Effective Date: November 1 2021
Thank you for playing SUPERFLEX games.
SUPERFLEX (hereinafter referred to as “the company") does its best to be transparent about how users’ personal data (hereinafter referred to as "personal information" or "data") is protected and processed in order to ensure the safe use of its services.
The company's policy will be updated to reflect any new regulatory or legal changes. If the policy is significantly altered, the company will do its best to notify users via pop-up screens or announcements.
Name of the controller: SUPERFLEX Inc
Attn: Privacy Team / email: firstname.lastname@example.org
Address: NEOWIZ PANGYO TOWER, 6F,14, Daewangpangyo-ro 645beon-gil, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea (13487)
B. The company collects personal information legally.
The categories of personal information collected by the company differ by the services you use.
<Collected directly from the user>
Name and tag set by the user
Customer support records (chat records, etc.)
Additional information from participating in surveys and marketing
Other information that the user has agreed to can be used for only those purposes
<Data collected automatically>
The company can collect information about the devices that users use to access the service (mobile device information, OS information, country, IP address and mobile device identification information, ad ID (ADID, IDFA).
Gameplay data, purchases and interactions between other players using the service
<Data collected from partner companies>
Data received and information permitted to use by linking the service with a third-party tool (Facebook, Google, etc.)
Information provided by the platform or payment service provider (payment verification information, etc.)
Ads and surveys used for the purpose of analyzing and providing better experience to the user
C. Personal information is collected and used only for specific and lawful purposes.
The company treat all information related to the user’s account as personal information. Also, the data is stored for a minimum period necessary to provide the best service to the user.
Account creation (user identification) and user’s use of game service
Verification and confirmation of payment
Sending service-related notices
Replying to inquiries
Sending relevant information such as updates, security warnings, and support messages
Prevention abusive users (abuse of refunds in the game, etc.)
Other information that the user has agreed to can be used for only these additional purposes
D. No personal information is shared or sold to third parties outside of these purposes.
The company will not share of sell user information to a third party without the user’s consent. However, the company can share information that cannot be used to identify individuals, such as statistics and public information. The company may sometimes handles personal information by entrusting work to provide email, prize delivery, and customer support services. Regarding this consignment work, the company will enter into a written contract with a third party that will include various personal information protection measures. If you do not wish to share this information, you may leave the service at any time.
The company may share personal information in order to comply with legal procedures such as rights protection, court orders, or to comply with requests from government agencies or other related agencies, or if there are justifiable reasons.
<The company’s service provider>
Google, LLC (email@example.com)
- Service: IDLE DeathKnight.
- Country of transmission: South Korea, the United States.
- Consignment information: user identification information, service usage record, advertisement identifier ID (ADID, IDFA)
- Consignment: System operation and data storage using Google Cloud Platform service.
- Retention period: Retention until the termination of the contract or withdrawal of consent.
<User rights for international transmission>
In the event of a reason for transmission, user data may be transmitted to a computer system located between the user's countries for use, processing, or storage, and may only be used for the purposes specified in this policy. Furthermore, users have the ability to modify, delete, and restrict data sent overseas.
<Other companies and public institutions>
The company can provide information to public authorities upon request in order to verify payments (in collaboration with payment service providers) and to prevent fraud and illegal activities.
E. Personal information will be securely destroyed after use during the legal retention period.
Personal information is held and used while the user maintains the service. Once the purpose of using personal information is met, it is securely destroyed without delay so that it cannot be restored. However, there will be a seven-day grace period of retaining the data following the withdrawal request in order to prevent illegal use, such as personal information theft. Furthermore, the minimal amount of data is retained for the time period specified and is not used for any other purpose other than for the reasons listed below.
