PRIVACY POLICY
NDREAM Corporation (“company”, “we”, or “us”) is doing its best to
protect the valuable personal information of our customers (“user”, or
“users”) and complies with the relevant laws and regulations that
information and communication service providers must comply with.
The company informs you of the purpose of using personal information
collected from users through the privacy policy and what efforts and
actions the company is taking to protect personal information.
The company's privacy policy can be changed from time to time due to
changes in laws and guidelines related to personal information
protection or changes in the company's internal policy. If the privacy
policy is revised, we notify you of the changes, so users should check
the changes from time to time through the website.
This privacy policy applies to
mobile platform-based game services provided by the company and
mobile game services in the PC environment (collectively, the
“NDREAM Service").
Effective date: Jan 23, 2024
Article 1. Collection of Personal Information
“The company
collects and uses only essential personal information necessary for
providing users with the NDREAM Service.“
However, with the individual consent of users, the Company may collect some additional information to provide better services. Users can still enjoy the basic services provided by the Company without any restrictions, even if they do not consent
The company collects the following personal information through users'
membership registration, use of the NDREAM Service through external
platform account linkage, participation in events or promotions,
consultation with customer centers, and automatic collection of
information.
1. Information Provided by the User
1) The information collected when using games through linking
external platform (Google, Steam or Apple) accounts is as
follows.
- [Required] User identification information (by platform), email
address, nickname
※ When linking external platform accounts, we can receive information
such as names, profile photos, and language configuration information,
but we only collect and use user identification information and e-mail
addresses for service linkage.
※ For user convenience, the company also provides some mobile
platform-based game services in the PC environment.
When using the service in a PC environment, no additional personal
information is collected.
2) The information collected when signing up for membership through
the Google's Firebase platform is as follows.
- [Required] Email address, password
3) Additional information collected when using other services is as follows.
- Personal verification service on mobile: name, date of birth, gender
- Participation in events and promotions: membership number (ID), nickname, email address, mobile phone number, access IP address
- If you win a prize in events or promotions: membership number (ID), nickname, email address, mobile phone number
※ Depending on the event and promotion, the collected personal information may differ or additional personal information collection may be required. In such cases, we will obtain separate consent from the user.
- Participation in pre-order: email, mobile phone number, access IP address
- Inquiries/consultations at the customer center: membership number (ID), email address, nickname, membership number, server name, device information (device name, OS version), product name, payment number, and other information necessary for consultation
※ Depending on the type of inquiry, different personal information may be collected or additional personal information may be collected.
- Usage of the payment service: external platform (Google, Apple or Xsolla) user identification information, payment information (payment amount, payment date, payment method etc.), email address, access IP address
※ When users use payment services provided by Google, Apple or Xsolla, user identification information and payment-related information are neither collected nor processed directly by the company, according to the terms and conditions of the service of the companies.
2. Automatically Collected Information
The following information can be automatically collected during the
service usage.
- Game usage record (game progress and play data), access record,
authentication record, fraudulent usage record, banning record, game
version, access IP address
- Device information (mobile carrier information, device
information, country information (MCC), and data from interaction with
other users
- Data collected through cookies and similar technologies, and ADID,
IFDA information (Users may reject to provide such information.)
Article 2. Purpose of Using Personal Information
"The company processes the personal information collected for the
following purposes, and if any purpose changes, the user will be
informed of the changes in detail before the company requests further
consent."
1. Provision of the NDREAM Service and fulfillment of contract
1) Personal information is used for member management and
identification.
2) Personal information is used for payment processing for paid services
such as fee settlement, payment, and refund.
3) Personal information is used to handle user inquiries or
complaints.
4) Personal information is used to improve user experience and game
quality.
5) Personal information is used to deliver announcements on service
failures, changes in terms and conditions, personal information usage
details, etc.
2. Development and provision of services that are more suitable for
users
1) Personal information is used to develop new services or to provide
specialized services according to demographic characteristics.
2) Personal information is used to plan and provide various customized
contents.
3) Personal information is used to provide additional services that are
directly or indirectly related to the NDREAM Service.
