Xpike Group Co., Ltd. (hereinafter referred to as the "Company") establishes this privacy policy (hereinafter referred to as the "Privacy Policy") in accordance with Article 30 of the Personal Information Protection Act to do its utmost to protect users' personal information and to inform the data subjects for what purpose and in what manner their personal information is being processed by disclosing the Privacy Policy.
The Privacy Policy has the following important meanings:
- The Company informs users through the Privacy Policy about the details of the personal information it collects, how it is used, to whom it is provided or entrusted, and how it is destroyed.
- Users have legal rights to their personal information, including the right to self-determination of personal information. The Privacy Policy guides how to exercise these legal rights to personal information.
- It also provides guidance on how to prevent personal information infringement incidents and how to recover damages if an incident has already occurred.
【Purpose of Processing Personal Information】
The Company processes personal information for the following purposes.
Membership Registration and Management
Personal information is processed for the purpose of confirming the intention to sign up for membership, identifying and authenticating oneself for membership services, maintaining and managing membership status, preventing fraudulent use of services, confirming the consent of a legal representative when processing the personal information of children under 14, various notices and notifications, and preserving records for dispute resolution.
Provision of Goods or Services
Personal information is processed for the purpose of delivering goods, providing services, sending contracts and invoices, providing content, providing customized services, identity verification, age verification, payment and settlement of fees, debt collection, and providing services related to points and virtual assets.
Grievance Handling
Personal information is processed for the purpose of identifying the complainant, confirming the details of the complaint (inquiries or handling of complaints, etc.), contacting and notifying for fact-finding, and notifying the processing results.
Use for New Services and Marketing
Personal information is processed for the purpose of providing services optimized for members, recommending customized content based on estimating members' interests and preferences, developing new services and products, providing event information and promotional information for marketing and promotion, identifying access frequency, and establishing and improving a service environment from a privacy protection perspective.
Provision of Data in Accordance with Relevant Laws
Provision of data to fulfill legal obligations in and/or outside the Republic of Korea.
Personal information is processed for the purpose of providing data in accordance with relevant laws, such as providing data for criminal investigations by prosecutors/police, providing data in response to damage reports, providing tax data upon request from tax authorities, and providing data for identity verification by banks.
Personal information will not be used for purposes other than those specified in the preceding paragraph, and if the purpose of use is changed, necessary measures such as obtaining separate consent will be implemented in accordance with Article 18 of the Personal Information Protection Act.
【Processing and Retention Period of Personal Information】
Personal Information Items Collected by the Company
Personal information items collected as mandatory during the service use process (Required items)
| Category | Personal Information Item | Note |
|---|---|---|
| Membership Registration | When signing up via mobile: date of birth, gender, mobile phone number, security password, address,[object Object],When signing up via SNS (KakaoTalk, Naver, Facebook): login information identification value, SNS profile picture, mobile phone number,[object Object],When signing up via Apple: Apple ID, login information identification value,[object Object],When signing up via Kakao Klip wallet: wallet address | |
| Identity Verification | Copy of ID card, account number, copy of bankbook | |
| Partner Alliance | Company name, contact number, email address, business registration number, contact person name, password, payment account holder name, bank name, account number | |
| 1:1 Inquiry, Customer Service Use | Email address, mobile phone number | |
| Corporate Service Application | Company name, business registration number, contact person information (name, mobile phone number, email address) | |
| Use of Virtual Asset Related Services | Virtual asset wallet address |
Information collected with the user's separate consent during the service use process (Optional items)
| Category | Personal Information Item | Note |
|---|---|---|
| Service Use | User's visit history and activity log within the service |
Information automatically generated and collected during service use and processing
| Personal Information Item | Note and Retention Period |
|---|---|
| Service use record, access log, cookie, access IP information (IP Address, access time), ADID/IDFA, transaction record, mobile device identification number when using a mobile device, terminal OS information, Push reception status, user's browser type, user setting information | Until user withdrawal or the time specified by law |
Method of Collecting Personal Information
- During membership registration, member information change, and service use
Basis and Period of Retention
- Basis of Retention: User's consent
- Retention Period: Until the user requests withdrawal and revokes consent to personal information. However, if there is a record of fraudulent use or suspected fraudulent use by the user in accordance with the Company's terms and conditions, the Company will store it for 5 years from the time of collection and then destroy it, despite the user's request for withdrawal and revocation of consent to personal information.
