Suncyan Privacy Policy
‘Suncyan
Co., Ltd.’ (hereinafter referred to as the ‘Company’) complies with the
Personal Information Protection Act and relevant laws and regulations to
protect the freedoms and rights of data subjects, processing personal
information lawfully and managing it securely.
Accordingly, in
accordance with Article 30 of the 「Personal
Information Protection Act」,
the Company establishes and discloses the following Privacy Policy to guide
data subjects through the procedures and standards concerning the processing
and protection of personal information, and to ensure that related grievances
are handled promptly and smoothly.
Article 1 Purpose of
Processing Personal Information, Processing Items, and Period of Retention and
Use
① The Company collects
personal information within the minimum necessary scope to provide services in
accordance with Article 15, Paragraph 1, Item 1 (Consent of Data Subject) of
the 「Personal Information
Protection Act」.
1)
Items
of personal information processed with the consent of the data subject [Basis
for collection : Article 15, Paragraph 1, Item 1 (‘Consent’) of the 「Personal Information
Protection Act」]
The Company collects personal information from sources other than the data
subject as follows.
|
Source
of Collection |
Items
Collected |
Purpose
of Processing |
Period
of Retention and
Use |
|
Google
LLC |
UID, email, nickname,
profile picture |
Identity verification,
individual identification, prevention of fraudulent use and unauthorized use,
confirmation of intent to register |
From
the date of membership withdrawal, stored
for 30 days and then discarded |
|
Apple
Inc. |
2)
Items
of personal information processed without the consent of the data subject
[Legal basis : Article 15, Paragraph 1, Item 4 (‘Performance of Contract’) of
the 「Personal Information
Protection Act」]
|
Category |
Items
Collected |
Purpose
of Processing |
Period
of Retention and
Use |
||
|
Customer Consultation |
Email
Receipt
of Complaints |
Required |
UID, platform used,
device OS information, detailed information, attached file (problem screen
screenshot, payment receipt) |
Response to game
errors and resolution of technical issues |
Stored
for 3 years from the date of complaint receipt and then destroyed |
|
Event |
Event
Participation |
Required |
Participant: UID,
photo, nickname, email address Winner: UID, name,
phone number, address |
Entry for event
promotions (pre-registration, etc.) and delivery of prizes |
Immediate
destruction upon end of event |
② For purposes such as
providing stable services, protecting accounts and items, complying with laws,
and preventing fraudulent users, the following information may be generated and
collected during the course of service use.
※ Information such as
game data generated during game play (nickname), device information (model
name, OS information, mobile firmware version, unique device identifier), PC
information (browser information, OS information), IP address, cookies, access
records, location and country information (derived from IP address), records of
fraudulent use, and service usage records
Article 2 Period of
Processing and Retention of Personal Information
① In principle, the
Company destroys personal information after 30 days of retention upon
achievement of the purpose of collection and use, expiration of the retention
period, or membership withdrawal. (However, in cases where storage for a
certain period is prescribed by laws and regulations or in accordance with
internal Company policies, personal information will be stored securely for the
relevant period and then destroyed.)
|
Legal
Basis |
Retained
Information |
Retention
Period |
|
Article 6 of the 「Act on the Consumer
Protection in Electronic Commerce」
and Article 6 of the Enforcement Decree of the same Act |
Records on contracts
or withdrawal of offers |
5
years |
|
Records on payment and
supply of goods, etc. |
5
years |
|
|
Records on handling of
consumer complaints or disputes |
3
years |
|
|
Records on display and
advertising |
6
months |
|
|
Article 15-2 of the 「Protection of
Communications Secrets Act」 |
Website visit records
(logs), tracking data of access locations |
3
months |
Article 3 Protection of Personal
Information of Children Under 14 Years of Age
In cases where consent is required
to process the personal information of children under 14 years of age, the
Company shall obtain consent from the child’s legal representative. When
obtaining the consent of a legal representative, consent is obtained after
verifying/authenticating the legal representative during the sign-up stage on
the external service platforms (Google, Apple, Steam) through which the child
joined.
Article 4 Procedures and
Methods for Destruction of Personal Information
① The Company shall
destroy the relevant personal information without delay when it becomes
unnecessary, such as upon the expiration of the personal information retention
period or the achievement of the purpose of processing, in accordance with
internal policies and relevant laws and regulations. However, for the purpose
of preventing withdrawal due to user error and resolving consumer complaints
and disputes, personal information will be destroyed immediately after a 30-day
grace period from the date of withdrawal.
