Privacy Policy
This Privacy Policy is intended to describe the methods and the purposes for collecting and using the personal information of users during the use of the websites, mobile apps, software (including games and game-related applications), and other services (hereinafter referred to as the “Services”) operated by The Origin Inc. (hereinafter referred to as “the Company”). This Privacy Policy also includes details of the measures taken by the Company to protect such personal information.
This Privacy Policy is part of the Terms of Use of the Company and all capitalized terms shall have the same meanings as defined in the Terms of Use.
There shall be restrictions on all or parts of the Services in the event a user does not agree to the Terms of Use or this Privacy Policy.
This Privacy Policy has been established in accordance with the Korean Personal Information Protection Act and strives to comply with international standards while providing the aforementioned Services.
Article 1 (Processing of Personal Information)
The Company shall collect and provide the personal information of users for various purposes, including providing, maintaining, and improving its Services. In general, the Company shall retain a user's personal information for the period necessary for the purposes indicated in this Privacy Policy. Accordingly, the retention period shall vary depending on the type of information and the reason for the retention, and the Company shall retain personal information even after a user deletes his/her account or discontinues the Services to comply with legal obligations, regulatory requirements, dispute resolutions, and the prevention of fraud.
Article 2 (Collected Personal Information, Collection Methods, and Purposes of Use)
The Company shall collect only the minimum information necessary for providing its Services, and likewise, shall collect and use such personal information only for purposes permitted by law. However, generated information such as device information shall be automatically collected during the use of the Services.
1. Collection Methods of Personal Information
Personal information shall be collected when users directly input his/her personal information for the use of the Services provided by the Company, participate in events and promotions, or through separate consent procedures during the collection and use processes of the Services. Additionally, personal information shall be collected through cooperative partners and partnership platforms when separate consent is required.
2. Purposes of Use of Personal Information
The Company shall use the personal information of users only for the following purposes and shall not use the personal information of users for any other purpose without prior consent.
3. Collected Personal Information and Purposes of Use
|
Services |
Collected Information |
Required/ Optional |
Purpose of Use |
|
Game Services |
Account sync information via external platforms |
Required |
Use of game services |
|
Customer Support Center Inquiries |
Email address, mobile phone number |
Required |
Personal identification and contact details |
|
Name, nickname (for games), other information required for inquiries |
Optional |
To confirm nature of inquiries |
Article 3 (Retention and Use Period of Personal Information)
The Company shall continuously retain and use the personal information of users during his/her use of the Services provided by the Company for the purpose of providing the same, and shall promptly destroy the personal information once the purpose for the collection and use of such information has been achieved. However, in the event a user terminates from use of the Services, the Company shall retain his/her personal information for a certain period of time to resolve any user complaints and disputes and to handle any unwanted withdrawals due to the illegal use of personal information. Additionally, if there is a need to retain user information for a certain period of time as required by relevant laws and regulations, the Company shall retain such information for that specified period.
Information collected for events and promotions shall be retained for a maximum of six (6) months, but the retention period shall vary for each event. The retention periods indicated on individual event pages will take precedence.
|
Laws Relevant to the Retention of Personal Information |
Relevant Logs |
Period of Retention |
|
Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, Etc. |
Records regarding withdrawals from contracts or subscriptions, payments, supply of goods, etc. |
5 years |
|
Records regarding consumer complaints or the handling of disputes |
3 years |
|
|
Protection of Communications Secrets Act |
Log records for usage |
3 months |
Article 4 (Procedure and Methods for Disposing of Personal Information)
1. Disposal Procedure
Personal information provided by users for the use of Services and other purposes shall be transferred to a separate database (or a separate file for paper documents) after its purpose has been achieved and shall be stored for the period in accordance with internal policies and other relevant laws for information protection (refer to Retention and Use Period of Personal Information) before being destroyed.
Personal information transferred to the separate database shall not be used for any purpose other than those specified unless required by law.
2. Disposal Method
Personal information stored in electronic file format shall be destroyed using technical methods that make it impossible to reproduce, while personal information printed on paper shall be shredded or incinerated.
Article 5 (Separate Storage and Management of Personal Information from Long-Term Inactive Accounts)
The personal information of users shall be disposed of if his/her accounts have been inactive for one (1) year. However, until the retention period specified by other laws has expired, the Company shall store/manage such personal information separately from the personal information of other users.
