■ Effective Date : March 15th, 2024
Privacy Policy for Fantastic Baseball
Wemade Co., Ltd (hereinafter "we", "our", "us", and "the Company") is committed to protecting the privacy and security of the personal data we collect about you and being transparent about the ways in which we collect and process your personal data.
PROCESSING ACTIVITIES COVERED BY THIS PRIVACY POLICY
This statement (hereinafter this "Privacy Policy" or this "Policy") sets out our policies and practices for handling the personal data we collect from or about you as a user of the game called "Fantastic Baseball" (hereinafter "Services").
It is important that you read this Privacy Policy, together with any other notices we may provide on specific occasions when we collect or process your personal data, so that you are aware of how and why we are using such personal data and what your rights are under the relevant data protection laws.
[If you are a California resident, please also see our California Privacy Statement.]
Our Services may contain links or integrate with other websites, platforms, applications, games, and services that are owned and maintained by third parties i.e., not us. The privacy practices of these third parties are not covered by this Privacy Policy and are covered by the privacy policies of those third parties. Please review those third-party privacy policies for more information.
If you have questions about any parts of the Privacy Policy, please contact us.
COLLECTION OF PERSONAL DATA
In this Privacy Policy, "personal data" means any information about an identified or identifiable individual. The type of personal data we collect from you depends on how you interact with us and our Services. We process the following categories of personal data from you when you use our Services:
- Contact information: your phone number and email address.
- Age information: if you are older than 16 years.
- Registration information: authentication tokens issued by the third-party platform (Google, Apple, and Meta) through which you logged in to sign up to the Services.
- Your team name, user tag, and server or app version.
- Residence status in California, USA.
- Information collected automatically using cookies or other tracking technologies such as web beacons, pixels, local storage, and scripts. You can find more information on this in our Cookie Policy, and you can also learn more about cookies by visiting www.aboutcookies.org or www.allaboutcookies.org.
- Gameplay data: access time, payment time, and payment history (levels and records of playing with friends (if necessary)).
- Information required to facilitate the processing of your purchases through third parties (App Store, Google Play Store, ONE store, and Galaxy Store): transaction date and time, transaction number, purchased product name, purchased amount, purchase market information, email address, and phone number.
- Information required to manage inquiries and requests from you: your in-game character name and information related to the issue you are contacting us about.
- Information necessary to organize an event: team name, user tag, server or app version, email address, and full name.
- Internet or other electronic network activity information: your accessing IP, device ID, and advertisement ID.
- Mobile device information: model name, carrier information, OS information, language and country information, unique device identifier, and advertising ID.
- IP address.
We receive the above categories of information from you when you directly provide it to us, or from other sources, including from other users of our Services or third-party services and organizations (e.g. Google, Apple, and Meta). Please see Appendix II for more information on personal data collected from third parties. Without this information, we may not be able to provide you with all the requested services, and the services we are able to provide may differ depending on the information you provide us.
We do not collect any sensitive personal data (i.e., personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data and biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation) or any personal data relating to criminal convictions and offenses. Please do not submit any sensitive personal data to us.
USE OF PERSONAL DATA
We will use your personal data for the following purposes:
- To provide you with the Services. We use your information to open and maintain your accounts, facilitate the functionality of our Services, and customize the Services (where applicable).
- To improve the quality of our Services. We use your information to maintain, improve, and administer our Services, including by troubleshooting, data analytics, and testing.
- To keep our Services and users safe. This includes detecting users illegally using our programs as well as preventing and responding to fraud, abuse, security risks, and technical issues.
- To provide support services relevant to the Services as requested by you.
- To invite you to an event, organize the event, and facilitate communications with you around the event and future events.
- To manage your preferences in relation to the use of cookies and other tracking technologies and also to ensure our Services function properly when the information is collected through essential cookies.
- To comply with applicable laws and regulations. This includes using your information to ensure compliance with our legal obligations (recordkeeping obligations and transparency obligations).
- To resolve disputes, enforce our contractual agreements, enforce our company policies (such as the operational policy), and to establish, exercise, or defend legal claims.
- To facilitate your purchases and transactions.
- To provide information about the Services during pre-registration. We use your information to offer updates and rewards for the pre-registration.
We will use your personal data under the following legal bases as described in Appendix I:
1. To fulfill the terms of the contract we have entered into with you. When you sign up for our Services, we provide you with our Terms of Service.
