Skywalk Privacy Policy

[privacy policy]

Skywalk (hereinafter referred to as the “Company”) complies with the personal information protection regulations of relevant laws and regulations that information and communication service providers must comply with, such as the Telecommunications Secrets Protection Act, the Telecommunications Business Act, the Personal Information Protection Act, and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.

We are doing our best to protect user rights by establishing a personal information handling policy in accordance with relevant laws and regulations.

This privacy policy applies to the use of game services and related services provided by the company and contains the following contents.

The meaning of terms used in this privacy policy is in accordance with the relevant laws and regulations and our terms of use, and other matters are subject to general courtesy.

1. Personal information items collected/used

The company collects the following personal information to provide services.

1) Method of collecting personal information

The company collects the information necessary to provide services after obtaining the user's consent by categorizing it as mandatory/optional information for the following purposes.

The information collected for the purposes below is collected automatically or by users directly entering information during the process of using the relevant service and participating in events/marketing.

We may process your email address, mobile phone number, and address information to process your inquiries and send you promotional products.

Your name and resident registration number may be processed for tax processing purposes.

2) Collection items

- Terminal information and identification number, store information, game version, ID, nickname, game and service usage history, access history, cookies, payment history, paid billing information, promotion/event participation history and product delivery information, IP address

- Log in with your Google account: Google ID

- Log in with your Apple account: Apple email address

picture

3) Method of collecting personal information

        Collected through the consent procedure provided when signing up for the company's service

        In order to carry out promotions and events, we collect information through a separate consent procedure.

        Automatically collected through platforms that have partnerships with the Company and related service providers

        When responding to users while signing up for and using the service, information is collected upon request or provided voluntarily by the user.

4) Refusal of collection and use of personal information

Users may refuse to allow the collection and use of the above personal information. However, if they refuse to allow the collection and use of personal information, they may have difficulty using some or all of the services.

2. Purpose of collection and use of personal information

The company uses the collected personal information for the following purposes. The company will not disclose the collected personal information without the user's prior consent, and will not use it for purposes other than the following. If the purpose of use changes, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act. However, if the user consents to the disclosure of personal information in advance, or if it is required by law, or if there is a request in accordance with the established procedures of an investigative agency, it may be disclosed to an external party.

1) Performance of contracts for service provision and settlement of fees for service provision

2) Event winner notification, event prize delivery, content provision, purchase and fee payment

3) Member management

Verification of identity for use of membership services, prevention of fraudulent use by bad members and unauthorized use, age verification, confirmation of consent of legal representative when collecting personal information of children under 14 years of age, handling of complaints, delivery of notices, confirmation of use of public content in the game, confirmation for provision of differentiated services for each user, confirmation of intent to join, restrictions on membership and number of memberships, and preservation of records for dispute resolution

4) Use for marketing and advertising, partnership and consignment business

Development and specialization of new services (products), delivery of promotional information such as events, provision of services and advertisements based on demographic characteristics, identification of access frequency or statistics on members' use of services, provision of promotional/event services, verification of service validity, provision of event and promotional information and opportunities for participation

3. Period of retention and use of personal information

In accordance with the Personal Information Protection Act and its enforcement decree, the “Company” may terminate the contract and take necessary measures, such as destroying and separately storing personal information, to protect the personal information of members who have not used the service for one consecutive year (hereinafter referred to as “dormant accounts”). In this case, the Company shall notify the user of the expiration date of the personal information retention period and the details of the measures taken with respect to the personal information 30 days prior to the date of the measures.

Personal information collected with the user's consent will be retained and used for as long as the user's membership is maintained, and if cancellation is requested, the information will be completely deleted from the disk in a non-reproducible manner and processed in a way that it cannot be viewed or used in the future.

However, in the event of damage due to theft of personal information, etc., the company may temporarily store the member's ID for up to 14 days from the date of cancellation in order to recover and protect the victim, and thereafter completely delete it in a non-recoverable manner. In addition, there are exceptions in cases where consent has been obtained from the member individually or where preservation is necessary in accordance with the provisions of related laws such as the Commercial Act, the Act on Consumer Protection in Electronic Commerce, etc.

1) Records of contracts or cancellations of subscriptions, etc.

- Reason for preservation: Act on Consumer Protection in E-commerce, etc.

- Preservation period: 5 years

2) Records of payment and supply of goods, etc.

- Reason for preservation: Act on Consumer Protection in E-commerce, etc.

- Preservation period: 5 years

3) Records of consumer complaints or dispute resolution

- Reason for preservation: Act on Consumer Protection in E-commerce, etc.

