Protection of Communications Secrets Act

- Log-in records: 3 months


② Act on the Consumer Protection in Electronic Commerce, etc.

- Records of labeling and advertisement: 6 months

- Records of contracts or withdrawal of membership: 5 years

- Records on payment and supply of goods, etc.: 5 years

- Records on consumer complaint and conflict settlement: 3 years


③ Framework Act on National Taxes, Corporate Tax Act

- Account book and evidential document for all transactions stipulated in the tax law: 5 years


2) Reasons for retaining personal information under the company's internal guidelines

The Company may retain personal information collected through events or promotions for a maximum of 1 year. The duration may differ depending on each event or promotion, and the period of collecting and utilizing data guided in each event or promotion will be employed first.


Additionally, the Company has legitimate interest in storing the following information to restrict Steam account holders from acquiring certain items multiple times by deleting and re-registering their accounts. (We cannot determine the identity of users using this information.)

- Steam member identification number, DLC item delivery information


In principle, the Company instantly eliminates users’ personal information once the purpose of collecting and utilizing relevant information is fulfilled or the duration for preserving and utilizing relevant data is expired. The procedure and operation of deleting personal information are as follows:


① Deletion Procedure

Users’ personal information will be instantly erased once the purpose of collecting and utilizing relevant information is fulfilled (15 days after the grace period for membership withdrawal). However, it is held for a certain period, for the purpose of information protection as stipulated by the law (refer to “4. How long does Pearl Abyss retain the information?”).


② Deletion Method

Personal information printed out on paper (printed material, papers, etc.) is shredded or incinerated, and information saved in the form of an electronic format is permanently deleted in such a way that it cannot be recovered.

 


5. How does Pearl Abyss transfer information overseas?

Your information may be sent overseas as the Company provides services worldwide. Each country may have different laws pertaining to information protection. In particular, if you are residing in a European country, laws on the protected range of information in other countries outside of the EEA (European Economic Area) may be different to that of your own country of residence. The company will comply with the relevant laws to protect your information. Please refer to ‘6. How is the information protected?’ for details on how your information will be protected.  


The Republic of Korea and the EU have adopted the Personal Information Protection Adequacy Decision for the transfer of personal information to the Republic of Korea in accordance with the GDPR.

- The Personal Information Protection Act in the Republic of Korea guarantees equal protection of personal information as the GDPR of the EU.

- Personal information can be safely transferred from the EU to the Republic of Korea without the need for additional authentication according to the Adequacy Decision.


You can always reach Support or the personnel or department in charge of privacy protection (privacy@pearlabyss.com) and request discontinuance of an overseas transfer of your personal data. However, if some information is not provided to an overseas partner per your request, you may experience some limitations when using our official website or game services.


When transferring your information to partners and service providers listed under ‘3. Who does Pearl Abyss share your information with?’, the Company transfers information in compliance with the European Commission’s Standard Contractual Clauses. Your information will be transferred with adequate protection. For more information, please feel free to contact Support on our official website or the personnel or department in charge of privacy protection (privacy@pearlabyss.com).

 


6. How is the information protected?

The Company uses the following technology, management, and physical measures to prevent data loss, theft, breach, alteration, and destruction. However, the company is not liable if the data is leaked due to your negligence such as poor password management or mishaps outside of the company’s control.  


1) Technology

- The Company encrypts the information specified within, as well as additional relevant laws and regulations, when it gets stored.

- Files and data transfers containing important information (including your personal information) are protected by encryptions, file locks, or other such protection methods.

- The Company has backup systems to prevent your information from getting leaked or destroyed. The company utilizes anti-virus programs, firewalls, and other various security devices to protect your information.

- The Company is taking the necessary security measures for its systematically organized database system to process personal information.  


2) Management

- The Company keeps access rights to your information to a minimum. The minimum number of personnel given access to your information are the following:

① Personnel that are directly involved with marketing, events, customer support, and delivery (including personnel in partner companies and service providers);

② Personnel that are in charge of personal information including our Data Protection Officer;

③ Parties handling personal information for inevitable business purposes.

- The Company carries out a training program about personal information protection on a regular basis for personnel and consigned companies handling personal data.

- The company established Privacy Policy with the department in charge of personal information protection. Additionally, the company aims to enforce internal regulations and rectify issues as soon as they are discovered.


3) Physical Security

- The company has a separate location where personal information is physically stored. Entry to and operation of this location is strictly monitored with an established entry protocol.

- Documents with personal information and other forms of information storage are installed by locking devices in safe locations.

  


7. What information is automatically collected (e.g. cookies)?

The Company uses ‘cookies’. Cookies are small text files sent by the company’s official website that are stored in your hard drive. The following information pertains to the use of cookies, etc.


1) Purposes for using cookies

Analysis of subscribers and non-subscribers accessing our official website and duration, to understand and track user preferences and interests, provide other personalized services by tracking the number of times the website has been accessed, as well as other information.  


