SUNCYAN Inc. Privacy Policy
‘SUNCYAN Inc.’ (hereinafter referred to as the ‘Company’) complies with the Personal Information Protection Act and relevant laws and regulations to protect the freedoms and rights of data subjects, processing personal information lawfully and managing it securely.
Accordingly, in accordance with Article 30 of the 「Personal Information Protection Act」, the Company establishes and discloses the following Privacy Policy to guide data subjects through the procedures and standards concerning the processing and protection of personal information, and to ensure that related grievances are handled promptly and smoothly.
Article 1 Purpose of Processing Personal Information, Processing Items, and Period of Retention and Use
① The Company collects personal information within the minimum necessary scope to provide services in accordance with Article 15, Paragraph 1, Item 1 (Consent of Data Subject) of the 「Personal Information Protection Act」.
1) Items of personal
information processed with the consent of the data subject [Basis for
collection : Article 15, Paragraph 1, Item 1 (‘Consent’) of the 「Personal
Information Protection Act」]
The Company collects personal information from sources other than the data
subject as follows.
|
Source of Collection |
Items Collected |
Purpose of Processing |
Period of Retention and Use |
|
Google LLC |
UID, email, nickname, profile picture |
Identity verification, individual identification, prevention of fraudulent use and unauthorized use, confirmation of intent to register |
From the date of membership withdrawal, stored for 30 days and then discarded |
|
Apple Inc. |
2) Items of personal information processed without the consent of the data subject [Legal basis : Article 15, Paragraph 1, Item 4 (‘Performance of Contract’) of the 「Personal Information Protection Act」]
|
Category |
Items Collected |
Purpose of Processing |
Period of Retention and Use |
||
|
Customer Consultation |
Receipt of Complaints |
Required |
UID, platform used, device OS information, detailed information, attached file (problem screen screenshot, payment receipt) |
Response to game errors and resolution of technical issues |
Stored for 3 years from the date of complaint receipt and then destroyed |
|
Event |
Event Participation |
Required |
Participant: UID, photo, nickname, email address Winner: UID, name, phone number, address |
Entry for event promotions (pre-registration, etc.) and delivery of prizes |
Immediate destruction upon end of event |
② For purposes such as providing stable services, protecting accounts and items, complying with laws, and preventing fraudulent users, the following information may be generated and collected during the course of service use.
※ Information such as game data generated during game play (nickname), device information (model name, OS information, mobile firmware version, unique device identifier), PC information (browser information, OS information), IP address, cookies, access records, location and country information (derived from IP address), records of fraudulent use, and service usage records
Article 2 Period of Processing and Retention of Personal Information
① In principle, the Company destroys personal information after 30 days of retention upon achievement of the purpose of collection and use, expiration of the retention period, or membership withdrawal. (However, in cases where storage for a certain period is prescribed by laws and regulations or in accordance with internal Company policies, personal information will be stored securely for the relevant period and then destroyed.)
|
Legal Basis |
Retained Information |
Retention Period |
|
Article 6 of the 「Act on the Consumer Protection in Electronic Commerce」 and Article 6 of the Enforcement Decree of the same Act |
Records on contracts or withdrawal of offers |
5 years |
|
Records on payment and supply of goods, etc. |
5 years |
|
|
Records on handling of consumer complaints or disputes |
3 years |
|
|
Records on display and advertising |
6 months |
|
|
Article 15-2 of the 「Protection of Communications Secrets Act」 |
Website visit records (logs), tracking data of access locations |
3 months |
Article 3 Protection of Personal Information of Children Under 14 Years of Age
In cases where consent is required to process the personal information of children under 14 years of age, the Company shall obtain consent from the child’s legal representative. When obtaining the consent of a legal representative, consent is obtained after verifying/authenticating the legal representative during the sign-up stage on the external service platforms (Google, Apple, Steam) through which the child joined.
Article 4 Procedures and Methods for Destruction of Personal Information
① The Company shall destroy the relevant personal information without delay when it becomes unnecessary, such as upon the expiration of the personal information retention period or the achievement of the purpose of processing, in accordance with internal policies and relevant laws and regulations. However, for the purpose of preventing withdrawal due to user error and resolving consumer complaints and disputes, personal information will be destroyed immediately after a 30-day grace period from the date of withdrawal.
② The methods for destroying personal information are as follows.
1) Personal information stored in the form of electronic files is deleted using technical methods that make it impossible to restore.
2) Personal information printed on paper and received documents are destroyed through shredding or incineration.
Article 5 Provision of Personal Information to Third Parties
① The Company does not provide the personal information of the data subjects to third parties. However, in the following cases, personal information may be provided without the consent of the data subject.
