Sundaytoz Privacy Policy

Sundaytoz (hereinafter referred to as "the Company") abides by the related statutes of the privacy protection act and the law regarding the promotion of information and communication network use and protection of information. As an IT service provider, the Company also abides by the relevant matters of the personal information protection laws. Further, the Company is protecting the users interests to the Company's best of abilities by defining this Privacy Policy.

This Privacy Policy applies to all game and related services (hereinafter referred to as "services") provided by the Company. This Privacy Policy details how the user's personal information is collected, used and what steps the Company is taking for the protection of the user's personal information.

The user has the right to refuse the collection, use, relaying and entrusting of his/her personal information. By refusing, the user may not or only partly make use of the Company's services. 

1. How we collect and use your information
The user's personal information is used to distinguish the user inside one of the Company's services (including partly provided information which can be cross-referenced with other information in order to establish a distinguished user profile). The collected personal information is used by the Company for the following purposes:

A. Providing services and payment collections
Friend invites, friend recommendations, gifting items, view game rankings, play with other users, purchase and payment of items, notification services

B. User management
User authentication for the use of the service, distinction of user for the provided service, identification and prevention of misconduct members and bot-abuse, intent to join, intent to withdraw, authenfication and archiving for the sake of conciliation of disputes, complaint and civil affairs handling, delivering matters subject to notification

C. Development of new services, use for advertisement and marketing purposes
Offering newly developed services, targeted services and advertisements, checking the validity of the service, offering information on events, advertisements and a chance to participate, retention data, general statistics on the use of the relevant service

2. Provision and collecting method of personal information

A. Provision of personal information
1) For the sake of an optimized service, the Company receives and collects the following information from the platform provider when the service is used.
- The user's nickname (name), member identifcation number, friend list, profile picture which is used in the platform provider's service
2) During use of the service or transactions process, the following information may be collected.
- History of service use, connection log, history of misconduct, carrier information, OS and device information, locale information, purchase history

B. Collection method of personal information
The Company collects the personal information using the following methods:
- Homepage, application, written form, fax, phone, customer support message board, email, event participation
- From partner companies
- Collection via a generated information collection tool

3. Providing and sharing of personal information
The Company will use the user's personal information only within the boundaries defined in "How we collect and use your information", and will neither extend beyond said boundaries nor disclose the user's personal information without the explicit consent of the user. However, in the cases below, the personal information may be carefully used or provided to external parties.

A. The user explicitly gives the Company his/her consent
Prior to the collection or offering of the user's information, the user is informed of the collection, which partner his/her information will be provided to, what information is required and how long the information will be stored. The user's consent will be requested, and he/she has the right to refuse, in which case the additional information will neither be collected nor made available publicly.

B. A specific legal regulation or the legal request of an investigative agency to disclose the information, following the correct legal procedures

4. Storage and use duration of personal information
As a general rule, the user's personal information is destroyed without delay once the purpose of the collected data has been fulfilled. However, the following information is stored for a specified time due to reasons detailed below, and the information is used for this purpose only.

A. Record of agreement and/or withdrawal from the agreement
- Reason of storage: legally obligated to store the information, based on the e-commerce consumer protection laws
- Duration: 5 years

B. Purchase payment item providing records
- Reason of storage: legally obligated to store the information, based on the e-commerce consumer protection laws
- Duration: 5 years

C. Customer complaint and dispute records
- Reason of storage: legally obligated to store the information, based on the e-commerce consumer protection laws
- Duration: 3 years

D. Connection logs
- Reason of storage: Protection of communication secrets act
- Duration: 3 months

E. The Company's internal data storage policy
- Stored data: misconduct records
- Reason of storage: Prevention of misconduct
- Duration: 1 year

5. Deletion procedure of personal information
As a general rule, the user's personal information is destroyed without delay once the purpose of the collected data has been fulfilled; the procedure of said deletion is as follows. However, personal information of users who have not been using the service for longer than 1 year are stored separately in accordance with the law regarding the promotion of information and communication network use and protection of information.

A. Deletion procedure
Once the purpose of the provided user information has been fulfilled, the information is transferred to a separate database, where it is being stored for a specified time in accordance with the Company's internal policy and the relevant statutes, until the information is destroyed. Unless legally requested, the storing of the information serves no other purpose than being stored as records. 

B. Deletion method
Personal information on paper will be either destroyed with a shredder or manually ripped to pieces, while electronic information will be permanently deleted.