3. Improvement of the NDREAM Service provision environment
1) Personal information is used to create an environment where services
can be used comfortably and safely.
2) Personal information is used to check and fix various game errors or
bugs.
3) Personal information is used to analyze the service usage environment
and provide more suitable services in consideration of the user
characteristics.
4) Personal information is used to prevent fraudulent subscriptions and
restrict abusive usage.
5) Personal information is used to investigate illegal activities or to
comply with relevant laws and regulations.
4. Delivery of advertisements or promotional information
1)
Personal information is used to send notifications about promotions such as events.
2) Personal information is used for additional services and customized
advertisements according to demographic characteristics.
3) Personal information is used for checking your intention to
participate in an event or promotion, and for the
delivery of prizes to participants and processing various taxes, etc.
Article 3. Provision of Personal Information
"The company shall not provide the collected personal information to
an institution, organization, or partner ("third party") without the
consent of the user."
However, the following cases are excluded.
1. When the user agrees in advance
If the company determines that it needs to provide the user's personal information to a third party, it will inform who provides the personal information and for what reason, and provide it after obtaining separate consent according to the consent procedure, and if the user disagrees, the company will not provide the personal information to a third party.
2. When the user's information is provided to third parties through the delegation of the Company's tasks within the necessary scope to achieve the purposes outlined in Article 2.
3. In the event of an investigative agency's request or a lawful obligation to provide personal information in accordance with the procedures and methods prescribed in the Act for the purpose of investigation
Article 4. Consignment of Personal Information Processing
Name of subcontractors | Description of assigned works (services) |
---|---|
Xsolla Corp | Payment service agency |
Elite Corp | Customer support, complaint management, events and promotions support |
Gamedex Corp | Customer support, complaint management, events and promotions support |
Joyciy Corp | Providing and managing a personal information management system, Supporting marketing tasks |
Netpathy Corp | Providing and managing a message (such as LMS, EMS) sending system |
Samjung Data Service Corp | Providing and managing a message (such as LMS, EMS) sending system |
1) Xsolla Corp
- Address: 15260 Ventura Blvd Ste 2230 Sherman Oaks, CA 91403
- Contact: [Homepage] → [Contact Us]
- Homepage: https://xsolla.com
- Country: United States
2) Elite Corp
- Address: 650 S. Grand Ave Los Angeles, CA 90017
- Contact: [Homepage] → [Contact] → [Email-Us]
- Homepage: https://elitegsl.com
- Country: United States
3) Gamedex Corp
- Address : 340 Hwangsaeul-ro, Bundang-gu, Seongnam-si, Gyeonggi-do
- Contact : info@gamedex.co.kr
- Homepage : http://www.gamedex.co.kr
- Country : Republic of Korea
4) Joycity Corp
- Address : 10F, Bundang First Tower, 55 Bundang-ro, Bundang-gu, Seongnam-si, Gyeonggi-do
- Contact : support@joycity.com
- Homepage : http://corp.joycity.com
- Country : Republic of Korea
5) Netpathy Corp
- Address: 2F, 49, Gangnam-daero 99-gil, Seocho-gu, Seoul
- Contact: +82-2-3453-6392
- Homepage: http://www.netpathy.com
- Country: Republic of Korea
6) Samjung Data Service Corp
- Address: F4-416,417,421, 306, Digital-ro, Guro-gu, Seoul
- Contact: privacy@sds.co.kr
- Homepage: https://www.sds.co.kr/eng/main
- Country: Republic of Korea
Article 5. Overseas Transfer of Personal Information
[Receiving Country for Personal Information Transfer] South Korea
- Existence of systems related to Personal Information Protection: Yes
- Recognition of adequacy under the EU General Data Protection Regulation (GDPR): Yes (Adequacy Decision, December 17, 2021)
- Participation in the APEC CBPR System: Yes (Since June 2017)
- Existence of systems with significant impact on user rights and interests: No
- Transferred personal information items: Personal information and user data specified in Article 1 (Personal information items collected with the consent of users and automatically collected data)
- Date and time of transfer and method of transfer: Immediately upon using game services / transferred via encrypted communication
1. South Korea is a member country of the "APEC CBPR (Cross Border Privacy Rule)" and has a legal framework for personal information protection equivalent to that of the EU. In South Korea, laws such as the “Personal Information Protection Act,” the “Act on Promotion of Information and Communications Network Utilization and Information Protection,” and the “Credit Information Use and Protection Act” are established. In addition, to ensure the safe protection of users’ personal information, South Korea operates information security-related certification systems.