② The methods for
destroying personal information are as follows.
1)
Personal information stored in the form of electronic files is deleted using
technical methods that make it impossible to restore.
2)
Personal information printed on paper and received documents are destroyed
through shredding or incineration.
Article 5 Provision of
Personal Information to Third Parties
① The Company does not
provide the personal information of the data subjects to third parties.
However, in the following cases, personal information may be provided without
the consent of the data subject.
1)
Where
there are special provisions in other laws
2)
Where
it is clearly recognized as necessary for the immediate interest of the life,
physical safety, or property of the data subject or a third party
3)
Where
it is urgently necessary for public safety and well-being, such as public
health
Article 6 Entrustment of
Processing of Personal Information
① The Company utilizes
personal information within the scope of the purpose of collection and use in
order to provide more seamless services to customers.
② When entering into an
entrustment contract, the Company specifies in documents such as contracts
matters regarding the prohibition of processing personal information for
purposes other than the performance of the entrusted tasks, technical and
managerial protective measures, restrictions on re-entrustment, management and
supervision of the trustee, and liability such as damages in accordance with
Article 26 of the Personal Information Protection Act, and supervises whether
the trustee processes personal information safely.
③ In the event that the
contents of the entrusted tasks or the trustee change, we will disclose such
changes through this ‘Privacy Policy’ without delay.
Article 7 Overseas
Transfer of Personal Information
The Company transfers
the personal information collected from service users abroad as follows, and
provides information regarding the overseas transfer in accordance with Article
28-8, Paragraph 2 of the 「Personal
Information Protection Act」
as follows.
|
Legal
Basis |
Recipient
of Transfer (Name
of Entity / Contact Information) |
Items
of Personal Information to be Transferred |
Country
of Transfer |
Time
and Method of Transfer |
Purpose
of Use |
Retention
and Use Period of Personal Information |
|
Article
28-8, Paragraph 1, Item 3 of the 「Personal
Information Protection Act」
(Entrustment of Processing/Storage) |
Amazon
Web Services Inc. (aws-korea-privacy@ amazon.com) |
User
identification ID, receipt information (region code, order number, package
name, product identifier, purchase status) |
Japan |
Transmission
over the network at the time of service use |
- Data processing and
storage - Data backup
(storage) to protect user data from disaster, calamity, etc. |
Upon
membership withdrawal or contract termination |
|
Google
LLC (googlekrsupport@ google.com) |
User
identification ID, email address, name, nickname |
United
States |
Transmission
over the network at the time of service use |
Identity verification
and user information retention |
Upon
membership withdrawal or contract termination |
|
|
Zendesk
Inc. (privacy@ zendesk.com) |
UID, service platform,
device OS information, inquiry type (payment/account/bug/recovery/other),
details, attachments (screenshots of the issue, payment receipts) |
United
States |
Transmission
over the network at the time of service use |
Retention of complaint
handling records |
Destroyed
3 years after the date of receipt |
※ Service use is not
possible if you refuse the overseas transfer. If you do not wish for overseas
transfer, you can proceed with membership withdrawal on mobile (Settings –
Account – Withdrawal) or request membership withdrawal through Article 7
(Rights and Obligations of Data Subjects and Legal Representatives and Methods
of Exercise).
Article 8 Measures to
Ensure the Safety of Personal Information
① The Company establishes
and implements an internal management plan for the safe processing of personal
information, and designates a personal information protection officer.
② The Company limits the
right of access to customers' personal information to the minimum number of
personnel, and conducts periodic personal information protection training for
the safe processing of personal information.
③ The Company adopts a
security device (SSL) that can safely transmit personal information over the
network using encryption algorithms, encrypts and stores important information
of customers (passwords, unique identification information, financial information),
and encrypts communication sections during transmission and reception.
④ The Company stores,
backs up, and monitors the access records of the personal information
processing system to prevent forgery or alteration of the access records.
⑤ The Company is doing
its best to protect the personal information provided by customers by equipping
vaccines, firewalls, and intrusion detection/prevention systems and updating
them periodically. The personal information is being protected through the stable
use of a system verified by a security certification company.
⑥ The Company
periodically checks emergency measures in case of disasters through security
mock training.
⑦ The Company physically
and completely destroys personal information once the purpose of the personal
information is achieved.
