Privacy Policy (Update 28/01/2023)

This privacy policy notifies the method and purpose of use of users' personal information collected during the use of PC and mobile services (hereinafter referred to as "Services") provided by NXIO (hereinafter referred to as the "Company"), and the contains the following details, as well as the measures taken by the company to protect your personal information.

This Privacy Policy is part of the Terms of Use, and capitalized terms have the same meanings as defined in the Terms of Use.

If you do not agree to the Terms of Use or Privacy Policy, some or all of the Services may be restricted.

This Privacy Policy was established in accordance with the Personal Information Protection Act of Korea, and we make every effort to provide services while complying with international standards.

Processing of personal information
The company collects and provides users' personal information for various purposes, such as providing, maintaining and improving services to users. In general, the company keeps users' personal information only for the period necessary for the purpose notified through the personal information processing policy. That is, the retention period varies depending on the type of information and the reason for storage, and personal information may be retained even after the user deletes the account or suspends the service to comply with legal obligations and regulatory requirements, and to resolve disputes and prevent fraud.

Items of personal information to be collected, methods of collection and purpose of use
The company collects only the minimum amount of information necessary to provide services, and collects personal information only for that purpose within the scope permitted by law. However, generated information such as device information may be automatically generated and collected in the process of using the service.

1) How to collect personal information

When a user directly inputs personal information to use the service provided by the company and participates in or participates in events and promotions, it is automatically generated and collected during the process of collection and service use through a separate consent process. In addition, if there is a separate consent, it is collected through partners and partnership platforms.

2) Purpose of personal information use

The company only uses the user's personal information for the following purposes, and does not use the user's personal information for any other purpose without prior consent.

3) Items of personal information collected and purpose of use

Service

Collected Items

Purpose of Use

User Registration

User identification information from external platforms such as Google, Apple, Facebook, and Steam

Provision of services and identification of duplicate users

Events and Promotions

Server name, nickname, name, contact number, identification number

Confirmation of winners and sending of prizes

Contact Customer Center

Server name, nickname, contact information, email

Information on inquiry history storage, inquiry response, etc.

Payment & Refund

Name, contact number, card number, account number, server name, nickname

Check payment history and refund method

In the process of using the service, the user's terminal information (model name, OS type and version, Mac address, IMEI, carrier information, language and country information, etc.) and game use and access IP records, authentication records, payment records, bad use records, game versions Service usage records and device information may be created and collected.

Period of storage and use of personal information
While the user uses the service provided by the company, the user's personal information is continuously retained and used to provide the service, and it is destroyed without delay when the purpose of collection and use of personal information is achieved. However, personal information is kept for n days after the withdrawal request to resolve user complaints and disputes when withdrawing from the game, and to resolve unwanted withdrawals due to illegal use of personal information. In addition, if it is necessary to preserve after the purpose of collection and use has been achieved due to related laws, we keep the user's information for a certain period of time as stipulated by the laws.

Information collected for events and promotions is kept for up to 6 months, but may be different for each event, and the period listed on the individual event page shall take precedence.

Storage laws

Related records

Storage period

Act on Consumer Protection in Electronic Commerce, Etc.

Withdrawal of contract or subscription, payment,

Records on the supply of goods, etc.

5 years

Records of consumer complaints or dispute resolution

3 years

Communication Confidentiality Protection Act

Log records related to usage

3 months

Procedure and method of destruction of personal information
1) Destruction procedure 

The information entered by the user for service use, etc. is moved to a separate DB (a separate filing cabinet in the case of paper) after the purpose is achieved and is scheduled according to the internal policy and other information protection reasons according to related laws (refer to Retention and use period) It is destroyed after being stored for a period of time.

Personal information transferred to a separate DB will not be used for any other purpose other than being retained unless it is required by law.

2) Destruction method

Personal information stored in electronic file format is deleted using a technical method that cannot reproduce records, and personal information printed on paper is shredded with a shredder or destroyed through incineration.

Separate storage and management of long-term unused account personal information
We destroy the information of users who have not used the service for one year. However, it may be stored and managed separately from other users' personal information until the retention period set by other laws and regulations has elapsed.

In this case, the users shall be notified 30 days before the expiration date of the period, in which  items of personal information will be destroyed.

Consignment of personal information processing and overseas transfer
The company entrusts the following personal information processing tasks for smooth service provision and personal information processing, and stipulates necessary matters for safe management of personal information when concluding a consignment contract in accordance with relevant laws and regulations. In addition, some personal information is consigned and stored to overseas companies if necessary to provide services and enhance user convenience.

Person Entrusted

Consignment Work

Retention and Use Period

Qroad

CS

1 years

If the contents of the consignment work or the consignee is changed, we will disclose it through this personal information processing policy without delay.

The Company operates in various jurisdictions and any information you provide may be transferred to or accessed from Korea or around the world as described in this Privacy Policy.

By using the Company's services or providing personal information to the Company, you consent to the international sending and processing of your information. When transferring personal information abroad, technical and physical protection is implemented to protect personal information.

Provision of personal information to third parties
The company uses the user's personal information only within the notified range, and provides personal information to a third party only when necessary for settlement of service provision, with the consent of the information subject, or when there are special provisions in the law. Other than that, the personal information of the data subject is not provided to third parties.

Child Policy
The Company does not knowingly collect or sell personal information from children under the age of 13 (or the age defined by applicable law) without parental consent or as permitted by applicable law. If you become aware that your child has provided personal information to us, please contact us and we will work with you to resolve the matter.

Nevada Privacy Management
Nevada residents have the right to submit verified requests directing them not to sell personal information. If you are a resident of Nevada and would like to submit such a request, please submit your request to the company's contact information provided in this Privacy Policy.

