Privacy Policy

UNIVERSE

 

PRIVACY POLICY

Effective Date: 01.28, 2021. 

 

1.         Introduction and Overview.

This Privacy Policy provides a comprehensive description of how NCSOFT CORPORATION (“NCSOFT,” “we,” “our,” or “us”) collects, uses, and shares information about you as well as your rights and choices regarding such information. It applies to the UNIVERSE App (the “App”), the pre-order website for the App (the “Website”), and any online location that links to this Privacy Policy (collectively, the “Service”).

By using the Service, you agree to our Terms of Use and our collection, use and disclosure practices, and other activities as described in this Privacy Policy. If you do not agree, discontinue use of the Service.

If you have any questions or wish to exercise your rights and choices, please contact us as set out in the “Contact Us” section. If you are a Nevada resident, California resident, or data subject in Europe, please see the additional disclosures at the end of this Privacy Policy.

 

2.         Information Collection.

We collect information about you when you use the Service, including information you provide when you pre-register for the App through the Website, register an account, update your profile, access our content, sign up for a rewards program, make a purchase, participate in a promotion or mission, or contact customer support.

A.   Information You Provide Through the Website.

The categories of information we collect when you use the Website to pre-order the App:

  Contact Data, including your first and last name, and email address.

  Demographic Data, including your country of residence.

  Profile Data, including your interests, inferences, preferences and favorites.

  Content, including content within any messages you send to us (such as feedback and questions to customer support) or publicly post on the Service (such as in product reviews or blog comments).

You may choose to voluntarily provide other information to us that we do not request, and, in such instances, you are solely responsible for such information. 

B.   Information You Provide Through the App

The categories of information we collect when you use the App:

  Contact Data, including your first and last name, email address, and postal address.

  Account Credentials, including your username, password, password hints, and information for authentication and account access.

  Demographic Data, including your age, gender, and country.

  Profile Data, including your interests, inferences, preferences and favorites.

  Content, including content within any messages you send to us (such as feedback and questions to customer support) or publicly post on the Service (such as in product reviews or blog comments). We also collect content within any messages you exchange with other users through the Service (such as if you use our chat functionality).

  Personal Contacts Data, including the first and last name, email address, and phone number of your personal contacts. We collect data about your contacts with your consent and in order to fulfill a request by you, such as finding your contacts on the Service or inviting your contacts to join the Service. Such functionality is only intended for U.S. residents. By using this functionality, you acknowledge and agree that both you and your contacts are based in the U.S. and that you have your contacts’ consent for us to use their contact information to fulfill your request.

You may choose to voluntarily provide other information to us that we do not request, and, in such instances, you are solely responsible for such information. 

C.   Information Collected Automatically.

In addition, we automatically collect information when you use the Service. The categories of information we automatically collect include:

  Service Use Data, including data about features you use, pages you visit, emails and advertisements you view, products and services you view and purchase, the time of day you browse, and your referring and exiting pages.

 

  Device Data, including data about the type of device or browser you use, your device’s operating software, your internet service provider, your device’s regional and language settings, and device identifiers such as IP address and Ad Id.

  Location Data, including imprecise location data (such as location derived from an IP address or data that indicates a city or postal code level).

The types of tracking technologies we use to automatically collect information include:

  Log Files, which are files that record events that occur in connection with your use of the Service.

  Cookies, which are small data files stored on your device that act as a unique tag to identify your browser. We use two types of cookies: session cookies and persistent cookies. Session cookies make it easier for you to navigate our website and expire when you close your browser. Persistent cookies help with personalizing your experience, remembering your preferences, and supporting security features. Additionally, persistent cookies allow us to bring you advertising both on and off the Service. Persistent cookies may remain on your device for extended periods of time, and generally may be controlled through your browser settings.

  Pixels (also known as web beacons), which is code embedded in a website, video, email, or advertisement that sends information about your use to a server. There are various types of pixels, including image pixels (which are small graphic images) and JavaScript pixels (which contains JavaScript code). When you access a website, video, email, or advertisement that contains a pixel, the pixel may permit us or a separate entity to drop or read cookies on your browser. Pixels are used in combination with cookies to track activity by a particular browser on a particular device. We may incorporate pixels from separate entities that allow us to track our conversions, bring you advertising both on and off the Service, and provide you with additional functionality, such as the ability to connect our Service with your social media account. 