<Retention period determined by the company's policy>
Prevention of fraudulent use: 1 year
<Retention period in accordance with relevant laws and regulations>
Records regarding contract or withdrawal of subscription, etc.: 5 years
Records of payment and supply of goods, etc.: 5 years
Record for consumer complaints or dispute resolution: 3 years
Record of service visits: 3 months
Other records with consent from the user
F. Users can refuse to use of the automated personal information collection device.
Cookies are pieces of information that a website stores on your computer when visiting a website. Cookies can also be used by the company to collect data about users, and may be used to send data between the company and users in accordance with policies. Users can choose to turn off all cookie settings, or have the computer alert the user whenever they are sent through browser settings. Each browser has a slightly different setting method, so look at the browser's help menu to learn how to set your cookie settings. Turning off cookies may prevent access to many features that can make the guest environment more efficient, and some services may not work properly.
The Internet Protocol ("IP") address is a unique number assigned to the server or Internet service provider ("ISP"). The IP addresses can be tracked by the company for system management, statistical reporting, site tracking, security, or to prevent server abuse.
<Customized online ads>
Customized online advertisements are marketing techniques that provide services that take into account user characteristics by analyzing users' online usage types and access records, and they can be collected automatically when users visit sites or run apps. Users can refuse to receive online customized advertisements from mobile applications by checking their privacy settings and disabling "allowing app tracking requests" on Apple iOS devices or selecting "refuse to receive interest-based advertisements" on Android devices.
Advertising Businesses: Google Admob, Facebook Audience Network
G. The company is dedicated to protecting your rights.
<Right to access and receive data>
Users have the right to inquire about how their data is handled and receive relevant information from the company. The company will send you an electronic copy of your personal information if requested.
<Right to limit the processing of personal information>
In certain cases, users have the right to request restrictions on processing of their personal information.
Refusal to receive marketing emails and other direct marketing materials: You can opt out of receiving promotional materials such as marketing emails from the company by following the instructions written on the sent forms or by changing your game settings.
Push notification: You can receive push notifications from the company via the company's mobile application. You can opt out of receiving these notifications at any time by changing your mobile device's settings.
<Right to transfer data>
Users have the right to transfer data to third parties. However, not currently applied to the company's operations, the company will provide a copy of the data containing the user's most basic account information if the user requests it.
<Right to delete data>
Users may request (1) their marketing information be deleted or (2) their service account information be deleted. After a seven-day grace period following the withdrawal request, the user's account will be completely deleted. After deletion, all game information, account history, and other assets will be erased, and any assets left on the account will not be refunded.
The company may hold data to (a) protect its business, systems and users from fraudulent activity, (b) address technical issues that impair existing functions, (c) exercise the necessary rights to the company or other users, (d) comply with legal enforcement requests in due course, (e) for scientific or other purposes, and (f) comply with legal obligations. The company will do its best to respond quickly to the needs of the users. However, due to the consequences or measures resulting from the user's request, the user's use of the service may be restricted or blocked.
*Note: California residents may have additional rights. Please see section K. Appendix (privacy rights for California residents) for more information.
You may exercise your rights in accordance with local law.
You have the right to have your information corrected and/or deleted, as well as to object or limit how we use or share your information. You also have the right to withdraw your consent at any time.
Within a reasonable time frame, the company may respond to the user's request. You may also contact your local data protection authority if you have an unresolved privacy or data use concern because the company has not been able to address it properly.
H. The company maintains the integrity and security of the data.
The company employs technical, administrative, and physical security measures to prevent loss, theft, leakage, forgery, alteration, or damage to user data. Although the Internet is not a completely safe environment and security risks are constantly evolving, the company will continue to make efforts to secure the system and protect users' data.
I. The company has a special obligation to protect children’s (minor’s) data.
The company acknowledges that it has a special obligation to protect children's data (age required by local law).
The majority of the company's services (online, mobile, and others) are for the general public and do not collect data from children on purpose. Furthermore, if it is determined that the user is under the game's age limit, the company will stop providing services to the user. Please keep in mind that if a parent or guardian agrees to let their children use the company's services, they will be able to use communication services that the general public uses, such as mail, chatting, and online groups, and that information may be disclosed to other users.