2. The Company complies with the 8 principles of the OECD Privacy Guidelines to prevent leakage, unauthorized disclosure, or damage to users’ personal information.
The Company also transmits and stores the personal information collected from users in data centers provided by Amazon Web Service (AWS) in specific regions (Tokyo, Hong Kong, Singapore, North America, Frankfurt). Amazon Web Services implements strict technical and organizational measures to protect the confidentiality, integrity, and availability of personal information, irrespective of the region. AWS also complies with the requirements of the GDPR.
Article 6. Duration of Retention and Use of Personal Information
“The company shall retain and use the user's personal information
during the period agreed upon, and "destroy it without delay when the purpose of collecting and using
personal information is achieved or the retention period expires."
(However, in order to minimize damage caused by unwanted membership withdrawal or payment theft due to internal settlement processing or personal information theft, information can be temporarily retained for up to 30 days after requesting membership withdrawal, and will be completely destroyed later.)
In addition, the following information shall be preserved for a certain
period of time according to each stated reason and shall not be used for
any purpose other than the stated purpose.
1. When a user requests membership withdrawal
In the event that a user requests withdrawal from membership, the Company may retain the user’s personal information for a temporary period of 30 days to minimize internal settlement processes or undesired membership withdrawals due to identity theft, as well as to mitigate damages resulting from payment fraud.
2. When a user participates in promotions or events conducted by the Company
The Company may retain personal information collected through events, promotions, and other such affairs for a period of one year. However, the retention period may vary for each individual event or promotion; the duration announced through specific event or promotion notices will take precedence.
If the Company is required to comply with specific regulatory requirements, needs additional consent from users to retain personal information for a longer period than originally intended, or if there is a separate period specified by the laws governing the country (or region) of residence of the user, the retention period for personal information may be extended or shortened compared to the abovementioned period.
Article 7. Procedures and methods for destroying personal information
“The company destroys the user's personal information without delay
after the purpose of collection and use is achieved or the period of
retention and use has elapsed."
The procedure and method of destroying personal information are as
follows.
1. Destruction Procedure
After the purpose of using personal information is achieved, it will be
destroyed without delay according to the "6. Duration of Retention and
Use of Personal Information".
※ However, even if the user deletes the mobile game app ("app"),
the personal information collected by the company will not be
destroyed immediately. If you no longer use the service provided by
the company, please click “Withdraw from the game" in the settings
menu of the app and apply for withdrawal.
2. Destruction Method
Hard copies are incinerated or shredded, and soft copies are permanently
and irrecoverably deleted through technical methods
Article 8. Collecting Information from Minors
“The company does not collect information from
minors under the age of 16 or under the equivalent minimum age
prescribed by relevant laws and regulations. The company is fully aware that it has a special obligation to
protect information about minors. The company's apps, websites, or
applications prohibit minors from using services through
consent to age restrictions from users, and
the company does not intentionally collect minors' personal
information."
1. Children in Europe
If the user is a child under the age of 16 in Europe, the service can
only be used to the extent agreed by the parent or legal representative.
Please consult with your parents or legal representative about this
privacy policy so that the company can better understand how to use your
personal information. The company is making reasonable efforts to verify
the consent of your parents or legal representatives, and if the company
has collected personal information from you without their consent, it
will immediately delete it.
2. California minors
The company does not collect personal information about minors under the
age of 16 living in California without clear approval, and for minors
under the age of 13, it does not collect personal information without
clear approval from parents or legal representatives. If you find out
that you are a parent or legal representative and your child has
provided us with personal information under these age restrictions, you
can contact us using the contact information below and immediately
request that your child's personal information and account be deleted.