2. To comply with our legal obligation.
3. To protect our legitimate interests (or those of a third party). We rely upon this legal base only when our legitimate interests are compelling enough to override your rights.
4. When your consent is given.
AUTOMATED DECISION-MAKING AND PROFILING
We do not engage in profiling or other automated decision-making during our relationship with you.
DISCLOSURE OF PERSONAL DATA
We may share your personal data with third parties in the following contexts:
- Disclosure to our affiliates:
We may share your personal data with Wemade Entertainment USA to process service operations such as customer service and community management.
- Disclosure to our service providers:
We use third-party vendors and service providers (or "processors") to process your personal data for the purposes outlined above. Our processors operate only in accordance with our instructions, in line with this Privacy Policy, and are subject to appropriate confidentiality and security obligations. Our processors include companies that assist us in managing support requests from you and are our cloud service providers. Please see Appendix I for more information on personal data shared with third parties.
- Disclosure to external controllers:
We share your personal data with external controllers to process your personal information for their own purposes, primarily to process payments and facilitate access to the Services. Please refer to the privacy policies of those third-party controllers to understand what personal data of yours they process and why.
- Disclosure pursuant to business transfers:
We may share your personal data in connection with a substantial corporate transaction, such as the appraisal or evaluation of our business, a sale, a merger, consolidation, asset sale, joint venture initial public offering, or in the unexpected event of bankruptcy.
- Disclosure for legal purposes or to obtain professional advice:
We may also disclose your personal data to law enforcement agencies, governmental authorities, legal counsel, and external consultants in compliance with applicable personal data protection laws.
- Disclosure with your consent:
Lastly, we may also share information about you with third parties when you have consented to it.
Please see Appendix I for more information on personal data provided to third parties.
Our Services allow you to upload and share messages and other content with others. If you choose to engage in public activities on the Services, you should be aware that any information you share there can be read, collected, or used by other users of these areas. You should always exercise discretion and use caution when disclosing information while participating in these areas. We are not responsible for how others use the information you choose to submit in these public areas.
When you use our Services, we will need to transfer your personal data to countries where we, our affiliates, service providers, and third-party controllers operate. These areas include the Republic of Korea, the Republic of Singapore, and the United States of America.
European Economic Area users: If a recipient of your personal data is located outside of the European Economic Area (hereinafter "EEA") in a country that is not recognized by the European Commission as ensuring an adequate level of data protection, we will implement appropriate measures to ensure that your personal data remains protected and secure when it is transferred outside of your home country, in accordance with applicable data protection and privacy laws. For the EEA, these safeguards include data transfer agreements implementing the European Commission's Standard Contractual Clauses (a form of data transfer agreement pre-approved by the European Commission as providing adequate safeguards for personal data). You may ask for a copy of such appropriate measures by contacting us using the contact details at the end of this Policy.
CHILDREN
Our Services are not intended for anyone under the age of 16. We do not knowingly collect or sell any information from individuals younger than 16 without parental consent or as otherwise permitted by applicable law.
DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to only those employees, agents, contractors and other third parties who have a business need for such access.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
DATA RETENTION
We will only retain your personal data for as long as necessary to fulfill the purposes set out above, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Some of the main criteria we use to determine specific retention periods include recording keeping obligations under applicable law or industry standards, relevance to potential litigation, and whether data is necessary for us to exercise our rights or maintain the Services. For more information on data retention periods, please contact us by using the information below.
YOUR DUTY AND RIGHTS IN RELATION TO YOUR PERSONAL DATA
Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and up to date. If you become aware of changes or inaccuracies in your information, you should inform us of such changes so that the information may be updated or corrected.
Your rights in connection with personal data
You may be entitled, in accordance with applicable law, to the following rights:
- Right to be informed. This right allows you to know what personal data we collect about you, why we collect it, who collects it, how long it will be stored, and who we share it with, amongst other things. Through this Privacy Policy, we are informing you of this processed information.
- Right of access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Right to correct or rectify your personal data. This right gives you the right to ask us to correct anything that you think is wrong with the personal data we have about you and to complete any incomplete personal data.
- Right to deletion of your personal data. This is called the right to erasure, the right to deletion, or the "right to be forgotten." This right means you can ask for your personal data to be deleted. Sometimes we can delete your information, but other times it is not possible for either technical or legal reasons. If that is the case, we will consider if we can limit the ways we use it. We will also inform you of our reason for denying your deletion request.
