BLESS UNLEASHED POLICY

NEOWIZ Privacy Policy Revision Date: [ August 02, 2021 ]

The privacy policy (hereinafter ‘Policy’) shall be applied to all the global online services of NEOWIZ (hereinafter ‘Company’).
The Company is doing its best for safely using the service of the Company by transparently disclosing to the user how the precious personal information (hereinafter ‘Personal Information’ or ‘Data’) of the user is protected and handled.
The Company changes the Policy to reflect the relevant details if the regulation or the law is changed. In case of the major change of the Policy, a reasonable effort will be made to notify it to the user through the popup screen or the public notice. It is important for the user to frequently check the Policy for the user’s right (Right to Informational Self-Determination).

1. Personal Information Controller
The user provides Personal Information for the Company unless stated specifically for using the service. The Company can put an external specialty company in charge of Personal Information for service improvement. For example, if an article is bought from the Company and a request for sending it by FedEx is made, the Personal Information of the user will be shared by FedEx. In this case, the Company will take a reasonable action on protecting the Personal Information of the user through the written contract complying with the Policy.
The contact information of the Data Protection Officer of the Company is as follows.
Privacy Policy
DPO (Data Protection Officer)
Company NEOWIZ corporation
Name Sungsub Hwang
Address NEOWIZ PANGYO TOWER, 14, Daewangpangyo-ro 645beon-gil, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea (13487)
E-Mail privacy@blessunleashedpc.oqupie.com
2. Personal Information Collection Method
The Company collects Personal Information from the user with the following method.

Direct Provision by the User
In general, the user submits Data directly through (1) the service or product purchase through the online platform of the Company, (2) the online game participation registration or the account and product registration, (3) the forum, (4) the contest registration, (5) the game or service use, (6) the survey, (7) the technical and customer support services, and (8) the newsletter. The submitted Data can include the name, the phone number, the e-mail, or the home address. Especially, the user should recognize that Personal Information can be included in the contents generated by the user including chatting and that the Data can be seen or heard by another user. Hence, the user should avoid the disclosure of the information enabling the identification of an individual as much as possible.

Service Use
The user submits (1) the game play and the activity within the game, (2) the service used, (3) the device information in case of service installation or access, and (4) the IP information. The Company can use the information for approximate positioning, service statistics, and system integrity (preventing hacking and fraud) or security.

External Platform
Relevant Data can be collected if the account is connected with another company such as the external console platform (Steam, XBOX, etc.).
3. Information Collected
The Company handles all the information related to the user account as Personal Information. Furthermore, Data are stored only for the minimum period needed for providing the best service for the user.

Account Information
The user account information means the Data provided and generated during account creation. The user can log in its account and update the most of the Data in the account setting. (Ex.: ID or e-mail, account name, nickname, and membership information)

Customer Support Service
The Company is outsourcing the operation of the customer support system (Company Name: Onionfive, https://oqupie.com). The Company or the outsourcee can request the Personal Information of the user to provide the satisfactory customer support and consultation system. (Ex.: Customer name, e-mail, IP address, inquiry details, compensation provision history, sanction history, contact information, customer service consultation history, and account information) The Company cannot provide the satisfactory customer support service for the user not agreeing on the policy.

Transaction Information
The Company collects the transaction details related to purchase. The billing service providers (Payletter and Paymentwall) collect and handle the request information of the user, but the request Data copy of the user and the API key of the corresponding payment method are provided for the Company. Transaction details can be possessed within 5 years. (Ex.: Order details and history, expense request, refund, payment details, delivery details, and compensation details)

Activity Information
If the user uses the Company service, the Company collects the relevant log. In most cases, the log is kept for 90 or more days and for 1 year at maximum. (Ex.: IP address, access date and time, activity area and log, and the detailed information on the service use)

Device Information
The information on the device the user utilizes for the service use can be collected. (Ex.: Device model, operating system and version, unique device identifier, advertisement ID, MAC address, and log information)

Game Information
The information collected by the Company includes the technical information on the device and software used for access to the service or the game. Furthermore, the safe and stable service is provided for the users with the Easy Anti-Cheat solution of KAMU for the best service. Whenever a user starts a new game session, the KAMU client will automatically install the latest version suitable to the user system. The Company will detect and prevent the cheat used in the game by having the Easy Anti-Cheat solution check the user system whenever the game software is used. The Easy Anti-Cheat solution analyzes the game binary and scans the system memory to save the information on the cheating method and on the relevant data for cheat prevention. Please refer to the Privacy Policy of KAMU for more details.

Location Information
If the user utilizes the position information service, the Company can collect and handle the information on the actual user position like the GPS signal sent by the mobile device.