California Consumer Privacy Act
The company complies with California privacy laws.

1) Personal information collected and shared for business purposes

The company may collect/share the following categories of information that can directly or indirectly identify a user or such device, or information that can reasonably be associated with a user or such device for business purposes.

Identifier - nickname, unique identifier, online ID, IP, email address, account name, or other similar ID

Commercial information - items or services purchased/obtained/collected, other records of purchases, consumption histories or trends

Geolocation data - geolocation data such as country of residence

2) Purpose of collection

The above personal information is used and shared for the purposes of service quality improvement, service provision, account maintenance, user response service, user identification, advertisement, and user pattern analysis.

- Solve technical problems and improve the quality of company service

- Identification of individual users to provide Company services;

- Technical protection against unauthorized program use related to company services

- Prevent inappropriate gameplay that could negatively affect other users of our services

- Providing customer support for company services by collecting and responding to customer inquiries

- To provide information about Company events and surveys, to provide opportunities to participate in Company events and surveys, to provide Company advertisements and for other Company marketing and promotional purposes;

- Track usage patterns, analyze user trends, calculate company service usage statistics

3) Prohibition of selling personal information

The company does not "sell" the information of users who use the company's services for monetary gain or specific benefit to the company.

4) No discrimination

The company does not discriminate against users who exercise their rights under the CCPA.

5) California Consumer Protection Act

California residents have the right to receive a description of the identifying information and categories of personal information used by companies or trustees that use personal information for marketing purposes.
The company provides the following information after receiving a request for information disclosure that meets the requirements.
- Personal information items of the requester collected by the company in the last 12 months

- Categories of sources from which personal information was collected in the last 12 months;

- Items of personal information shared by the company with the outsourcing company

- Company's business/commercial purpose regarding collection and sharing of selected personal information

- Specific user personal information collected by the company in the last 12 months

- If the user's personal information is disclosed in the course of business, a description of what category of personal information the recipient has collected and used

If you are a resident of California, you have the right, subject to certain exceptions, to request the deletion of personal information collected and owned by you.
After receiving and confirming the user's request, the company deletes the user's personal information unless it is an exception under the CCPA.

Lawful processing of personal data in accordance with GDPR
Processing personal information by the Company shall be lawful only if and to the extent that at least one of the following applies:

A user has given consent to the processing of his or her personal information.
Processing is necessary for the performance of a contract to which a user is party or in order to take steps at the request of a user prior to entering into a contract.
- Member management, identification, etc.

- Performance of a contract in relation to providing the services required by users, payment and settlement of fees, etc.

Processing is necessary for compliance with a legal obligation to which the Company is subject
- Compliance with relevant law, regulations, legal proceedings, requests by the government

Processing is necessary in order to protect the vital interests of users, or other natural persons
- Detection of, prevention of, and response to fraud, abuse, security risks, and technical issues that may harm users or other natural persons

Processing is necessary for the performance of a task carried out in the public interest or in the excise of official authority vested in the Company
Processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child).
User’s right when applying GDPR

The users or their legal representatives, as main agents of the information, may exercise the rights regarding the collection, use and sharing of personal information by the Company. Details can be found in "Article 13. rights and exercise method of user and legal guardian”, and for requests for rights, please send an email to privacy@nxio.io

Rights of users and their legal representatives and how to exercise them
Users and their legal representatives can withdraw their consent (withdrawal) to the provision of personal information at any time. To withdraw consented personal information, click "Leave the game" in the service to proceed with the withdrawal. However, if the user's personal information is destroyed when the user's personal information is withdrawn, the user may also delete related information created/accumulated while using the company's services.

Contact the person in charge of personal information protection in writing or by e-mail (privacy@nxio.io) to search for and correct personal information and take necessary actions. However, if there is a justifiable reason, the company may refuse to open or modify some or all of the user's personal information, and in this case, the company may notify the user of the refusal and justify the reason. 

If a user requests correction of personal information errors, the selected personal information will not be used or provided until the correction is completed. In addition, if incorrect information has already been provided to a third party, the corrective action will be notified to the third party without delay.

Personal information deactivated or deleted by the company at the request of users or their legal representatives will be processed in accordance with Article 4. The collected personal information cannot be opened or used for the period of retention and use or other purposes.

Installation, operation and rejection of automatic personal information collection device
1) The company uses 'cookies' to store and find user information as needed. Cookies are small text files sent by the server running the company's website to your device and browser, and are stored on your device or computer hard drive. When a user uses the service, the server reads the contents of the cookie stored on the user's device or hard disk to check user information and provides customized services.

2) Users have the right to choose in relation to cookie installation. Users can also decide whether to accept cookies and delete them in their device settings. However, if you do not allow the use of cookies, problems may occur when using services required for login.

3) How to set cookies

- Internet Explorer: [Tools] at the top of the web browser → [Internet Options] → [Privacy] → [Advanced]

- Chrome: From the top right corner of the web browser, [⋮] → [Settings] → [Privacy & Security] → [Cookies and other site data]

Measures to ensure the safety of personal information
The company is taking the following measures to ensure the safety of personal information.

1) Administrative measures: establishment and implementation of internal management plan, operation of a dedicated organization, regular employee training

2) Technical measures: management of access rights of personal information processing system, etc., installation of access control system, encryption of personal information, installation and update of security program

3) Physical measures: Control access to computer rooms, data storage rooms, etc.

Changes to the Privacy Policy
This Privacy Policy is subject to change at any time in accordance with changes in relevant laws, guidelines, or internal policies of the company.

Personal Information Protection Officer
The company is responsible for overall handling of personal information, and has designated a person in charge of personal information protection as follows to handle complaints and damage relief from information subjects related to personal information processing.

Privacy Officer

Email: privacy@nxio.io