- Preservation period: 3 years

4) Service visit records

- Reason for preservation: Communication Secrets Protection Act

- Preservation period: 3 months

5) Books and supporting documents for all transactions stipulated by tax laws

- Reason for preservation: National Tax Basic Act

- Preservation period: 5 years

6) Records of identity verification

- Reason for preservation: Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.

- Preservation period: 6 months

7) Record of illegal use

- Reason for preservation: To prevent misuse

- Preservation period: 1 year

4. Procedures and methods for destroying personal information

In principle, the company destroys personal information without delay after the purpose of collection and use of the information has been achieved. The destruction procedures and methods are as follows.

1) Destruction procedure

If the information entered by the user for purposes such as signing up for membership must be retained for reasons of information protection under other relevant laws (see retention and use period) even after the agreed retention period for personal information has expired or the purpose has been achieved, the personal information will be transferred to a separate database (DB) or stored in a different location.

Personal information transferred to a separate database will not be used for any other purpose than that for which it is retained, unless required by law. The company selects personal information for which a reason for destruction has arisen and destroys the personal information after receiving approval from the company's personal information protection officer.

2) Method of destruction

- Personal information stored in electronic file format is deleted using a technical method that renders the records unrecoverable. Personal information printed on paper is destroyed by shredding or incineration.

5. Technical, administrative, and physical protection measures for personal information

The company is taking the following measures to ensure the security of personal information.

- Management measures: Establishment/implementation of internal management plan, regular employee training, etc.

“Company” limits access to users’ personal information to the minimum number of personnel who can process personal information, issues separate passwords for such purposes and regularly updates them, and constantly emphasizes compliance with the company’s personal information processing policy through regular training for personnel. However, the company is not responsible for any problems caused by the leakage of personal information such as ID, password, or resident registration number due to the user’s own negligence or problems on the Internet.

- Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of the latest antivirus and security programs, data backup

“The Company” is doing its best to prevent personal information of its members from being leaked or damaged by hacking or computer viruses. However, the Company is not responsible for any problems caused by the leakage of personal information such as ID, password, date of birth, etc. due to the user’s own negligence or problems on the Internet.

- Physical measures: Access control to computer rooms, archives, etc.

The “Company” defines the area where personal information is processed and stored as a secure area and controls the entry of non-personal or outside persons. Printed materials, handwritten records, external storage media, etc. containing personal information are stored in a secure place with a locking device, and the contents or existence of the information cannot be confirmed without unlocking the device.

6. Provision of personal information to third parties

In principle, the company does not provide users' personal information to external parties. However, the following cases are exceptions.

- If the user has agreed to disclosure or provision in advance

- When necessary for bill settlement for service provision, etc.

- When there is a request from an investigative agency, court, or other administrative agency in accordance with the procedures and methods stipulated by relevant laws or for investigative purposes.

- In cases where it is necessary for statistical compilation, academic research, or market research, etc., and provided in a manner that does not allow the identification of specific individuals.

7. Notice on the Transfer of Personal Information Overseas

8. Rights of members and legal representatives and methods of exercising them

- Members and legal representatives may view or modify their own registered personal information or that of their children under the age of 14 (hereinafter referred to as “children”) at any time, and may also request cancellation of membership. In cases where consent is required for the collection, use, provision, etc. of personal information of “children,” the company obtains the consent of the legal representative separately from the consent of the child. For this purpose, the company may request the minimum necessary information, such as the legal representative’s name and contact information. The legal representative’s personal information collected in this manner will not be used for purposes other than confirming the consent of the legal representative, nor will it be provided to third parties.

- Users can view or modify their registered personal information at any time, and if they do not agree to the company's processing of their personal information, they can refuse consent or request cancellation of membership (withdrawal from the game). However, in such cases, it may be difficult to use some or all of the services. To view or modify personal information, go to “Change Personal Information” (or “Modify Member Information”, etc.), and to cancel membership (withdraw consent), go to “User Center” or “Cancel Membership” to go through the identity verification process and directly view, correct, or cancel your information. Alternatively, you may contact the Personal Information Protection Officer in writing, by phone, or by email, and we will take action without delay. Personal information that has been canceled or deleted at the request of the user is processed in accordance with the “Retention and Use Period of Personal Information” in Article 5 of the “Company” and is processed so that it cannot be viewed or used for any other purpose.

- If a user requests correction of errors in personal information, the personal information will not be used or provided until the correction is complete. In addition, if incorrect personal information has already been provided to a third party, the results of the correction process will be notified to the third party without delay to ensure that the correction is made.