Unique Application program Number
The unique application number is included in the specific service. The number and the installation information (Ex.: The operating system type and the application program version) can be collected by the Company when the corresponding service is installed or removed or when the corresponding service periodically communicates with the server like the update.
4. Use of the Collected Data
The Company operates the service by using the Data collected from the user. Moreover, the Company can use the Data to prevent the repetitive input of the same information and to provide the more convenient use of the service for the user. Work can be outsourced to a third party playing the proxy role for the Company to facilitate the service, and the user Data can be provided in case of outsourcing. Furthermore, the Company can request the use of Personal Information according to the reasonable consideration and decision (1) if it is requested to comply with the corresponding law or regulation and (2) if it is needed to protect the rights and benefits of the Company officers and staffs and the agent or the user.
5. Data Sharing
The Company doesn’t share the user Data with or sell them to a third party without user’s consent. However, the Company can share the information disabling the identification of an individual like statistics information and public information. The Company sometimes handles Personal Information by outsourcing the work for e-mail sending, gift delivery, and customer support service. The Company will conclude the written contract on the outsourced work with a third party and will specify various Personal information protection actions in the corresponding contract. The user who doesn’t want the data sharing is advised to withdraw from the service anytime. The Company can share Personal Information if it is needed to comply with the legal procedure including the right protection and the court order and with the request of the government agency or another relevant agency or if there is a justifiable reason. Furthermore, in case of merger, acquisition, or bankruptcy, the user Data can be transferred to the successor company.
Privacy Policy
Data Processor Name of the Consigned Work Storage and Destruction of Personal Information
EliteGames Customer Service Center Stored for 3 years
Onionfive inc. Customer service program development and operation In case of the end of the consignment contract
GameOn Co., Ltd Customer Service Center Stored for 3 years
Megazone Cloud(AWS) Platform operation In case of the end of the consignment contract
Payletter Payment agency Stored for 5 years
Korea Credit Bureau Cellphone verification In case of membership withdrawal
m2net Mobile gift voucher, a free gift shipping agent Store for 3 months from the date of completion of shipment
Emfoplus LMS(Long Message Service) Stored for 6 months
6. User Rights and International Transfers of Personal Data
Storage and International Transfers Handling
The computer system processing the Data collected from ‘Bless Unleashed’ among the services of the Company is based in the USA. The user Data can be transmitted form the user’s country to the computer system located in the USA for use, processing, or storage and can be used for the purpose specified in the policy. Moreover, the user has the right to Data modification, deletion, and restriction.
Privacy Policy
Company Name Transfer Country Transfer Purpose Transferred Personal Information Item Transfer Date, Time, and Method Personal Information Use Period Chief Privacy Officer and Contact Information
EliteGames Philippines Customer Service E-mail, Nickname, device information (OS version, PC DirectX Diagnostic result) Transmission through the network in case of submitting business talk details 3 years Seungwon SHIN, sshin@eliterising.com
NEOWIZ South Korea Customer Service E-mail, Nickname, device information (OS version, PC DirectX Diagnostic result) Transmission through the network in case of submitting business talk details 3 years Sungsub HWANG, privacy@blessunleashedpc.oqupie.com
GameOn Co., Ltd Japan Customer Service E-mail, Nickname, device information (OS version, PC DirectX Diagnostic result) Transmission through the network in case of submitting business talk details 3 years Masato Mugitani, blessunleashedpc_privacy@gameon.co.jp
Amazon Web Services United States of America Platform Operation Service use record, member information Online transfer In case of service withdrawal In case of the end of the consignment contract safeharbor@amazon.com
Membership Service Game Service E-mail, Name, date of birth, CI/DI, Access Log(ID, Time, IP Address, Country), System Information(CPU, GPU, MEM, OS Version), Game Log, Cookie

Right to Data Access and Receipt
The user has the right to check with the Company about how its Data are processed and to receive the relevant materials.

Right to Deletion
The user has the right to request the deletion of its specific data.

Right to Objection to Processing
The user has the right to request for not processing Data if the Company has no proper right to the user Data or data are used for marketing.

Right to Correction
The user has the right to correct the incorrect Data of the user. Log in the Company account and make a change by using the account management setting.

Right to Processing Restriction
The user has the right to request the processing restriction not to have Data processed anymore in the specific case.