If a parent believes that their child's personal information has been collected without their permission, they can contact the company and request that their child's data be deleted. The collected data is kept secure in accordance with the policy. As a result, if the policy changes, parents and children will be notified of the changes in a reasonable manner.
J. Comments and inquiries
If you have any questions or comments about the company's data protection, please contact us via email: firstname.lastname@example.org
The company conducts regular audits of regulatory and legal compliance. The company provides personal information protection and security guidelines to executives and employees, as well as conducts education and awareness campaigns to protect personal information so that users' data is safely protected. When we receive an official inquiry, we will contact the user who provided the opinion and actively follow up. To resolve complaints that cannot be resolved directly with the company, we will work closely with regulators, including local data protection agencies.
K. Appendix (privacy rights for California residents)
The policies in the Appendix apply to California residents only. Link
<Right to know>
California residents have the right to request the information listed below. The company will make data easily accessible to users. Contacting the company is the simplest way to obtain that information. If the company requires additional information to identify the user, it will contact the user and request information, which may include personal information about the user or information about the company's previous purchases/use of products or services. If the company only rejects a portion of the user's request, it will explain why in an answer.
Lists of third parties to which data is sold, disclosed for service purposes, or otherwise shared with: Section D. of the Policy on Privacy describes the types of personal information with which data is shared.
<Right to be forgotten>
If you are a California resident, you can ask the company to delete the collected personal information. Account deletion by the company is permanent and irreversible, and all games, assets, and histories will be permanently deleted. The company may hold data to (a) protect its business, systems and users from fraudulent activity, (b) address technical issues that impair existing functions, (c) exercise the necessary rights to the company or other users, (d) comply with legal enforcement requests in due course, (e) for scientific or other purposes, and (f) comply with legal obligations.
Furthermore, the company requires specific types of information in order to provide its services to users. Contacting the company is the simplest way to submit a deletion request. If the company requires additional information to identify the user, it will contact the user and request information, which may include personal information about the user or information about the company's previous purchases/use of products or services. If the company only rejects a portion of the user's request, it will explain why in an answer.
<Right to withdraw afterwards>
California residents may be exempt from the CCPA's definition of "sale" of personal information. The following cases, however, are not included.
In the case a user requests the company to disclose personal information or interact with a third party, the third party does not sell the personal information.
The company may use or share identifiers to alert third parties who have stopped selling personal information at a user’s request.
The user's data is transferred as part of a transaction in which a third party controls all or part of the company's services. In this case, the third party must notify in writing if the method of using, sharing, and sharing the data significantly changes.
The company uses or shares user data in accordance with written contracts with service providers that are required to carry out business functions. At this time, the service provided by the service provider replaces the company, and the written contract prohibits the company from storing, using, or disclosing user data for purposes other than those specified in the contract.
<Right not to be discriminated against>
The company will not discriminate against users who exercised their rights in a reasonable manner while using the company's services.
If a legal representative is designated to exercise the right on the user's behalf, the representative must (a) provide written permission to exercise the right on the user's behalf, and (b) provide evidence to prove the legal representative's identity. If the representative fails to meet these criteria, the company will refuse to exercise its rights.
<California Shine the Light law>
California residents have the right to request the information once a year if personal information was shared with a third party for marketing purposes in the previous year.
<Privacy rights of minors>
Minors in California have the right to request view, edit, or delete content and data posted on bulletin boards or forums related to the company's services.
Please note that all users have access to the company's bulletin board and forum. The company strongly advises users not to post personal or sensitive information. Residual copies of content and data deleted in response to a request may remain on the backup server. Furthermore, if the information has been copied or republished by a third party (e.g. another user), the company no longer has control over the content or data. You are also not required to delete posted content or data if it is anonymous.
The company may keep your information in order to resolve disputes, fulfill contracts, or comply with legal requirements. It will not be used for any other purpose in this case.