Privacy Policy

Studiobside Co., Ltd. (hereinafter referred to as the “Company”) values users’ personal information and is committed to protecting their rights. In accordance with the Personal Information Protection Act and other applicable laws, the Company lawfully processes and safely manages personal data. Pursuant to Article 30 of the Personal Information Protection Act, this Privacy Policy provides a comprehensive overview of how personal information is collected, used, provided, and destroyed, as well as the measures in place to protect users' personal data and how users can exercise their rights. This Privacy Policy applies to the game Star Savior and all related services provided by the Company.

Article 1. Purpose of Personal Information Processing

  1. The Company processes personal information for the following purposes. The processed personal information will not be used for purposes other than those specified below. If the purpose of use is changed, the Company will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
① To establish effective communication channels for delivering notices, handling complaints, and other customer inquiries ② To provide customer service such as handling inquiries regarding paid content, fulfilling contracts, resolving disputes, processing payments, and issuing refunds ③ To support in-game gameplay and community services ④ For marketing and advertising purposes:     - To provide information on new service events     - To share updates on new game releases and service updates     - To provide various promotions and event notifications via the Company’s official channels     - To improve service quality and process statistical data     - To accurately collect shipping information for prize delivery ⑤ To provide other content and authentication services

Article 2. Period of Retention and Use of Personal Information

  1. The Company processes and retains personal information within the retention/use period agreed upon by the user at the time of collection or as stipulated by applicable laws and regulations.
  1. User management and service use: Retained for 30 days (1 month) after account deletion request (To resolve customer complaints, disputes, and identity theft-related unintended account deletions)
  2. Event operations: Retained for up to 3 months after event prize distribution is completed
  3. Retention in accordance with applicable laws:

Article 3. Items of Personal Information Processed

  1. The Company collects personal information from users after obtaining their consent, classifying it as either required or optional, depending on the purpose. Information is collected when users use the service, input data directly, or participate in events/marketing activities.

Category

Purpose

Required/Optional

Items Collected

Retention Period
All Platforms User identification, game service operation Required Advertising ID, game usage history, nickname, chat logs, access logs and authentication date, abuse history, suspension records, payment history, device information (model name, OS version), store information, game version, device ID Until membership withdrawal or as required by law
Sign in with Apple Account User identification, game service operation Required Member identifier information Until membership withdrawal or as required by law
Sign in with Google Account User identification, game service operation Required Member identifier information Until membership withdrawal or as required by law
Sign in with Steam Account User identification, game service operation Required Member identifier information Until membership withdrawal or as required by law
Events Event participation Optional Name, address, contact number, email, SNS ID Until the purpose is achieved, or consent is withdrawn
Prize delivery Required Name, contact number, address, postal code Until prize delivery is complete * For information related to prize tax obligations: 10 years from the date of collection (based on the longest statute of limitations under the Framework Act on National Taxes)
Reporting applicable Taxes and public charges Required Name, Resident Registration Number, ID copy, address, postal code, bank account number, bank name, account holder name
Customer Support User identification, contact, customer inquiries Required Email, device information (model name, OS version) 3 years (in accordance with the Act on Consumer Protection in Electronic Commerce)
Optional Mobile phone number, payment date, payment account, order number, product name, payment amount, payment receipt 3 years (in accordance with the Act on Consumer Protection in Electronic Commerce)
Paid Service Payment processing Required Open market ID, payment history 5 years (in accordance with the Act on Consumer Protection in Electronic Commerce)
Refund & Cancellation Handling refunds and cancellations Required Open market ID, payment date, payment account, order number, product name, payment amount, payment receipt, identification and family relationship documents for confirming third-party payments 5 years (in accordance with the Act on Consumer Protection in Electronic Commerce)

Article 4. Provision of Personal Information to Third Parties

  1. The Company processes users’ personal information only within the scope stated in the purpose of processing personal information. Personal information is provided to third parties only in cases where the user has given consent, or when such provision is permitted by special provisions of the law, in accordance with Articles 17 and 18 of the Personal Information Protection Act. Otherwise, the Company does not provide users’ personal information to any third party. 2. For the smooth provision of services, the Company may provide users’ personal information to third parties to the minimum extent necessary, only after obtaining the user's consent.