- Right to restrict processing of your personal data. This is the right to ask us to only use or store your personal data for certain purposes. You have this right in certain instances, such as where you believe the data is inaccurate or the processing activity is unlawful.
- Right to data portability. This is the right to request we move or transfer your personal data, in a machine-readable form. It is the right to ask for and receive a portable copy of your personal data that you have given us so that you can move it, copy it, keep it for yourself and/or transfer it to another organization.
- Right to object to the processing of your personal data by us. This is your right to tell us to stop using your personal data. You have this right when you rely on a legitimate interest of ours (or of a third party). You may also object at any time to the processing of your personal data for direct marketing purposes. We will stop processing the relevant personal data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your personal data to establish, exercise, or defend a legal claim.
- Right to withdraw your consent. In case that the processing of your personal data is based on the legal basis of consent, you may withdraw your consent at any time. However, this will not affect the lawfulness of our processing before you withdrew your consent. It will also not affect processing performed on other lawful grounds.
If you wish to make a complaint about how we process your personal data, please contact us and we will endeavor to handle your request as soon as possible. You may lodge a complaint with a supervisory authority if you believe our processing of your information is unlawful. If you are in the EU, you can find the supervisory authority for your country and how to contact them in https://edpb.europa.eu/about-edpb/board/members_en. If you are in the UK, the supervisory authority is the Information Commissioner's Office, whom you can contact in https://ico.org.uk/make-a-complaint/your-personal-information-concerns.
How you can exercise your rights:
To exercise any of your rights, please contact us by using the contact details at the end of this Privacy Policy. When submitting a privacy request, please describe your relationship with us and provide sufficient detail to allow us to properly understand, evaluate, and respond to you.
We may need to request specific personal data from you to help us verify your identity. This is another appropriate security measure to ensure, for example, that personal data is not disclosed to any person who has no right to receive it.
If you wish to submit a request on behalf of another person, please provide sufficient information to allow us to reasonably verify that you are authorized by that person to make the request on their behalf.
How we will respond to your request:
We will confirm the receipt of your request within 10 business days, and, in that communication, we will also describe our identity verification process (if needed) and when you should expect a response unless we have already granted or denied the request.
Please allow us up to a month for us to reply to your requests from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason and the extension period in writing.
If we cannot satisfy a request, we will explain why in our response to you. For data portability requests, we will choose a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without difficulty.
We will generally not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.
In certain circumstances, we may decline a request to exercise the rights described above, particularly when we are unable to verify your identity. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.
DATA CONTROLLER AND CONTACT DETAILS
The Company is the data controller for the purposes of the General Data Protection Regulation (EU) 2016/679 (hereinafter "EU GDPR"), the UK GDPR and other applicable data protection laws. If you have any questions about this Privacy Policy or wish to contact the Company regarding your personal data or concerns you have about this Privacy Policy, please contact:
Company: Wemade Co., Ltd
Address: 49, Daewangpangyo-ro 644beon-gil, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea
Phone: +82-2-3709-2000
Email: privacy@wemade.com
Please allow up to one month for us to reply.
Data Protection Officer
We have appointed VeraSafe as our Data Protection Officer (DPO). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of Personal Data. VeraSafe's contact details are:
Company: VeraSafe, LLC (for the attention of: Anastasia Pavlou, Privacy Counsel)
Address: 100 M Street S.E., Suite 600 Washington, D.C. 20003 USA
Phone: +1 (617) 398-7067
Email: experts@verasafe.com
European Union Representative
Company: VeraSafe Netherlands BV
Address: Keizersgracht 555, Amsterdam, 1017 DR, The Netherlands
Phone: +420 228 881 031
Contact Form: https://verasafe.com/public-resources/contact-data-protection-representative
United Kingdom Representative
Company: VeraSafe United Kingdom Ltd.
Address: 37 Albert Embankment, London SE1 7TL, United Kingdom
Phone: +442 045 322 003
Contact Form: https://verasafe.com/public-resources/contact-data-protection-representative
CHANGES TO THIS POLICY
We will update this Privacy Policy to reflect changes in our practices and Services and take appropriate measures to notify you of any significant changes in accordance with applicable data protection laws. When we post changes to this Privacy Policy, we will revise the Last Updated date at the top of this Privacy Policy.
APPENDIX I
1. Details for Processing User Data
APPENDIX II
Personal Data Collected From Third Parties