In such event, the users of any inactive accounts shall be informed of the fact that his/her personal information will be destroyed, the expiration date of the retention period, and the details of the personal information to be destroyed through email or other means of available communication, at least thirty (30) days before the actual disposal.
Article 6 (Outsourcing and Overseas Transfer of Personal Information Processing)
The Company shall consign the following processing of personal information to ensure the uninterrupted delivery of Services and for personal information-related tasks. The Company shall stipulate matters necessary for securely managing personal information when entering into outsourcing agreements in accordance with relevant laws. Additionally, certain personal information shall be consigned to and stored by overseas companies when necessary to provide Services and enhance user convenience.
|
Consignee |
Consigned Tasks |
Period of Retention and Usage |
|
- |
- |
- |
The Company operates its business in various jurisdictions and all information provided by users can be transmitted to or accessed from Korea or worldwide, as described in this Privacy Policy.
By using the Services provided by the Company or by providing personal information to the Company, users consent to the international transmission and processing of his/her information. When transferring personal information to external sources, the Company shall implement technical and physical safeguards for the protection of personal information.
Article 7 (Providing Personal Information to Third Parties)
The Company shall only use the personal information of users within the scope notified and provide the personal information of users to third parties in events necessary for the provision of the Company’s Services, calculation of payment for the provided Services, when a user has given consent, or when there are specific provisions under the law. The Company shall not provide the personal information of users to third parties other than those mentioned.
|
Recipient |
Purpose of Provision |
Provided Information |
Period of Retention and Usage |
|
- |
- |
- |
- |
Article 8 (Minors)
Without parental consent or as permitted by relevant laws, the Company shall not knowingly collect or sell the personal information of children under thirteen (13) years of age (sixteen (16) years of age in Europe or the age defined by relevant laws). If awareness arises regarding a minor’s provision of personal information to the Company, after informing the Company of such, the Company shall fully cooperate to resolve the issue.
Article 9 (Nevada Privacy Information Protection Management)
Nevada residents by submitting a verified request shall have the right to submit verified requests instructing the Company not to sell his/her personal information. If a Nevada resident wishes to submit such a request, the request can be submitted via the contact details provided by the Company in this Privacy Policy.
Article 10 (California Consumer Privacy Act (CCPA))
The Company shall comply with the California Consumer Privacy Act (CCPA).
1. Personal Information Collected/Shared for Business Purposes
The Company shall collect/share the following categories of information that may directly or indirectly identify a user or be reasonably linked to a user for business purposes:
1) Identifiers: Nicknames, unique identifiers, online IDs, IP addresses, email addresses, account names, or similar IDs
2) Commercial Information: Purchased/acquired/collected items or services, other records related to purchases, consumption history, or tendencies
3) Geolocation Data: Geographical location data such as the country of residence
2. Purpose of Collection
The above personal information shall be collected/shared for purposes such as improving the quality of Services, providing Services, maintaining accounts, user support services, user verification, advertising, and user pattern analysis.
1) Resolving technical issues and improving the quality of Services
2) Individual user identification for providing Services
3) Technical protection against unauthorized use of Services
4) Prevention of inappropriate gameplay that may negatively impact other users of the Services
5) Providing customer support for collecting and responding to customer inquiries regarding Services
6) Providing information about Company events and surveys, opportunities to participate in Company events and surveys, and using them for Company advertising and other marketing and promotional purposes
7) Tracking usage patterns, analyzing user trends, and calculating statistics on the use of Services
3. Prohibition of Personal Information Sales
The Company shall not “sell” the personal information of users of the Services for monetary gain or any specific benefit to the Company.
4. Non-Discrimination
The Company shall not discriminate against users who exercise his/her rights under the CCPA.
5. California Consumer Privacy Act
1) California residents shall have the right to receive a description of the categories of personal information used by the Company or its service providers for identity verification information and the categories of personal information used for marketing purposes.
2) After receiving a request for information disclosure that meets the requirements, the Company shall provide the following information:
(1) Categories of personal information about the requester that the Company has collected in the past twelve (12) months
(2) Categories of sources from which personal information was collected in the past twelve (12) months
(3) Categories of personal information shared with service providers by the Company
(4) Business/commercial purposes for which selected personal information was collected and shared by the Company in the past twelve (12) months
(5) Specific pieces of personal information collected by the Company in the past twelve (12) months
(6) Explanation of the categories of personal information that the recipient collected and used if the user's personal information was disclosed in the course of business
3) California residents shall have the right to request the deletion of his/her personal information the Company has collected and stored subject to certain exceptions. Upon receipt and verification of such a request, the Company shall delete the relevant personal information unless an exception under the CCPA applies.