Article 5. Delegation of Personal Information Processing

  1. The Company entrusts the processing of personal information to third parties as follows to ensure smooth handling of personal information-related tasks:

Entrusted Party

Entrusted Tasks
SAMJUNG DATA SERVICES Supply and management of message delivery systems
  1. When entering into an outsourcing agreement, the Company specifies in documents such as contracts, in accordance with Article 26 of the Personal Information Protection Act, matters including prohibition of personal information processing for purposes other than the performance of the entrusted tasks, technical and managerial protection measures, restrictions on re-delegation, supervision of the trustee, and liability for damages. The Company also supervises and manages the trustee to ensure personal information is processed securely. 3. If there are any changes in the contents of the entrusted tasks or the trustees, such changes will be disclosed promptly through this Privacy Policy.

Article 6. Overseas Transfer of Personal Information

  1. In accordance with Article 28-8, Paragraph 1, Subparagraph 1 of the Personal Information Protection Act, the Company transfers personal information overseas only after obtaining separate consent from the user. Users may refuse to consent to the overseas transfer of their personal information. However, refusal may result in restrictions on the use of services that involve such overseas transfers.
Google LLC ([email protected]) - Country: United States (location of Google data centers) - Timing: Automatically transferred when submitting survey and event responses - Purpose: Collection and storage of survey and event data - Items Transferred: All personal information collected through the relevant survey or event Users may request to refuse the overseas transfer of their personal information through the designated department. However, such transfers occur only when the service is accessed outside of Korea. Since these transfers are necessary for the operation of the global service, refusal may result in the inability to use the service.

Article 7. Procedures and Methods for Destruction of Personal Information

  1. The Company will promptly destroy personal information when it becomes unnecessary, such as upon expiration of the retention period or achievement of the purpose for which it was collected. 2. If the retention period agreed by the user has expired or the purpose of processing has been fulfilled, but the information must be retained under other laws, the Company will store the personal information separately in a different database (DB) or storage location. (Refer to "Period of Retention and Use of Personal Information") 3. The procedures and methods for destroying personal information are as follows:
① Personal information recorded and stored in electronic files is destroyed using technical methods that render the records irrecoverable. ② Personal information recorded and stored in paper documents is destroyed by shredding or incineration.

Article 8. Disposal of Personal Information of Inactive Users

  1. The Company may take necessary measures, such as classifying or destroying the information of users who have not used the service for one year, by converting their accounts to dormant status. 2. At least 30 days prior to converting the account to dormant status, the Company will notify the user by a method reasonably capable of reaching them (e.g., app push notification) about the upcoming status change, the date of dormancy, and the items of personal information to be separated or destroyed. 3. If users do not wish their accounts to be converted to dormant status, they may simply log in to the service before the dormancy takes effect.

Article 9. User and Legal Guardian Rights, Obligations, and Exercise Procedures

  1. Users may, at any time, view, access, or modify their personal information, and may also request termination of their membership or deletion of their personal information. However, if essential personal information required for service provision is deleted, the user may no longer be able to use the related services. 2. Users can directly access and modify their personal information through the [Account Information] menu within the service. They can also terminate their membership at any time through the [Delete Account] function within the service. Upon termination, all personal information associated with the user will be deleted. 3. If a user requests correction or deletion of their personal information, the Company will verify the user’s identity and take necessary measures without delay. In cases where restrictions are imposed in accordance with the Terms of Use, the Company may destroy personal information, including user ID, under the supervision of the Data Protection Officer. 4. The Company obtains the consent of a legal guardian before collecting, using, or providing personal information of children and adolescents. 5. Access and modification of a user’s personal information can be requested by the user or the legal guardian of a child under the age of 14, and such requests are granted after verifying the identity of the requester. 6. If a user requests correction of erroneous personal information, the Company will not use or provide the information in question until the correction is completed. If the incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction without delay so that the correction can be implemented. 7. Personal information that is terminated or deleted at the user's request will be processed in accordance with Article 2 ("Period of Retention and Use of Personal Information") and will not be accessed or used for any purpose other than as specified.