Notwithstanding the Company's privacy policy, information that must be stored in accordance with relevant laws as follows will be stored for the period specified by the law.
| Legal Basis | Content | Retention Period |
|---|---|---|
| Act on Consumer Protection in Electronic Commerce, etc. | Records on contracts or withdrawal of offers, etc. | 5 years |
| Records on payment and supply of goods, etc. | 5 years | |
| Records on consumer complaints or dispute resolution | 3 years | |
| Records on display/advertisement | 6 months | |
| Electronic Financial Transactions Act | Records on electronic financial transactions | 5 years |
| Protection of Communications Secrets Act | Service visit records | 3 months |
【Provision of Personal Information to Third Parties】
The Company does not provide personal information to third parties or disclose it to the public without the user's consent, and processes it only within the scope of the purposes specified in this Privacy Policy.
Notwithstanding the preceding paragraph, the Company provides personal information to third parties or discloses it to the public in the following cases.
- When the user has given prior consent
- When necessary for statistical purposes, academic research, or market research, provided in a form that does not identify a specific individual
- When reasons such as business transfer or merger occur (However, if the user's personal information needs to be transferred due to reasons such as business transfer, the Company will notify the user of the fact of the personal information transfer in advance in accordance with the procedures and methods stipulated by relevant laws, and grant the user the right to withdraw consent to the personal information transfer.)
- When it is clearly recognized as necessary for the urgent life, body, or property interests of the data subject or a third party, where the data subject or their legal representative is unable to express their intention or prior consent cannot be obtained due to an unknown address, etc.
- When there are special provisions in other laws
In order to provide various benefits, the Company provides personal information to third parties after notifying the user of the "recipient of personal information, purpose of provision, items of personal information provided, and the recipient's retention/use period" and obtaining explicit and individual consent. The third parties to whom the Company provides personal information are as follows.
| Service Content | Recipient | Purpose of Provision | Personal Information Items Provided | Retention/Use Period |
|---|---|---|---|---|
| Virtual Asset Wallet Service | Ground X Co., Ltd. | Anti-money laundering, provision of deposit/withdrawal services (provided upon data request) | Name, gender, mobile phone number, date of birth, address, bank name, account number, account holder name, transaction history | Until membership withdrawal or termination of the partnership agreement |
In the case of the preceding paragraph, the user may not consent to the provision of personal information, and even if they do not consent, there are no disadvantages other than being unable to use the corresponding service.
【Rights and Obligations of Data Subjects and Legal Representatives and How to Exercise Them】
Users (data subjects) and their legal representatives may exercise the following personal information protection rights against the Company at any time. However, rights may be restricted in accordance with Article 35, Paragraph 4, Article 36, Paragraph 1, Article 37, Paragraph 2 of the Personal Information Protection Act and other relevant laws, and the right to request deletion or suspension of processing may be restricted for personal information specified as a collection target in other laws.
- Request to view personal information
- Request for correction if there are errors
- Request for deletion, request to stop processing (withdrawal of consent for collection and use, cancellation of membership)
The rights under the preceding paragraph can be exercised in the manner shown in the table below, and the Company will take action without delay. In addition, users can do so by sending a written document or email to the Company in accordance with Form No. 8 of the Enforcement Rule of the Personal Information Protection Act.
| Category | Method |
|---|---|
| View Personal Information | Click on "My Page" to view |
| [object Object] | [object Object] |
| Withdraw consent for collection and use, cancel membership | Click "Withdraw Membership" to cancel |
The exercise of rights under this article may be done through a legal representative of the data subject or an agent who has been delegated. In this case, a power of attorney in accordance with Form No. 11 of the Enforcement Rule of the Personal Information Protection Act must be submitted.