1) Where there are special provisions in other laws
2) Where it is clearly recognized as necessary for the immediate interest of the life, physical safety, or property of the data subject or a third party
3) Where it is urgently necessary for public safety and well-being, such as public health
Article 6 Entrustment of Processing of Personal Information
① The Company entrusts the processing of personal information collected from service users as set forth below and provides information in accordance with Article 28-8, Paragraph 2 of the 「Personal Information Protection Act」.
② When entering into an entrustment contract, the Company specifies in documents such as contracts matters regarding the prohibition of processing personal information for purposes other than the performance of the entrusted tasks, technical and managerial protective measures, restrictions on re-entrustment, management and supervision of the trustee, and liability such as damages in accordance with Article 26 of the Personal Information Protection Act, and supervises whether the trustee processes personal information safely.
③ In the event that the contents of the entrusted tasks or the trustee change, we will disclose such changes through this ‘Privacy Policy’ without delay.
|
Legal Basis |
Recipient of Entrustment (Name of Entity / Contact Information) |
Items of Personal Information to be Entrusted |
Time and Method of Entrustment |
Purpose of Entrustment and Use |
Retention and Use Period of Personal Information |
|
Article 28-8, Paragraph 1, Item 3 of the 「Personal Information Protection Act」 (Entrustment of Processing/Storage) |
Amazon Web Services Inc. (aws-korea-privacy@ amazon.com) |
User identification ID, receipt information (region code, order number, package name, product identifier, purchase status) |
Transmission over the network at the time of service use |
- Data processing and storage - Data backup (storage) to protect user data from disaster, calamity, etc. |
Upon membership withdrawal or contract termination |
|
PingCAP (legal@pingcap.com) |
User identification ID, receipt information (region code, order number, package name, product identifier, purchase status) |
Transmission over the network at the time of service use |
- Data processing and storage - Data backup (storage) to protect user data from disaster, calamity, etc. |
Upon membership withdrawal or contract termination |
|
|
Google LLC (googlekrsupport@ google.com) |
User identification ID, email address, name, nickname |
Transmission over the network at the time of service use |
Identity verification and user information retention |
Upon membership withdrawal or contract termination |
|
|
Zendesk Inc. (privacy@ zendesk.com) |
UID, service platform, device OS information, inquiry type (payment/account/bug/recovery/other), details, attachments (screenshots of the issue, payment receipts) |
Transmission over the network at the time of service use |
Retention of complaint handling records |
Destroyed 3 years after the date of receipt |
Article 7 Overseas Transfer of Personal Information
The Company transfers the personal information collected from service users abroad as follows, and provides information regarding the overseas transfer in accordance with Article 28-8, Paragraph 2 of the 「Personal Information Protection Act」 as follows.
|
Legal Basis |
Recipient of Transfer (Name of Entity / Contact Information) |
Items of Personal Information to be Transferred |
Country of Transfer |
Time and Method of Transfer |
Purpose of Use |
Retention and Use Period of Personal Information |
|
Article 28-8, Paragraph 1, Item 3 of the 「Personal Information Protection Act」 (Entrustment of Processing/Storage) |
Amazon Web Services Inc. (aws-korea-privacy@ amazon.com) |
User identification ID, receipt information (region code, order number, package name, product identifier, purchase status) |
Japan |
Transmission over the network at the time of service use |
- Data processing and storage - Data backup (storage) to protect user data from disaster, calamity, etc. |
Upon membership withdrawal or contract termination |
|
PingCAP (legal@pingcap.com) |
User identification ID, receipt information (region code, order number, package name, product identifier, purchase status) |
Japan |
Transmission over the network at the time of service use |
- Data processing and storage - Data backup (storage) to protect user data from disaster, calamity, etc. |
Upon membership withdrawal or contract termination |
|
|
Google LLC (googlekrsupport@ google.com) |
User identification ID, email address, name, nickname |
United States |
Transmission over the network at the time of service use |
Identity verification and user information retention |
Upon membership withdrawal or contract termination |
|
|
Zendesk Inc. (privacy@ zendesk.com) |
UID, service platform, device OS information, inquiry type (payment/account/bug/recovery/other), details, attachments (screenshots of the issue, payment receipts) |
United States |
Transmission over the network at the time of service use |
Retention of complaint handling records |
Destroyed 3 years after the date of receipt |
※ Service use is not possible if you refuse the overseas transfer. If you do not wish for overseas transfer, you can proceed with membership withdrawal on mobile (Settings – Account – Withdrawal) or request membership withdrawal through Article 7 (Rights and Obligations of Data Subjects and Legal Representatives and Methods of Exercise).
Article 8 Measures to Ensure the Safety of Personal Information
① The Company establishes and implements an internal management plan for the safe processing of personal information, and designates a personal information protection officer.
② The Company limits the right of access to customers' personal information to the minimum number of personnel, and conducts periodic personal information protection training for the safe processing of personal information.