  Device Fingerprinting, which is the process of analyzing and combining sets of data elements from your device’s browser, such as JavaScript objects and installed fonts, to create a “fingerprint” of your device and uniquely identify your browser and device.

  App Technologies, which are technologies included in our apps that are not browser-based like cookies and cannot be controlled by browser settings. For example, our apps may include SDKs (e.g., the Facebook SDK), which is code that sends information about your use to a server. These SDKs allow us to track our conversions, bring you advertising both on and off the Service, and provide you with additional functionality, such as the ability to connect our Service with your social media account. 

For further information on how we use tracking technologies for analytics and advertising, and your rights and choices regarding them, see the “Analytics and Advertising” and “Your Rights and Choices” sections below.

D.   Information from Other Sources.

We also collect information from other sources. The categories of sources from which we collect information include:

  Social networks with which you interact or use to log into the App.

  Partners that offer co-branded services, sell or distribute our products, or engage in joint marketing activities.

  Publicly-available sources, including data in the public domain.

 

3.         Use of Information.

We collect and use information for business and commercial purposes in accordance with the practices described in this Privacy Policy. Our business purposes for collecting and using information include:

  Operating and managing our Service.

  Performing services requested by you, such as responding to your comments, questions, and requests, and providing customer service.

  Sending you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages.

  Preventing and addressing fraud, breach of policies or terms, and threats or harm.

  Monitoring and analysing trends, usage, and activities.

  Conducting research, including focus groups and surveys.

  Improving the Service and other NCSOFT websites, apps, marketing efforts, products and services.

  Developing and sending advertising, direct marketing, and communications about our and other entities’ products, offers, promotions, rewards, events, and services.

  Conducting promotions, including verifying your eligibility and delivering prizes in connection with your entries.

  Fulfilling any other purpose at your direction.

  With notice to you and your consent.

Notwithstanding the above, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we use information about you, please see the “Your Rights and Choices” section below.

 

4.         Sharing of Information.

We share information we collect in accordance with the practices described in this Privacy Policy. The categories of parties with whom we share information, and have shared information in the past 12 months, include:

  Service Providers. We share information with service providers that process information on our behalf. Service providers assist us with services such as payment processing, data analytics, marketing and advertising, website hosting, and technical support. We contractually prohibit our service providers from retaining, using, or disclosing information about you for any purpose other than performing the services for us, although we may permit them to use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law.

  Vendors and Other Parties. We share information with vendors and other parties for analytics and advertising related purposes. These parties may act as our service providers, or in certain contexts, independently decide how to process your information. For more information on advertising and analytics, see the “Analytics and Advertising” section below.

  Affiliates. We share information with our affiliates and related entities, including where they act as our service providers or for their own internal purposes.

  Partners. We share information with our partners in connection with offering co-branded services, selling or distributing our products, or engaging in joint marketing activities.

  Promotions and Missions. Our promotions and missions may be jointly sponsored or offered by other parties. When you voluntarily enter a promotion or mission, we share information as set out in the official rules or additional terms and conditions that govern the promotion or mission, as well as for administrative purposes and as required by law (e.g., on a winners list). By entering a promotion or mission, you agree to the official rules or additional terms and conditions that govern that promotion or mission, and may, except where prohibited by applicable law, allow the sponsor and/or other entities to use your name, voice and/or likeness in advertising or marketing materials.

  Public Forums. We share information you make public through the Service, such as information in your profile or that you post on public boards. Please think carefully before making information public as you are solely responsible for any information you make public. Once you have posted information, you may not be able to edit or delete such information, subject to additional rights set out in the “Your Rights and Choices” section below.

  Merger or Acquisition. We share information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.

  Security and Compelled Disclosure. We share information to comply with the law or other legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also share information to protect the rights, property, life, health, security and safety of us, the Service or anyone else.

  Facilitating Requests. We share information at your request or direction.

  Consent. We share information with notice to you and your consent.