When a user exercises their rights under this article, the Company confirms whether the person making the request is the principal or a legitimate representative (legal representative, etc.).
You may refuse to consent to the collection and use of personal information, and if you refuse, identity verification will be restricted.
【Destruction of Personal Information】
In principle, the Company destroys the personal information without delay when the purpose of processing the personal information has been achieved. However, if separate consent has been obtained from the user or if other laws impose a retention obligation for a certain period, it will be stored separately from other personal information for that period.
In accordance with the Information and Communications Network Act, in the case of a member who has no usage record for one year, the personal information of the member is stored separately from the personal information of active members.
The procedure, deadline, and method for destroying personal information are as follows.
- Destruction Procedure
The information entered by the user is transferred to a separate DB (or separate documents in the case of paper) after the purpose is achieved and is stored for a certain period or immediately destroyed in accordance with internal policies and other relevant laws. At this time, the personal information transferred to the DB is not used for any other purpose unless required by law. - Destruction Deadline
The user's personal information will be destroyed within 5 days from the end of the retention period if the retention period has elapsed, and within 5 days from the date it is recognized that the processing of personal information is unnecessary, such as when the purpose of processing personal information is achieved, the service is abolished, or the business is terminated. - Destruction Method
Information in the form of electronic files uses a technical method that cannot reproduce the record. Personal information printed on paper is destroyed by shredding with a shredder or through incineration.
【Personal Information Protection Officer】
The Company has designated a Personal Information Protection Officer as follows to take overall responsibility for matters concerning the processing of personal information and to handle complaints and remedy damages of data subjects related to the processing of personal information.
| Personal Information Protection Officer | |
|---|---|
| [object Object] | Yeomyeong Kim |
| [object Object] | Personal Information Protection Officer |
| [object Object] | |
| [object Object] | manager@xpike.app |
Users can inquire with the Personal Information Protection Officer about all personal information protection-related inquiries, complaint handling, damage relief, etc., that occurred while using the Company's services. The Company will respond to and handle the inquiries of data subjects without delay.
The responsibility for maintaining the security of the ID and password related to the user's personal information lies with the user. The Company will not ask the user directly for their password in any way, so please be especially careful not to let your password be leaked to others. You should be especially careful when connected online in public places.
Despite the technical supplementary measures taken by the Company, the Company is not responsible for the destruction of information due to unexpected accidents caused by network risks such as hacking using advanced technology.
【Installation, Operation, and Refusal of Devices that Automatically Collect Personal Information such as Internet Access Information Files】
The Company may use cookies to provide web-based services. Cookies are small data packets that the server used to operate the website sends to the user's browser and are stored on the user's hard disk.
- Purpose of Using Cookies
Cookies store user's preferred settings, etc., to support a faster web environment for the user and are used to improve services for convenient use. Through this, users can use the service more easily. - Installation, Operation, and Refusal of Cookies
Users have the option to install cookies and can refuse or delete the storage of these cookies at any time. - Example of How to Refuse Cookie Settings
- Internet Explorer : Select Tools menu > Select Internet Options > Click Privacy tab > Advanced Privacy Settings > Set Cookie Level
- Chrome : Select Settings menu > Show Advanced Settings > Privacy and Security > Select Content Settings > Set Cookie Level
- Safari : Select Preferences menu > Select Privacy tab > Set Cookie and Website Data Level
The Company collects and uses the user's ADID/IDFA.
- Purpose of Using ADID/IDFA
It is used to provide optimized customized services and benefits to users, such as online customized advertising. - Method of Collecting ADID/IDFA
It is automatically collected when the user visits/runs the app. - Retention/Use Period of ADID/IDFA
1 year from the date of collection - Refusal to Collect ADID/IDFA
- Android OS: Settings->Google(Google Settings)->Ads->Opt out of Ads Personalization
- iOS: Settings->Privacy->Advertising->Limit Ad Tracking
【Measures to Ensure the Safety of Personal Information】
The Company values the user's personal information and is taking the following technical/managerial and physical measures to ensure safety in accordance with Article 29 (Duty of Safety Measures) and Article 48-2 (Special Provisions on Safety Measures for Personal Information) of the Personal Information Protection Act.