Article 10. Measures to Ensure the Security of Personal Information

  1. The Company has established internal management regulations to prevent loss, theft, leakage, alteration, or damage of users’ personal information during processing. 2. A dedicated personal information protection team is in operation, and technical and administrative safeguards are implemented and monitored regularly. 3. In accordance with internal security policies, users’ personal information is encrypted using secure encryption algorithms. 4. Access rights to personal information processing systems are managed and controlled through the installation and operation of access control systems. 5. The Company minimizes access privileges to users’ personal information for personal information handlers and provides regular training on personal data protection and security. 6. Security software such as antivirus programs is installed, operated, and regularly updated on the PCs of personal information handlers. 7. Physical security measures are in place to ensure the safe storage of personal information, including access control systems, locking devices, and CCTV within office premises.

Article 11. Installation and Operation of an Automatic Personal Information Collection System and the Denial thereof

  1. The Company uses “cookies,” which store and retrieve user information from time to time, in order to provide personalized services to users. 2. A cookie is a small amount of information sent by the server (HTTP) used to operate the website to the user’s web browser, and it may also be stored on the user’s PC hard drive. 3. Users can choose to allow or block cookies through their web browser settings. However, refusing to store cookies may cause difficulties in using personalized services.
- How to manage and refuse cookie settings: ① Microsoft Edge: [Settings] > [Cookies and site permissions] > [Cookies and site data] ② Chrome: [Settings] > [Privacy and security] > [Third-party cookies] ③ NAVER Whale: [Settings] > [Privacy] > [Security] > [Cookies and site data] ④ Safari: [Settings] > [Advanced] > [Enable “Show Develop menu in menu bar”] > [Top menu] > [Develop] > [Empty Caches] ⑤ FireFox: [] > [Library] > [History] > [Clear Recent History…] ⑥ Opera: [Settings] > [Privacy & security] > [Clear browsing data]

Article 12. Data Protection Officer and Requests for Access to Personal Information

  1. The Company designates a Data Protection Officer who takes overall responsibility for handling personal information, and oversees processing user complaints and providing relief related to the handling of personal information. 2. In accordance with Article 35 of the Personal Information Protection Act, users may request access to their personal information through the department below. The Company will make efforts to process such requests promptly. ① Data Protection Officer
- Name: Jeong Han Yeong - Department: Live Service Team - Email: [email protected] - Phone: +82-31-628-5357

Article 13. Remedies for Infringement of Rights

  1. Users may contact the following organizations for dispute resolution or consultation regarding personal information infringement. In addition, for other reports or inquiries related to personal information infringement, please contact the agencies below: ① Personal Information Dispute Mediation Committee: 1833-6972 (no area code) (www.kopico.go.kr/) ② Personal Information Infringement Report Center: 118 (no area code) (https://privacy.kisa.or.kr/) ③ Supreme Prosecutor’s Office: 1301 (no area code) (https://www.spo.go.kr/) ④ National Police Agency: 182 (no area code) (https://ecrm.cyber.go.kr/)

Article 14. Changes to the Privacy Policy

In the event of additions, deletions, or modifications to this Privacy Policy due to changes in laws, policies, or security technologies, the Company will notify users of the reason and content of such changes at least 7 days prior to implementation via the website. However, if the changes are significant and may affect users' rights, the notice will be provided at least 30 days in advance of the effective date.

Addendum

This policy shall take effect as of June 1, 2025.