Right to Data Transfer
The user has the right to transfer Data to a third party. However, it is not used for the Company business. However, the Company will provide the Data copy containing the most basic account information of the user at user’s request.
7. Cookies and Internet Protocol Addresses
A cookie is the part of the information a web site stores in the computer when visiting the web site. The Company can use a cookie to collect data from the user. A cookie can include the mutual Data transfer between the Company and the user according to the policy. The user can select through the browser setting that the computer makes a warning whenever a cookie is sent or that all cookies are turned off. As the setting method is a bit different for each browser, the cookie modification method needs to be consulted through the help menu of the browser. Turning off the cookie disables the access to many functions making the guest environment more efficiently and some services not operated properly. The Internet Protocol (“IP) address is the unique number assigned to the server or the Internet Service Provider (“ISP”). The Company can track the IP address for system administration, aggregate information report, site tracking, security purpose, or server abuse prevention.
8. Data Deletion Method
The user can request the deletion of (1) the marketing information of the user or (2) the account information of the Company. The user account is deleted completely if the grace period of 7 days passes after the withdrawal request. Game information and history are completely deleted after deletion, and the refund of the possessed asset is impossible.
However, the Company can possess Data (a) to protect the business, the system, and the user from the fraud act, (b) to resolve the technical problem damaging the current function, (c) to exercise the necessary right toward the Company or another user, (d) to accept the law enforcement request based on the legal procedure, (e) to achieve the scientific or another purpose, and (f) observe the legal duty. The Company will do its best to respond to the user’s request fast. The service use of the user can be restricted or blocked due to the result or action caused from the user’s request.
Remark: A California resident can have the additional right. Please refer to Section 12.
9. Data Integrity and Security
In case of processing the user Data, the Company takes technical, administrative, and physical security actions prevent loss, theft, leakage, forge, falsification, or damage. However, the Internet is not a completely safe environment depending on the characteristics with the security risk evolving incessantly. However, the Company will make persistent and reasonable efforts steadily to protect the user Data and to secure the system security.
10. Children’s Personal Data
It is agreed that the Company has the special obligation on protecting the children’s personal Data.
Most of the Company services (online, mobile, and the others) are for the general public, and no Data are collected intentionally from children. Moreover, if it is checked that the user is below the game age grade, the service provision for the corresponding user will be blocked. If parents agree on the child’s use of the Company service, the communication services used by the general public like e-mail, chatting, and online group are used together and that information can be disclosed to other users.
If parents find the unpermitted collection of the personal information of the children, it is possible to contact the Company and request the deletion of the children’s personal Data. The security of collected data is maintained consistently with the policy. Hence, a policy change will be notified to parents and children with the reasonable method.

NEOWIZ ‘Bless Unleashed’ Game Age Grade:
- North America ESRB Teen(13)
- Europe PEGI 16
- Germany USK 12
- ROK GRAC 18
11. Opinions and Inquiries
If you have a question or an opinion on the Data protection of the Company, contact us through privacy@blessunleashedpc.oqupie.com.
The Company regularly reviews the observance of the regulation and the law. In order to protect the user Data safely, the Company delivers the personal information protection and security guidelines and provides education and campaign for personal information protection. If an inquiry is received officially, the user presenting the opinion will be contacted for taking a follow-up action actively. In order to resolve the complaint that cannot be handled directly with the person concerned, the close cooperation with the regulation authority including the local Data protection agency will be made.
12. Appendix (Privacy Right for California Residents)
The California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA) awards local residents the rights to have the company follow the request without discrimination in case of requesting Data disclosure, deletion, and sales. If the user requests the California privacy right, the Company will check the user identification for security. Moreover, the user can exercise its right in place of the user by designating an agent. The appendix explains the method for exercising the right and the Company process for handling the request.

Right to Know
A California local resident has the right to request the following Data.
• The specific part of the data the Company has for the user
• The category of the Data collected, sold, or disclosed for the work on the user within the last 12 months
• The purpose of Data collection or sales
• The list of the third parties to whom data were sold or disclosed for service or with whom Data were shared
The Company will provide Data in the easily checkable form if possible. The easiest method for requesting the corresponding Data is to contact the Company. If the Company needs additional information to check the user identification, the Company will contact the user to request the Personal Information of the user and the information on the past purchase and use of the Company product or service. If the Company rejects only the part of the user’s request, the reason will be explained through the answer.

Right to Data Transfer
Please refer to [6. User Rights and International Transfers of Personal Data].