Article 9. California Consumer Privacy Act
"The company complies with the California Consumer Privacy Act
("CCPA”).”
1. Collection and Sharing of Personal Information
The company may collect or share information that can directly or
indirectly identify users, such as users or their devices, or
information that can be reasonably connected to users.
- Identifier information: account information (ID), nickname, device
information, email address, access IP, online identifier (cookie,
advertisement ID, other similar tracking technology)
- Commercial information: purchased item (or product), payment and
purchase-related records, purchase history, and purchase trend
information
2. Purpose of collecting personal information
The above personal information is used/shared for the purpose of
improving service quality, providing services, maintaining accounts,
customer response services, identification, advertising, and user
pattern analysis as follows.
- Solving technical problems and improving the company’s service
quality
- User identification for providing the company’s services
- Preventing inappropriate gameplay that can negatively affect other
users
- Customer support such as receiving and responding to customer
inquiries
- Providing information and opportunities to participate in events and
surveys
- Marketing and promotion
- User pattern tracking and trend analysis, and statistical analysis of
service usage
3. Prohibition of personal information sale
The company does not sell and profit from the personal information of
users who use the company's services.
4. No discrimination
The company does not discriminate against users who exercise their
rights under the CCPA.
5. Guidance for California residents
1) Certain authorities may be granted if the user lives in California.
The company is preparing preventive measures to protect users' personal
information to comply with the California Consumer Privacy Act, and
users have the right to request the following information.
- Source and collection purpose of personal information collected over
the last 12 months
- Categories of personal information collected over the past 12
months
- Matters concerning the disclosure of personal information that
occurred within the last 12 months
- Matters concerning the sale of personal information within the last 12
months
- Types of user rights specified in the CCPA and specific methods of
exercising rights
2) Users have the right to request the deletion of personal information
collected by the company.
3) The company does not track website visitors and does not use any
signals for "Do Not Track". Therefore, the company does not monitor or
take any action related to the "Do Not Track" signal or other
mechanisms. For more information on "Do Not Track", please visit
http://www.allaboutdnt.com.
Article 10. Your Right
"Users can view or correct their personal information at any time,
and if users apply for withdrawal from membership or suspension of
processing, the company takes necessary measures without delay."
1. The company can legally process personal information only if one
or more of the following conditions apply.
1) When the user agrees with processing his/her personal information
2) When it is necessary to fulfill the contract concluded with the user
or to provide services - Implementation of a contract with a user,
settlement of charges, provision of services, etc. - Membership
management, identification, etc.
3) When it is necessary to take related measures at the request of the
user
4) When the company needs to process personal information to comply with
legal obligations
- Compliance with relevant laws, legal procedures, government
guidelines, or requirements, etc.
5) When personal information processing is necessary to protect the
important interests of users (or other natural persons)
- Detecting, preventing, or responding, etc. to fraud, abuse, security
risks, and technical problems that may cause damage to users (or other
natural persons)
6) When personal information processing is necessary to perform business
for the public interest or to exercise the company's public authority
7) When personal information processing is necessary for the legitimate
interests pursued by the company or a third party
2. Users can exercise their rights in regard to each of the following
subparagraphs to the company at any time.
Users have access to their personal information and have the right to
correct inaccurate information. If you need additional details on your
rights to exercise or wish to exercise your rights, please refer to our
contact information at the bottom of this privacy policy. However, some
of these rights may be linked to specific legal conditions and may not
correspond with the specific situation of the user.
1) Right of access
Users have the right to confirm that they have access to personal
information processed by the company. If you have any questions about
personal information processing or want to know about the user's
personal information processed by the company, please contact the
company at any time to obtain the information.
2) Right to rectification
Users have the right to request the company to correct inaccurate
personal information. In addition, users have the right to complete
incomplete personal information by providing additional statements.
3) Right to be forgotten
Users have the right to request complete deletion of personal
information and can request deletion from the company. The deletion of
personal information can be done through the customer center (1:1
inquiry) or by selecting to leave the membership or delete the account
on the in-game screen. However, if personal information is destroyed due
to membership withdrawal, related information generated and accumulated
while using the company's game service may be destroyed together.