6. Rights and exercise method of the user or the legal representative
Both the user and the legal representative have the right to view or/and make changes to their own or their at most 13 years old minor's personal information at all times, via the platform or appstore provider. Also, the agreement may be withdrawn from at all times by accessing the "withdraw" function in the settings of the App.

The user's (or minor user's) personal information can be accessed via the platform or appstore provider. By selecting "delete account", the user can view, edit his/her information or choose to withdraw from the service. Should the company wish to access personal information it does not possess, the company must be able to compare its data with the registration records and personal information of the platform- or appstore provider in order to verify an user's identity.

Should an user request a correction of his/her faulty personal information, the company will refrain from using or providing said information until the correction has been completed.

Withdrawn or destroyed personal information of either user or legal representative are processed in accordance with "4. Storage and use duration of personal information", and are kept with no possibility to neither view nor use.

7. Handling of personal information
In order to provide professional customer support, the Company entrusts the management of the users' personal information to external service providers, as shown below. When the company signs a contract with such a service provider, the contract contains detailed obligations of service provider, explicitly forbidding the disclosure of personal information and clearly defining liabilities in case of a mistake.

Entrusted company Entrusted responsibility Duration of storage and use
(주)대성물류 Delivery of event prizes Until user's withdrawal from the agreement
or the end of the business relationship with the entrusted company
CJ 대한통운(주) Delivery of event prizes

8. Installation of automated collection of personal information/Matters of operation and refusal

A. In order to provide a personalized and tailored service, the Company reserves the right to use cookies, which save the user's information and gains access to it constantly. Cookies are very small text files which are sent from the servers to the user's browser, and are saved on the computer's hard disk while operating websites. When the user revisits the website, the website server gains access to the cookie, reads the text file and maintains the user's settings and provides the user with a personalized service.

B. Cookies do neither actively nor automatically collect the user's distinctive information, and the user may refuse the storing of cookies or delete them completely at any given time. However, deleting the cookies may restrict or completely block the user from using the Company's service.

C. For "Internet Explorer", the settings of cookies can be found here.
"Tools" -> "Internet options" -> "Personal information tab" -> "Personal information settings"

9. Policy on administrative and technical protection of personal information
To protect the user's personal information and keep it from being lost, stolen, leaked, falsified or damaged in any way, the Company takes the following technical/administrative measures.

A. Technical measures
- The Company protects the user's personal information by applying security measures in accordance with the related statues and the Company's internal policy.
- The Company uses an anti-virus program to prevent damages caused by virus infections. The anti-virus program is kept up-to-date regularly, and is also subject to hotfixes, should a new virus emerge, keeping the personal information safe from external access.
- The Company safely stores and manages the user's personal information, and has security measures in place for safe transmission of personal information through the network.
- The Company uses protective software to prevent and defend against external invasive actions in order to protect the user's personal information, and always monitors the software for potential invasion.

B. Administrative measures
- The Company has created a set of rules (framework) on the creation of passwords, changing it and access rights for the "database and the personal information system" so the responsible employee of the Company can act according to said rules.
- The Company strictly monitors and restricts the employee responsible for the personal information, and regularly trains said employee in the conduct of the Company's Privacy Policy.

10. Contact of the personal information administrator
The user has the right to file a "personal information protection"-related civil complaint while using the Company's service. The Company will reply quickly and earnestly to such complaints.

[Personal information administrator]
- Name: Young Eul Kim
- Position: COO / Head of operations
- Phone: 1800-6855
- email: privacy@sundaytoz.com

In case you require customer support or wish to file a complaint regarding a violation of your personal information, please contact the institutions below.

- Centre for invasion of personal information(privacy.kisa.or.kr / 118) 
- Supreme (Public) Prosecutors' Office, cybercrime unit (www.spo.go.kr / 1301) 
- National Police Agency, cyber security administration (www.ctrc.go.kr / 182) 

[Additional clause]

  1. Should the Privacy Policy be changed in any way, the Company will inform the user of the reasons of said changes, along with the effective date at least 7 days prior to the effective date. The information will be posted until 1 day before the effective date in the relevant service. Should grave changes regarding the users rights and/or obligations occur, the user will be notified at least 30 days in advance.
  2. Should the user not express his/her refusal when the Company announces the changes to its Privacy Policy in accordance to 1. until the effective date, it will be regarded as the user's consent to the changes of the Privacy Policy.
  3. Should the Company wish to collect additional information from the user or wish to provide the user's information to a third party despite 2., the Company will request consent of the user separately.