Right to Be Forgotten
If the user is a California local resident, the request for deleting the collected Personal Information can be submitted to the Company. The account deletion by the Company is permanent and irrevocable with all games, assets, and histories deleted permanently. The Company can possess Data (a) to protect the business, the system, and the user from the fraud act, (b) to resolve the technical problem damaging the current function, (c) to exercise the necessary right toward the Company or another user, (d) to accept the law enforcement request based on the legal procedure, (e) to achieve the scientific or another purpose, and (f) observe the legal duty. Furthermore, the Company needs a specific type of information to provide the Company service for the user. The easiest method for submitting the deletion request is to contact the Company. If the Company needs additional information to check the user identification, the Company will contact the user to request the Personal Information of the user and the information on the past purchase and use of the Company product or service. If the Company rejects only the part of the user’s request, the reason will be explained through the answer.

Right to Opt-Out
California local residents can escape from the sales of Personal Information as defined in the CCPA. However, the following cases are not included.
• If the user requests the Company to disclose Personal Information or requests the interaction with a third party, the third party doesn’t sell the Personal Information.
• The Company can use or share the identifier to make a warning to the third party for which the sales of Personal Information are suspended at the user’s request.
• The user Data are transferred as the part of the transaction of fully or partially governing the Company service. In this case, if a third party substantially changes the use, sharing, and sharing method of Data, a written notification should be made.
• The Company uses or shares user Data with the service provider needed for achieving the work purpose according to the written contract. The service is provided by the service provider in place of the Company, and the written contract of the Company prohibits the storage, use, or disclosure of user Data except for the specific purpose identified in the Contract.

Right to Non-Discrimination
The Company doesn’t discriminate against the user’s reasonable right exercise during the use of the Company service.

Agent
If an agent is designated for the right exercise in place of the user, (a) the provision of the written permission enabling the agent to exercise the right in place of the user should be verified, and (b) Personal Information of the user and the information on the past purchase and use of the Company product or service. If the Company rejects only the part of the user’s request, the reason will be explained through the answer.

Right to Data Transfer
Please refer to [6. User Rights and International Transfers of Personal Data].

Right to Be Forgotten
If the user is a California local resident, the request for deleting the collected Personal Information can be submitted to the Company. The account deletion by the Company is permanent and irrevocable with all games, assets, and histories deleted permanently. The Company can possess Data (a) to protect the business, the system, and the user from the fraud act, (b) to resolve the technical problem damaging the current function, (c) to exercise the necessary right toward the Company or another user, (d) to accept the law enforcement request based on the legal procedure, (e) to achieve the scientific or another purpose, and (f) observe the legal duty. Furthermore, the Company needs a specific type of information to provide the Company service for the user. The easiest method for submitting the deletion request is to contact the Company. If the Company needs additional information to check the user identification, the Company will contact the user to request the Personal Information of the user and the information on the past purchase and use of the Company product or service. If the Company rejects only the part of the user’s request, the reason will be explained through the answer.

Right to Opt-Out
California local residents can escape from the sales of Personal Information as defined in the CCPA. However, the following cases are not included.
• If the user requests the Company to disclose Personal Information or requests the interaction with a third party, the third party doesn’t sell the Personal Information.
• The Company can use or share the identifier to make a warning to the third party for which the sales of Personal Information are suspended at the user’s request.
• The user Data are transferred as the part of the transaction of fully or partially governing the Company service. In this case, if a third party substantially changes the use, sharing, and sharing method of Data, a written notification should be made.
• The Company uses or shares user Data with the service provider needed for achieving the work purpose according to the written contract. The service is provided by the service provider in place of the Company, and the written contract of the Company prohibits the storage, use, or disclosure of user Data except for the specific purpose identified in the Contract.

Right to Non-Discrimination
The Company doesn’t discriminate against the user’s reasonable right exercise during the use of the Company service.

Agent
If an agent is designated for the right exercise in place of the user, (a) the provision of the written permission enabling the agent to exercise the right in place of the user should be verified, and (b) the evidence verifying the agent identification should be provided. If the agent doesn’t meet the requirements, the Company will reject the exercise of the right by the agent.

California “Shine the Light” Law
A California local resident user has the right to the annual request for the corresponding details of the data shared with a third party for marketing for the past year.

Adolescent’s Privacy Right
A California local resident adolescent has the right to request the perusal, modification, or deletion of the contents and Data posted in the bulletin board or forum related to the Company service.
Please be reminded that the corresponding bulletin board or forum of the Company can be publically seen by all users. The Company strongly recommends that all users shouldn’t post Personal or sensitive Information. Moreover, the remaining copy of the contents and Data deleted at the request may remain in the backup server. Furthermore, if the information is copied or posted again by a third party (Ex.: Another user), the right to control the corresponding contents or Data is not possessed. The posted contents or Data prepared anonymously may not be deleted.
The Company can possess user information for conflict resolution, contract fulfillment, or compliance with legal requirements. In this case, it is not used for another purpose.