Notwithstanding the above, we may share information that does not identify you (including information that has been aggregated or de-identified) except as prohibited by applicable law. For information on your rights and choices regarding how we share information about you, please see the “Your Rights and Choices” section below.

 

5.         Other Parties.

We offer parts of our Service through websites, platforms, and services operated or controlled by other parties. In addition, we integrate technologies operated or controlled by other parties into parts of our Service.

 

Some examples include:

  Links. Our Service includes links that hyperlink to websites, platforms, and other services not operated or controlled by us.

  Liking, Sharing, and Logging-In. We may embed a pixel or SDK on our Service that allows you to “like” or “share” content on, or log-in to your account through social media. If you choose to engage with such integration, we may receive information from the social network that you have authorized to share with us. Please note that the social network may independently collect information about you through the integration.

Please note that when you interact with other parties, including when you leave our Service, those parties may independently collect information about you and solicit information from you. The information collected and stored by those parties remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

 

6.         Analytics and Advertising.

We use analytics services to help us understand how users access and use the Service. In addition, we work with agencies, advertisers, ad networks, and other technology services to place ads about our products and services on other websites and services. For example, we place ads through Google and Facebook that you may view on their platforms as well as on other websites and services.

As part of this process, we may incorporate tracking technologies into our own Service (including our website and emails) as well as into our ads displayed on other websites and services. Some of these tracking technologies may track your activities across time and services for purposes of associating the different devices you use, and delivering relevant ads and/or other content to you (“Interest-based Advertising”).

As indicated above, vendors and other parties may act as our service providers, or in certain contexts, independently decide how to process your information. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

(As of the Effective Date noted above, we incorporate ironSource’s mediation platform to integrate, manage, and optimize third party ad networks. IronSource’s privacy policy can be found at  https://developers.ironsrc.com/ironsource-mobile/air/ironsource-mobile-privacy-policy/).

For further information on the types of tracking technologies we use on the Service and your rights and choices regarding analytics and Interest-based Advertising, please see the “Information Collected Automatically” and “Your Rights and Choices” sections.

 

7.         Your Rights and Choices.

A.   Account Information.

You may access, update, or remove certain information that you have provided to us through your account by visiting your account settings or sending an email to the email address set out in the “Contact Us” section below. We may require additional information from you to allow us to confirm your identity. Please note that we will retain and use information about you as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

B.   Tracking Technology Choices.

  Cookies and Pixels. Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.

  Do Not Track. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to “Do Not Track” signals.  For more information on “Do Not Track,” visit http://www.allaboutdnt.com.

  App Technologies. You can stop all collection of information via an app by uninstalling the app. You can also reset your device Ad Id at any time through your device settings, which is designed to allow you to limit the use of information collected about you.

Please be aware that if you disable or remove tracking technologies some parts of the Service may not function correctly.

C.   Analytics and Interest-Based Advertising.

Google provides tools to allow you to opt out of the use of certain information collected by Google Analytics at https://tools.google.com/dlpage/gaoptout and by Google Analytics for Display Advertising or the Google Display Network at https://www.google.com/settings/ads/onweb/. 

The companies we work with to provide you with targeted ads are required by us to give you the choice to opt out of receiving targeted ads. Most of these companies are participants of the Digital Advertising Alliance (“DAA”) and/or the Network Advertising Initiative (“NAI”). To learn more about the targeted ads provided by these companies, and how to opt out of receiving certain targeted ads from them, please visit: (i) for website targeted ads from DAA participants, https://www.aboutads.info/choices; (ii) for app targeted ads from DAA participants, https://www.aboutads.info/appchoices; and (iii) for targeted ads from NAI participants, https://www.networkadvertising.org/choices/. Opting out only means that the selected participants should no longer deliver certain targeted ads to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., in connection with the participants’ other customers or from other technology services).

You may also limit our use of information collected from or about your mobile device for purposes of serving targeted ads to you by going to your device settings and selecting “Limit Ad Tracking” (for iOS devices) or “Opt out of Interest-Based Ads” (for Android devices).

Please note that if you opt out using any of these methods, the opt out will only apply to the specific browser or device from which you opt out. We are not responsible for the effectiveness of, or compliance with, any opt out options or programs, or the accuracy of any other entities’ statements regarding their opt out options or programs.