4) Right to restrict the processing activities
Users have the right to restrict the company's personal information
processing. However, if the user decides to restrict the company's
personal information processing in relation to service provision, the
user may not be able to use the service.
5) Right to data portability
Users have the right to request the company to deliver their personal
information in a structured, commonly used, and machine-readable form,
and to request that such information be transmitted to other
controllers.
6) Right to object
Users have the right to refuse the company to process their personal
information. However, if the user refuses the company's personal
information processing, the use of the company's services may be
restricted.
7) Right to lodge a complaint with a supervisory authority
Users can contact the company at any time to resolve the issue if they
are dissatisfied with the company's personal information processing
method. In addition, users have the right to lodge a complaint with a
supervisory authority at any time.
8) Right to withdraw consent
If the company processes the user's personal information based on the
user's consent, the user has the right to withdraw such consent at any
time. The withdrawal of the user's consent will not affect the
legitimacy of personal information processing based on the consent prior
to withdrawal.
9) Right to automated individual decision-making, including
profiling
The users may request to cease the automated treatment of personal
information, including profiling, which has critical impact or cause
legal effect on them.
If you wish to exercise the rights listed above, please contact
privacy@ndream.com.
Article 11. Matters Concerning the Installation, Operation, and Refusal of an Automatic Personal Information Collection Device
1. The company uses “cookies" to provide customized services to users
or to provide a more convenient website environment, and users may
refuse this.
1) What Are Cookies?
Cookies are very small text files sent to the user's browser by the
server used to run the website, and are stored on the user's computer
hard drive. When a user uses the company's service, the server reads the
contents of the cookies stored on the user's computer to check the
user's information.
2) Purpose of Cookies
The company uses cookies to analyze the frequency of users' access to
services, visit times, and number of visits, identify users' tastes and
interests, and provide personalized services.
3) Saving and Using Cookies
Users have the autonomous right to allow cookies by changing options in
the web browser, go through verification whenever cookie is saved, or
refuse to save cookies. However, if cookies are not allowed, it may be
difficult to use some of the services provided by the company.
4) How to Set Up or Refuse Cookies
Users can
autonomously change the web browser's options to prevent cookies
from being collected through the following path.
- Internet Explorer: [Tools] → [Internet Options] → [Privacy] →
[Advanced] at the top of the web browser
- Chrome: [⋮] at the top right corner of the web browser → [Settings] →
[Privacy & Security] → [Cookies and Site Data]
- Microsoft Edge: [⋮] at the top right corner of the web browser →
[Settings] → [Site Permissions] → [Cookies and Site Data]
※ For other web browsers, follow the configuration method for each
browser.
2. The company can use a variety of external web log analysis tools,
such as Google Analysis, and users can refuse the usage of data
through Google Analysis through the path below.
1) Blocking Google Analytics:
https://tools.google.com/dlpage/gaoptout
※ For other web log analysis tools, follow the rejection method for each
tool.
3. The company allows online customized advertising operators to
collect behavioral information.
1) What is a customized online ad? It refers to a marketing technique
that provides services in consideration of user characteristics by
analyzing online usage behavior and access history.
2) Online customized advertising operators: Google, Facebook, Apple,
AppsFlyer
3) Collected behavioral information: user's website visit history, app
usage, and search history
4) Method of collecting behavioral information: automatic collection
when a user visits a website or runs an app
5) Purpose of collecting behavioral information: providing customized
advertisements based on user interest
6) Duration of retention and use of behavioral information: visits to
web and app sites for 2 years
7) How to reject the collection of advertisement identifiers
Users can choose whether to receive customized advertisements and
autonomously turn off device options to prevent collection of
advertisement identifiers through the following channels.
- Android Operating System (AOS): [Settings] → [Privacy] → [Ads] →
[Delete advertising ID]
- Apple Operating System (iOS): [Settings] → [Privacy] → [Apple
Advertising] → Choose to consent or withdraw
※ The path may differ depending on the OS version.