Article 9 Matters
Concerning the Installation, Operation, and Refusal of Automatic Personal
Information Collection Devices
① The Company uses
‘cookies’ that store and frequently retrieve usage information to provide
individualized services and convenience to data subjects.
※ Cookies are a small
amount of information sent to the data subject's internet browser by the server
used to operate the website and are stored on the data subject's PC or mobile
device.
② Data subjects can set
options such as allowing or blocking cookies through web browser option
settings. However, if you refuse to store cookies, you may experience
difficulties in using customized services.
1) Allowing/blocking cookies in a
web browser
a) Chrome: Select ‘⋮’ at the top right of
the web browser > New Incognito window (Shortcut key: Ctrl+Shift+N)
b) Edge: Select ‘…’ at the top
right of the web browser > New InPrivate window (Shortcut key: Ctrl+Shift+N)
2) Allowing/blocking cookies in a
mobile browser
a) Chrome: Select ‘⋮’ at the top right of
the mobile browser > New Incognito tab
b) Safari: Mobile device settings
> Safari > Advanced > Block all cookies
c) Samsung Internet: Select ‘Tabs’
icon at the bottom of the mobile browser > Turn on Secret mode > Start
Article 10 Rights and
Obligations of Data Subjects and Legal Representatives and Methods of Exercise
① Customers may exercise
their rights, such as requesting access to, correction, deletion, or suspension
of processing of personal information, against the Company at any time.
② Rights under Paragraph
1 may be exercised directly through the Company email (support@suncyan.com).
③ Rights under Paragraph
1 may be exercised through writing, telephone, email, internet, etc., to the
relevant department listed in Article 10 (Privacy Officer), and the Company
will take action without delay.
④ Rights under Paragraph
1 may be exercised through a representative, such as the customer's legal
representative or a person who has been delegated. In this case, you must
submit a power of attorney in accordance with Form No. 11 of the [Notification
on the Method of Processing Personal Information].
⑤ A customer's request
for ‘access’ to personal information may be limited or refused in accordance
with Article 35, Paragraph 4 of the Personal Information Protection Act, and a
request for ‘suspension of processing’ may be limited by the proviso of Article
37, Paragraph 2 of the Personal Information Protection Act.
⑥ A request for
correction or deletion of personal information cannot be made if the personal
information is explicitly specified as a subject of collection in other laws
and regulations.
⑦ The Company verifies
whether the person making the request is the individual or a legitimate
representative upon requests for access, correction/deletion, or suspension of
processing according to the customer's rights.
Article 11 Personal
Information Protection Officer
① The Company manages and
takes overall responsibility for the processing of personal information, and
has designated a Personal Information Protection Officer as follows to handle
complaints and provide remedial measures for information subjects related to
the processing of personal information.
1) Personal Information Protection
Officer
Name:
Heo Jae-ho
Position:
Head of Technology/Information Protection
Contact: suncyan@suncyan.com
2) Personal Information Protection
Department
Department
Name : Information Protection Team
Contact: suncyan@suncyan.com
② Information subjects
may direct all inquiries related to personal information protection, complaint
handling, and remedial measures arising from the use of the Company's services
to the Personal Information Protection Officer and the Personal Information
Protection Department. The Company will respond to and process inquiries from
information subjects without delay.
Article 12 Remedial
Measures for Infringement of Rights and Interests of Information Subjects
① Information subjects
may apply for dispute resolution or consultation with the Personal Information
Dispute Mediation Committee, the Personal Information Infringement Report
Center of the Korea Internet & Security Agency, etc., in
order to receive remedial measures for personal information
infringement. For other reports and consultations on personal information
infringement, please contact the organizations below.
1) Personal Information
Dispute Mediation Committee: (no area code needed) 1833-6972 (www.kopico.go.kr)
2) Personal Information
Infringement Report Center: (no area code needed) 118 (privacy.kisa.or.kr)
3) Cyber Investigation
Division, Supreme Prosecutors' Office: (no area code needed) 1301
(www.spo.go.kr)
4) National Police
Agency: (no area code needed) 182 (ecrm.police.go.kr)
Article 13 Obligation to
Notify the Privacy Policy
① The current Privacy
Policy has been amended as of May 7, 2026.
-
Privacy Policy version number: v1.2
-
Effective date of the Privacy Policy: May 7, 2026
② Previous privacy
policies can be viewed by checking the effective date at the top of this page.