D.   Communications.

  E-mails. You can opt-out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link, or emailing us at the email address set out in the “Contact Us” section below with the word UNSUBSCRIBE in the subject field of the email. Please note that you cannot opt-out of non-promotional emails, such as those about your account, transactions, servicing, or our ongoing business relations.

  Push Notifications. If you have opted-in to receive push notification on your device, you can opt-out at any time by adjusting the permissions in your device or uninstalling our app.

Please note that your opt out is limited to the email address, device, and phone number used and will not affect subsequent subscriptions. 

 

8.         Children.

The Service is intended for general audiences, and is not directed at children. We do not knowingly collect personal information (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) from children. If you are a parent or guardian and believe we have collected personal information in violation of COPPA, contact us at privacy@ncsoft.com. We will remove the personal information in accordance with COPPA. We do not knowingly “sell,” as that term is defined under the CCPA, the personal information of minors under 16 years old who are California residents.

If you are a California resident under 18 years old and registered to use the Service, you can ask us to remove any content or information you have posted on the Service. To make a request, email us at the email address set out in “Contact Us” section with “California Under 18 Content Removal Request” in the subject line, and tell us what you want removed. We will make reasonable good faith efforts to remove the post from prospective public view, although we cannot ensure the complete or comprehensive removal of the content and may retain the content as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

 

9.         Data Security.

We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you.

 

10.      International Transfer.

Please be aware that information collected through the Service may be transferred to, processed, stored, and used in jurisdictions different from your country of residence, including the U.S., Japan, and Korea. Data protection laws in these other jurisdictions may be different from those of your country of residence. Your use of the Service or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of information about you in other jurisdictions as set out in this Privacy Policy. For personal data transferred from Europe, the UK, or Switzerland, we will provide appropriate safeguards, such as through the use of standard contractual clauses.

 

11.      Changes to this Privacy Policy.

We reserve the right to revise and reissue this Privacy Policy at any time. Any changes will be effective immediately upon posting of the revised Privacy Policy. Your continued use of our Service indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide you additional notice to your email address. 

 

12.      Contact Us.

If you have any questions or comments about this Privacy Policy, our data practices, or our compliance with applicable law, please contact us:

By email: privacy@ncsoft.com

By mail: 4th Fl. KTCU B/D, 192 Jungang-daero, Dong-gu, Busan, Republic of Korea

This Privacy Policy has been designed to be accessible to people with disabilities. If you experience any difficulties accessing the information here, please contact us at privacy@ncsoft.com

 

13.      Additional Disclosures for Nevada Residents.

Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us as at privacy@ncsoft.com.

 

14.      Additional Disclosures for California Residents.

These additional disclosures apply only to California residents. The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know, delete and opt-out, and requires businesses collecting or disclosing personal information to provide notices and means to exercise rights. 

A.   Notice of Collection.

In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA:

  Identifiers, including name, postal address, email address, and online identifiers (such as IP address). 

  Customer records. 

  Characteristics of protected classifications under California or federal law, including gender. 

  Commercial or transactions information, including records of rewards, promotions, products or services entered, purchased, obtained, or considered.

  Internet activity, including browsing history, search history, and interactions with a website, email, application, or advertisement.

  Geolocation data.

  Inferences drawn from the above information about your predicted characteristics and preferences.

For further details on information we collect, including the sources from which we receive information, review the “Information Collection” section above. We collect and use these categories of personal information for the business purposes described in the “Use of Information” section above, including to manage our Service.

To the extent “sale” under the CCPA is interpreted to include the activities set out in this Privacy Policy, such as those disclosed in the “Analytics and Advertising” section above, we will comply with applicable law as to such activity. We disclose the following categories of personal information for commercial purposes: identifiers, characteristics, commercial or transactions information, internet activity, geolocation data, and inferences drawn. Please review the “Sharing of Information” section above for further details about the categories of parties with whom we share information.