Article 12. Matters concerning consent and withdrawal of app access rights
"The company
requests the user’s consent to access the functions and information
of the user's mobile device
for the purpose of providing better service, and
the user can withdraw or reset it at any time."
1. Android Operating System (AOS)
1) Android OS version 6.0 or higher
- How to withdraw access by category: [Settings] → [Privacy] →
[Permission manager] → Choose a function → Choose to consent or
withdraw
- How to withdraw access by Apps: [Settings] → [Apps] → Choose your Apps
→ [Permission] → Choose to consent or withdraw
2) Android OS version below 6.0
- Due to the nature of the operating system, access rights cannot be
withdrawn by category. Instead, access rights can be withdrawn by
deleting the app.
※ On mobile devices with Android versions below 6.0, there is a problem
where the user cannot selectively agree with the app's optional access
rights (where installation of the app is automatically considered as
agreement). Therefore, if possible, it is recommended to upgrade the
operating system of the user’s mobile device to Android OS version 6.0
or higher through software update. In addition, even if the operating
system is upgraded, the access rights of existing apps will not be
automatically changed. Therefore it is recommended to delete and
reinstall the app to reset the access rights.
2. Apple Operating System (iOS)
1) How to withdraw access by category: [Settings] → [Privacy] → Choose a
function → Choose a function → Select an app for consent or
withdrawal
2) How to withdraw access by Apps: [Settings] → Choose your Apps →
Choose to consent or withdraw
Article 13. Measures to Secure Safety for Personal Information
"The company is thoroughly implementing the following measures to
secure personal information safety so that users' personal information
is not lost, stolen, leaked, altered or damaged."
However, the company is not responsible for any problems caused by
insufficient security management of the user's device or leakage of
passwords, important information, and personal information due to the
user's carelessness.
1. Technical measures
1) The company encrypts and stores the passwords entered by users when
signing up and personal information designated by related laws in a safe
manner. Only the user can know the encrypted password, check and/or
change the personal information.
2) The company encrypts and protects communication sections within and
outside the company to safely transmit personal information on the
network.
3) The company blocks unauthorized access from outside through an
intrusion blocking system and monitors personal information leakage.
4) The company regularly backs up personal information in case of an
emergency and takes necessary safety measures to prevent users' personal
information from being leaked or altered without permission by hacking
or viruses.
2. Managerial measures
1) The company limits access to personal information to a minimum, and limits the
number of people who can process personal information to the
following persons.
- Person directly in charge of handling user complaints, grievances,
or answering inquiries
- Person who directs, manages, or supervises tasks related to personal
information
- Person in charge of events, promotions, and delivery
- Person in charge of developing, maintaining, or operating a personal
information processing system
- Person who inevitably processes personal information during other
business processes
2) The company regularly provides mandatory annual training on personal
information protection to the personnel and subcontractors who process
personal information.
3) The company is doing its best to check the implementation of this
privacy policy and compliance with personal information protection
through in-house (personal) information protection organizations, so
that if any problems are found, they are fixed as soon as possible.
3. Physical measures
1) The company keeps documents or removable storage media containing
personal information in a safe place with locks.
2) The company has established access control procedures, and restricts
physical access to the personal information processing system.
Article 14. Contact Us
If you have any opinions, questions, or complaints related to the
company's privacy policy and practices, you can contact the company
through one of the following channels:
- Department: Customer Center
- Email: support@ndream.com
In order to safely manage users' personal information, the company
designates a person in charge of personal information protection as
follows.
- Name: HAN SEO CHO
- Position: Data Protection Officer & Chief Privacy Officer
- Email : privacy@ndream.com
- Phone : 02-2088-7020
- Address : West Building 16F, 135, Jungdae-ro, Songpa-gu, Seoul,
Republic of Korea
Article 15. Others
The company may provide links to other companies' websites or materials. If you access another website by clicking the link provided by the company, please check the privacy policy on that website because this privacy policy is not effective in that website.
Article 16. Changes in the Privacy Policy
Due to various reasons such as changes in laws and regulations,
services, business environments, and technical issues, the company may
revise this privacy policy on a regular basis.
Addendum
This privacy policy will take effect on Jan 23, 2024.