The Company and third-party analysis service providers use tracking technologies such as cookies, beacons, tags, or scripts. These technologies are generally used by the company to collect statistics about the websites to analyze tendencies, manage the website, and to understand how our website is used. The Company may receive collected data as a whole from analysis service providers that use these technologies.


2) How to block cookies from getting saved

You have the right to block cookies from getting saved on your hard drive. This can be done by going to your web browser’s option settings to allow all cookies, ask for permission each time cookies get saved, or to block all cookies from getting saved. However, if the user refuses to have cookies saved, some services may be no longer available.

- Internet Explorer: Go to [Tools] at the top of the browser → [Internet Options] → [Personal Information] → [Advanced]

- Chrome: Go to [⋮] at the top-right of the browser → [Settings] → [Privacy and security] → [Cookie and other site data] to change your settings.

* Other web browsers adhere to their respective settings.


The Company may use various external weblog analyzing tools such as Google Analytics and allow advertisers to provide targeted advertisement online and collect behavioral data.


① How to change Google Analytics settings:

- https://tools.google.com/dlpage/gaoptout

* Other weblog analyzing tools adhere to the respective blocking method.  


② How to withdraw consent for receiving targeted advertising:

- Online advertisers providing targeted advertisement: Google, Facebook, Twitter

- Behavioral data collection method: Automatically collected when the user visits the official website or opens the application.

* Online Behavioral Advertisement: A marketing strategy that provides customized services for users by analyzing their online behaviors and access records, etc.


- Android: Click on privacy settings then select to block certain ads.

- iOS: Click on privacy setting then select “limit ad tracking”.

  


8. What rights and choices do I and my legal guardian have pertaining to my personal information?

You may always inquire about your registered personal information, and if you do not want the Company to process your personal information, you may withdraw consent, restrict processing of your personal information, or request membership withdrawal. Yet, once your personal information is eliminated for membership withdrawal, related information the user has created or stored while using the company’s services may be eliminated as well. 


You can view or edit your personal information on “My Page” after logging into the website, and request membership withdrawal through My Page > Delete Account. You can also contact Support or the personnel or department in charge of privacy protection (privacy@pearlabyss.com) to view or edit your personal information or withdraw membership.


Once the user has requested the correction of an error in his or her personal information, the relevant information will not be used or provided until the rectification is made. Likewise, if any wrong personal information was already provided to a third party, corrected data will be delivered to the third party instantly for further correction.


The company processes personal information withdrawn or deleted under the request of the user following “4. How long does Pearl Abyss retain the information?” and limits the information from being used or searched for other purposes.


1) Privacy rights of users residing in the European Economic Area (EEA)

Users accessing the Services from the European Economic Area have the following additional rights relating to personal information, but their effectiveness and procedures may be determined in accordance with the laws and regulations of individual countries.

① The right to request the Company to send personal information to another company

② The right to contact the supervisory authority


2) Privacy rights of users residing in California

Under California law, you have the right to request the following information form the Company if you are a resident of California.

① A description of the categories of personal information disclosed to any third party to whom the company may have disclosed your personal information for that third party's direct marketing purposes within the previous calendar year.

② Information that identifies any such third party(ies)


The Company does not purposely share or sell your personal information to unaffiliated third parties for direct marketing purposes without your consent.


3) Parental Control Feature (For residents of the Republic of Korea and England)

The Company provides the following services for legal representatives through the Parental Control feature.

① Set child’s gameplay limits

② Set child’s purchase limits


All the rights and functions listed above can be exercised by legal representatives through the following websites.

- Official Website Support

- Chief Privacy Officer and relevant department (privacy@pearlabyss.com)

- Parental Control Website (https://parents.pearlabyss.com)

  


9. Is there an age restriction for the use of service?

1) Website service

- The Company intentionally does not collect or request personal information from users regarded as minors in respective countries (ex. 14 or under in Korea, 13 or under in the US/Canada, 13-16 or under in Europe, and 18 or under in Brazil). (However, users between the ages of 13 to 18 that are residents of England, the British Indian Ocean Territory, and the British Virgin Islands must receive consent from their legal representative to utilize the company’s game services.)

- Underage users cannot send their personal information to the Company, and if their personal information is found collected, we will immediately delete relevant data.

- If you are an underage user, please do not send any of your personal information to the Company including your name, address, contact number, or email address. If you believe the Company is keeping data collected from such a user, please contact us immediately.


2) Game service

- The age limit for the use of game services is set according to the game rating authorized in each service area.

  


10. How do you contact Pearl Abyss?

If you have any questions about personal information protection or have issues related to personal information, please send an inquiry through Customer Support on our official website. The Company will answer your inquiries as soon as possible. Also, you may report any of your concerns regarding personal data while using our services to the personnel or department in charge of personal data protection. The Company will do its best to thoroughly address and answer all complaints as quickly as possible. Please contact the following institutions if you need to report or receive consultation about personal information.