- Establishment and Implementation of Internal Management Plan
The Company establishes and implements an internal management plan that includes matters concerning the designation of a personal information protection officer, the roles and responsibilities of the personal information protection officer and personal information handlers, measures necessary to ensure the safety of personal information, education for personal information handlers, and other matters necessary for personal information protection. - Technical Measures Against Hacking, etc.
The Company installs security programs to prevent personal information leakage and damage from hacking or computer viruses, performs periodic updates and checks, installs the system in an area with controlled external access, and monitors and blocks it technically/physically. In addition, it stores access records in a separate secure space to prevent forgery and alteration. - Encryption of Personal Information
The user's personal information is encrypted, stored, and managed, so only the user can know it, and important data uses separate security functions such as encrypting files and transmission data or using a file lock function. - Access Control for Personal Information
The Company takes necessary measures to control access to personal information through granting, changing, and revoking access rights to the database system that processes personal information, and controls unauthorized access from the outside using an intrusion prevention system. - Use of Locking Devices for Document Security
Documents containing personal information, auxiliary storage media, etc., are stored in a secure place with a locking device. - Access Control for Unauthorized Persons
A separate physical storage location for personal information is maintained, and access control procedures are established and operated.
Along with the Company's measures as described above, users must also be careful not to expose their passwords, etc., to third parties. In particular, you should be careful not to let your password be leaked through PCs installed in public places, and it is important to change your password regularly.
【Personal Information Counseling and Reporting】
If you need counseling regarding personal information infringement, you can inquire at the Personal Information Infringement Report Center, the Cyber Crime Investigation Division of the Supreme Prosecutors' Office, or the Cyber Safety Bureau of the National Police Agency.
- Personal Information Infringement Report Center (operated by the Korea Internet & Security Agency)
- Responsibilities: Reporting personal information infringement, applying for counseling
- Website: http://privacy.kisa.or.kr
- Phone: (no area code) 118
- Address: 3F, 9, Jinhung-gil, Naju-si, Jeollanam-do (58324) (Bitgaram-dong 301-2) Personal Information Infringement Report Center
- Personal Information Dispute Mediation Committee (operated by the Korea Internet & Security Agency)
- Responsibilities: Applying for personal information dispute mediation, collective dispute mediation (civil resolution)
- Website: https://www.kopico.go.kr
- Phone: 1833-6972
- Address: 4F, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul (03171)
- Cyber Investigation Division, Supreme Prosecutors' Office
- Website: http://www.spo.go.kr
- Phone: (no area code) 1301
- Cyber Safety Bureau, National Police Agency
- Website: http://cyberbureau.police.go.kr
- Phone: (no area code) 182
【Responsibility for Linked Sites】
The Company may provide users with links to other external sites. In this case, since the Company has no control over the external sites, it cannot be held responsible for or guarantee the usefulness, truthfulness, or legality of the services or materials provided by the external sites, and the privacy policy of the linked external sites is not related to the Company, so please check the policy of the corresponding external site.
【Revision of the Privacy Policy】
This Privacy Policy will be effective from April 26, 2024.
The Company may amend the Privacy Policy for purposes such as reflecting changes in laws or services.
If the Privacy Policy is changed, the Company will post the changes, and they will take effect 7 days from the date of posting.
You can check the previous Privacy Policy below.
【Additional Information on Playtime (adjoe) Service】
Playtime (adjoe) is a third-party feature integrated into the Company's app that allows users to earn in-app currency by playing third-party games and collects user's application usage data. The purpose of data processing is to recommend installable apps within Playtime that match the user's interests through system messages and to calculate the bonuses earned as a result of using the corresponding apps. For more details, please refer to the Playtime (adjoe) Data Privacy.
The main contents of the Xpike Group Privacy Policy are as above, and more detailed information or changes can be found on the Company's website. Xpike Group, which values users' personal information, will do its best to protect personal information through continuous improvement and thorough management.