Article 11 (Lawful Processing of Personal Data under the GDPR)
Processing personal information by the Company shall be lawful only if and to the extent that at least one of the following applies.
1. A user has given consent to the processing of his or her personal information.
2. Processing is necessary for the performance of a contract to which a user is party or in order to take steps at the request of a user prior to entering into a contract:
1) Member management, identification, etc.
2) Performance of a contract in relation to providing the services required by users, payment and settlement of fees, etc.
3. Processing is necessary for compliance with a legal obligation to which the Company is subject
1) Compliance with relevant law, regulations, legal proceedings, requests by the government
4. Processing is necessary in order to protect the vital interests of users, or other natural persons
1) Detection of, prevention of, and response to fraud, abuse, security risks, and technical issues that may harm users or other natural persons
5. Processing is necessary for the performance of a task carried out in the public interest or in the excise of official authority vested in the Company
6. Processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child).
Article 12 (User’s right when applying GDPR)
The users or their legal representatives, as main agents of the information, may exercise the rights regarding the collection, use and sharing of personal information by the Company. Details can be found in "Article 13. rights and exercise method of user and legal guardian”, and for requests for rights, please send an email to support@theorigin.kr
Article 13 (Rights of Users and Legal Guardians and the Method of Exercising Such Rights)
Users and legal guardians shall have the right to withdraw his/her consent (revoke) to the provision of personal information at any time. To revoke consent for any provided personal information, users can click or tap the Delete Account button within the Services. However, if a user's personal information is destroyed upon deletion, any related information generated or accumulated while using the Company's Services shall also be deleted.
Users can contact the Privacy Compliance Officer in writing or via email (support@theorigin.kr) to request personal information retrieval, modification, and other necessary actions. However, the Company shall have the right to refuse to disclose or modify a user's personal information, in whole or in part, if there are legitimate causes for such a refusal. In such events, the user will be notified of the refusal and the justification thereof.
If a user requests the correction of a personal information error, the selected personal information shall not be used or provided until the correction is complete. Furthermore, if incorrect information has already been provided to third parties, the correction will be promptly notified to third parties.
Any personal information that the Company has deactivated or deleted in response to a user or legal guardian's request shall be handled in accordance with Article 4. The collected personal information shall not be opened or used for retention or other purposes.
Article 14 (Installation, Operation, and Rejection of Automatic Collection Devices of Personal Information)
1. The Company shall use “cookies,” which are small text files sent by a server operating the Company's website to a user's device, computer hard drive, or browser, to store and retrieve user information as needed. When users use the Company's Services, the server shall read the contents of the cookies stored on the user's device or hard drive, verify the user information, and provide personalized services.
2. Users shall have the right to choose regarding the installation of cookies. Users shall have the right to decide whether to allow or delete cookies in his/her device settings. However, by choosing not to use cookies, issues may arise when using Services requiring a login.
3. Cookie Settings
1) Internet Explorer: [Tools] → [Internet Options] → [Privacy] → [Advanced] in the top menu of the web browser
2) Chrome: The [⋮] icon in the upper right corner of the web browser → [Settings] → [Privacy and Security] → [Cookies and other site data]
Article 14 (Security Measures for Personal Information Protection)
The Company shall take the following measures to ensure the security of personal information.
1. Administrative Measures: Establishment and implementation of internal management plans, operation of dedicated organizations, regular employee education
2. Technical Measures: Access rights management for personal information processing systems, installation of access control systems, encryption of personal information, installation and updating of security programs
3. Physical Measures: Access control of computer rooms, data storage rooms, etc.
Article 15 (Changes to the Privacy Policy)
This Privacy Policy shall be amended at any time due to changes in applicable laws, guidelines, or internal Company policies. In the event of such changes, appropriate notifications shall be made.
Article 16 (Privacy Compliance Officer)
The Company is responsible for overseeing the handling of personal information. For any inquiries or support related to the processing of personal information, including complaints and remedies, please contact us via email to support@theorigin.kr