B.   Right to Know and Delete.

You have the right to know certain details about our data practices in the past 12 months. In particular, you may request the following from us:

  The categories of personal information we have collected about you; 

  The categories of sources from which the personal information was collected;

  The categories of personal information about you we disclosed for a business purpose or sold;

  The categories of third parties to whom the personal information was disclosed for a business purpose or sold;

  The business or commercial purpose for collecting or selling the personal information; and

  The specific pieces of personal information we have collected about you.

In addition, you have the right to delete the personal information we have collected from you.

To exercise any of these rights, please submit a request at privacy@ncsoft.com. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.

C.   Right to Opt-Out.

To the extent NCSOFT sells your personal information as the term “sell” is defined under the CCPA, you have the right to opt-out of the sale of your personal information by us to third parties at any time. You may submit a request to opt-out by clicking Do Not Sell My Personal Information or emailing us at privacy@ncsoft.com.

D.   Authorized Agent.

You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.

E.   Right to Non-Discrimination.

You have the right not to receive discriminatory treatment by us for the exercise of any your rights.

F.   Shine the Light.

Customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please write us at the email or postal address set out in “Contact Us” above and specify that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.

 

15.      Additional Disclosures for Data Subjects in Europe.

A.   Roles.

Data protection laws in Europe, distinguish between organizations that process personal data for their own purposes (known as “controllers”) and organizations that process personal data on behalf of other organizations (known as “processors”). NCSOFT acts as a controller with respect to personal data collected as you interact with our websites, emails, and advertisements.

B.   Lawful Basis for Processing.

Data protection laws in Europe require a “lawful basis” for processing personal data. Our lawful bases include where: (a) you have given consent to the processing for one or more specific purposes, either to us or to our service providers or partners; (b) processing is necessary for the performance of a contract with you; (c) processing is necessary for compliance with a legal obligation; or (d) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests. Where applicable, we will transfer your personal data to third countries subject to appropriate or suitable safeguards, such as standard contractual clauses.

C.   Your Data Subject Rights.

You have the right to access, rectify, or erase any personal data we have collected about you. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.

To exercise any of these rights, please contact us as set out in the “Contact Us” section above and specify which right you are seeking to exercise. We will respond to your request within 30 days. We may require specific information from you to help us confirm your identity and process your request.

Please note that we retain information as necessary to fulfil the purposes for which it was collected, and may continue to retain and use information even after a data subject request for purposes of our legitimate interests, including as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

If you have any issues with our compliance, you may contact us as set out in the “Contact Us” section above. You also have the right to lodge a complaint with the data protection regulator in your jurisdiction.

D.  General Data Protection Regulation (GDPR) - European Representative.

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), NCSOFT Corporation has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR by:

-       using EDPO’s online request form: https://edpo.com/gdpr-data-request/

writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium

E.  UK General Data Protection Regulation (GDPR) – UK Representative.

Pursuant to the UK GDPR, NCSOFT Corporation has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR by:

-       using EDPO UK’s online request form: https://edpo.com/uk-gdpr-data-request/

-       writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom

 

16.      Additional Disclosures for Taiwan Residents.

These additional disclosures apply only to Taiwan residents.

A.   Your Data Subject Rights.

The Personal Data Protection Act (“PDPA”) of Taiwan provides the following rights to residents in Taiwan:

  Right to make an inquiry of and to review your personal data;

  Right to ask us for a copy of your personal data;

  Right to correct or supplement your personal data; 

  Right to demand the cessation of collection, processing or use of your personal data; and

  Right to delete your personal data.

We may charge a fee for providing access to your personal data. To exercise any of these rights, please submit a request to privacy@ncsoft.com.

B.   Retention Period for Your Personal Data

We process and use the information we collect about you for a period that is necessary to achieve the purposes set out under section 3 “Use of Information”.

C.   Territory in Which Your Personal Data is Used

We process and use the information we collect about you in:

  Taiwan (Republic of China);

  Territories in which NCSOFT, its affiliates, its service provider, its vendors, and its partners are located; and

  Any other territory that is necessary to achieve the purposes set out under section 3 “Use of Information”.

D.   Consequences of Not Providing Your Personal Data

If you choose not to provide your personal information to us, you may not be able to use some parts of or the entire Service. You may also not be able to receive or use some parts of or the entire products, services, or promotional offers provided by us via use of the Service.