Chief Privacy OfficerDepartment that handles issues on personal information
Name: Jin-Young Heo (Title: CEO)
Number: +82) 1661-8572
Email: privacy@pearlabyss.com
Fax: +82) 031-624-5897
Department: Policy & External Relations Division
Number: +82) 1661-8572
Email: privacy@pearlabyss.com
Fax: +82) 031-624-5897

1) Authorities and consulting agencies handling infringement of personal information in the Republic of Korea

If you are residing in the Republic of Korea, you may contact the following bodies for additional reports and consultations on any infringement of personal data.

- Infringement of Personal Information Report Center (privacy.kisa.or.kr / Without Area Code: 118)

- Supreme Prosecutors’ Office Cybercrime Investigation Division (spo.go.kr / Without Area Code: 1301)

- Korean National Police Agency Cyber Bureau (ecrm.police.go.kr / Without Area Code: 182)

- Personal Information Dispute Mediation Committee (kopico.go.kr / Without Area Code: 1833-6972)


2) Company and agency in charge of personal information protection in Europe (located in the Republic of Korea)

If you are residing in Europe, you may ask questions regarding your personal information through the following contact information. 


Company in charge of personal information protection: Pearl Abyss Corp.

Address: 24, Simin-daero 327beon-gil, Dongan-gu, Anyang-si, Gyeonggi-do, 14055, Republic of Korea

Email: dpo@pearlabyss.com


Company and agency in charge of personal information protection in Europe

VeraSafe has been appointed as PEARL ABYSS H.K. LIMITED's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union.


VeraSafe can be contacted in addition to dpo@pearlabyss.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form:  https://www.verasafe.com/privacy-services/contact-article-27-representative


Alternatively, VeraSafe can be contacted at:

VeraSafe Czech Republic s.r.o

Klimentská 46

Prague 1, 11002

Czech Republic



11. Overseas Transfer of Personal Information (for Korean users)

Pearl Abyss stores the following personal information overseas to provide stable and safe service.


1) Personal Information that is Transferred (Stored) Abroad:

① When using the official website services (Parental Controls, payment service, Customer Support, and other services)

- Legal guardian’s information (name, date of birth, email)

- Payment information

- Customer Support inquiry information

※ Member information (name, date of birth, email address, phone number, region, and CI) is saved in Korea's Internet Data Center (IDC) and will not be transferred (stored) overseas.


② When using Shadow Arena on NA, EU/RU server

- Game progress data

- Chat records, IP address, PC information (e.g.: CPU, RAM, graphic card, vRAM, etc.)

- Gameplay data, interactions with other players while using services, and all data related to the use of our services


③ Information transfer (storage) to detect and block hacking and malicious behaviors.

- Data on the progress of the game

- Chat history, access IP information, PC information (e.g. CPU type, RAM capacity, graphic card type, graphic card RAM, etc.)

- Data on gameplay and interaction with other players within the service.


2) Countries where the information is being transferred to and stored

① United States of America

- When using the official website services (Parental Controls, payment service, Customer Support, and other services)

- When using Shadow Arena on the NA server


② Netherlands

- When using Shadow Arena on EU/RU server


③ Ireland

- (On all server) Information transfer (storage) to detect and block hacking and malicious behaviors.


3) Purpose of transferring or storing personal information and the Company storing or receiving the transferred data

① To provide an environment for users when using the official website

: Microsoft Azure (02-531-4500, contact number of domestic agent, MS Korea)


② To provide games services

- Shadow Arena NA server: Microsoft Azure (02-531-4500, contact number of domestic agent, MS Korea)

- Shadow Arena EU/RU server: Equinix (+1 833-544-2200)


③ Detect and block hacking and malicious behaviors

- Epic Games S.a.r.l. (EasyAntiCheat), www.easy.ac/contact


4) Personal information transfer method and time:

① Sent through the network when using the official website

② Sent through the network when using the game.


5) Transferring and storing period of personal information

① Transfer/storage of personal information to provide services on the official website and game.

- Until the user withdraws membership


② Transfer (storage) to detect hacking and malicious behaviors.

- When hacking or malicious behavior has not been detected: maximum 5 days

- When hacking or malicious behavior is suspected: maximum 3 months

- When hacking or malicious behavior is confirmed: until termination of the contract


Users can always contact Support on the official website and ask for the termination of the transference of his or her personal information to another country. However, the user may experience limitations when using services if certain personal information is not transferred to another country under request.  


This Privacy Policy does not apply to any data collected on the website of another company associated with the services that the Company provides. Hence, please check the relevant Privacy Policy when visiting the linked website of another company.



Addendum

This policy shall enter into force from May 25, 2022.