③ The Company adopts a security device (SSL) that can safely transmit personal information over the network using encryption algorithms, encrypts and stores important information of customers (passwords, unique identification information, financial information), and encrypts communication sections during transmission and reception.
④ The Company stores, backs up, and monitors the access records of the personal information processing system to prevent forgery or alteration of the access records.
⑤ The Company is doing its best to protect the personal information provided by customers by equipping vaccines, firewalls, and intrusion detection/prevention systems and updating them periodically. The personal information is being protected through the stable use of a system verified by a security certification company.
⑥ The Company periodically checks emergency measures in case of disasters through security mock training.
⑦ The Company physically and completely destroys personal information once the purpose of the personal information is achieved.
Article 9 Matters Concerning the Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
① The Company uses ‘cookies’ that store and frequently retrieve usage information to provide individualized services and convenience to data subjects.
※ Cookies are a small amount of information sent to the data subject's internet browser by the server used to operate the website and are stored on the data subject's PC or mobile device.
② Data subjects can set options such as allowing or blocking cookies through web browser option settings. However, if you refuse to store cookies, you may experience difficulties in using customized services.
1) Allowing/blocking cookies in a web browser
a) Chrome: Select ‘⋮’ at the top right of the web browser > New Incognito window (Shortcut key: Ctrl+Shift+N)
b) Edge: Select ‘…’ at the top right of the web browser > New InPrivate window (Shortcut key: Ctrl+Shift+N)
2) Allowing/blocking cookies in a mobile browser
a) Chrome: Select ‘⋮’ at the top right of the mobile browser > New Incognito tab
b) Safari: Mobile device settings > Safari > Advanced > Block all cookies
c) Samsung Internet: Select ‘Tabs’ icon at the bottom of the mobile browser > Turn on Secret mode > Start
Article 10 Rights and Obligations of Data Subjects and Legal Representatives and Methods of Exercise
① Customers may exercise their rights, such as requesting access to, correction, deletion, or suspension of processing of personal information, against the Company at any time.
② Rights under Paragraph 1 may be exercised directly through the Company email (support@suncyan.com).
③ Rights under Paragraph 1 may be exercised through writing, telephone, email, internet, etc., to the relevant department listed in Article 10 (Privacy Officer), and the Company will take action without delay.
④ Rights under Paragraph 1 may be exercised through a representative, such as the customer's legal representative or a person who has been delegated. In this case, you must submit a power of attorney in accordance with Form No. 11 of the [Notification on the Method of Processing Personal Information].
⑤ A customer's request for ‘access’ to personal information may be limited or refused in accordance with Article 35, Paragraph 4 of the Personal Information Protection Act, and a request for ‘suspension of processing’ may be limited by the proviso of Article 37, Paragraph 2 of the Personal Information Protection Act.
⑥ A request for correction or deletion of personal information cannot be made if the personal information is explicitly specified as a subject of collection in other laws and regulations.
⑦ The Company verifies whether the person making the request is the individual or a legitimate representative upon requests for access, correction/deletion, or suspension of processing according to the customer's rights.
Article 11 Personal Information Protection Officer
① The Company manages and takes
overall responsibility for the processing of personal information, and has
designated a Personal Information Protection Officer as follows to handle
complaints and provide remedial measures for information subjects related to
the processing of personal information.
1) Personal Information Protection Officer
Name: Heo Jae-ho
Position: Head of Technology/Information Protection
Contact: suncyan@suncyan.com
2) Personal Information Protection Department
Department Name : Information Protection Team
Contact: suncyan@suncyan.com
② Information subjects may direct all inquiries related to personal information protection, complaint handling, and remedial measures arising from the use of the Company's services to the Personal Information Protection Officer and the Personal Information Protection Department. The Company will respond to and process inquiries from information subjects without delay.
Article 12 Remedial Measures for Infringement of Rights and Interests of Information Subjects
① Information subjects may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center of the Korea Internet & Security Agency, etc., in order to receive remedial measures for personal information infringement. For other reports and consultations on personal information infringement, please contact the organizations below.
1) Personal Information Dispute Mediation Committee: (no area code needed) 1833-6972 (www.kopico.go.kr)
2) Personal Information Infringement Report Center: (no area code needed) 118 (privacy.kisa.or.kr)
3) Cyber Investigation Division, Supreme Prosecutors' Office: (no area code needed) 1301 (www.spo.go.kr)
4) National Police Agency: (no area code needed) 182 (ecrm.police.go.kr)
Article 13 Obligation to Notify the Privacy Policy
① The current Privacy Policy has been amended as of July 16, 2026.
- Privacy Policy version number: v1.3
- Effective date of the Privacy Policy: July 16, 2026
② Previous privacy policies can be viewed by checking the effective date at the top of this page.