- Personal information that has been terminated or deleted at the request of a member or legal representative is processed in accordance with the “Retention and Use Period of Personal Information Collected by the Company” and is processed so that it cannot be viewed or used for any other purpose.

9. Matters concerning the installation/operation and refusal of automatic personal information collection devices

The company may use cookies to provide customized services to users or to improve convenience.

1) What is a Cookie?

Cookies are very small text files that the server used to operate the website sends to the user's computer and are stored on the user's computer hard disk. Therefore, you can voluntarily choose to install and collect cookies, so you can refuse collection. However, if you refuse to store cookies, there may be restrictions on the use of some services.

2) How to reject cookie settings

① For Microsoft Edge

Directly set from “Tools” menu at the top of the web browser > “Cookies and site permissions” > “Manage and delete cookies and site data” > “Block”

② For Chrome

Select the menu icon at the top right of the web browser > Select “Settings” > Select “Show advanced settings” at the bottom of the screen > “Content settings” button in the Privacy section > Set directly in the Cookies section

10. Personal information protection officer and complaint handling information

In addition to regular training, the company is continuously working on improving internal guidelines and systems to prevent personal information infringement, and has appointed a personal information manager as follows to protect/manage users' personal information and handle complaints related to personal information.

o Data Protection Officer

Skywalk

Email: services@skywalkgames.com

You can report any privacy-related complaints that arise while using the company's services to our main phone number. Our staff will promptly and sufficiently respond to your report. If you need to report or consult about other privacy infringements, please contact the following organizations.

- Personal Information Infringement Report Center (http://privacy.kisa.or.kr / 118 without area code)

- Information Protection Mark Certification Committee (http://www.eprivacy.or.kr / 02-580-0533~4)

- Supreme Prosecutors' Office Cybercrime Investigation Division (http://www.spo.go.kr / 02-3480-3571)

- National Police Agency Cyber ​​Terror Response Center (www.ctrc.go.kr / 02-392-0330)

11. Changes and notification of personal information processing policy

The company may change its personal information processing policy as needed, such as in the case of revisions to laws, changes to service policies, or enhancements to security.

In the event of a change to the personal information processing policy, users will be notified in advance through the official website, in-game notices, or other appropriate methods at least [7 days] prior to the implementation of the change ([30 days] in the case of significant changes).

If there are any significant changes (e.g., addition of personal information collection items, change in purpose of use, change in retention period, etc.), the user's consent may be obtained again.

The changed personal information processing policy will take effect on the announced effective date, and if the user does not agree to the changes, he or she may discontinue using the service and cancel his or her account.

12. Customized advertising guidance

Customized advertising provides useful advertisements to users by using the user's visit history, activity log, and search history (hereinafter referred to as 'behavioral information').

Skywalk Co., Ltd. uses an 'advertising identifier' to provide appropriate advertisements to users. An advertising identifier is an ID issued by the mobile operating system (OS) and is used to provide customized information or advertisements to users.

1) User information protection for customized advertisements

Skywalk Co., Ltd. carefully manages user information. Skywalk Co., Ltd. does not collect sensitive information that may clearly infringe on the rights, interests, or privacy of users, and does not combine behavioral information collected through advertising identifiers with personally identifiable information without the user's consent.

Behavioral information collected through advertising identifiers is stored for up to one year and then destroyed to provide customized advertisements and content based on estimated gender, age group, and interests based on demographic characteristics. When destroying the information, technical methods are used to prevent the information from being restored or reproduced.

Skywalk Co., Ltd. does not collect activity logs or other information from children it knows are under the age of 14 or from online services primarily used by children under the age of 14, and does not provide customized advertisements to children it knows are under the age of 14.

2) How to set up customized advertising

Users can opt out of receiving personalized ads at any time, and if they opt out, they will no longer be shown personalized ads.

If you do not wish to receive interest-based advertising within mobile apps, you can disable personalized advertising settings by following the settings below for each OS.

- Android: Home > Settings > Google > Ads > Opt out of Ads Personalization (ON)

- iOS: Home > Settings > Privacy > Tracking > Allow apps to request tracking (OFF)

The behavioral information we provide to third parties for customized advertising includes:

* Behavioral information:

 - Online behavioral information: To identify users' interests, preferences, and tendencies, such as website visit history, app usage history, purchase and search history, etc.

Online user activity information that can be analyzed

- Online customized advertising: By processing behavioral information, the user's interests, preferences, and tendencies are analyzed/estimated, and then customized to the user.

Online advertising provided

[Supplementary Provisions]

Announcement Date: May 1, 2025