Privacy Policy


Last Modified: November 12, 2020


Way2Bit Co., Ltd. (hereinafter referred to as the “Company”) values the personal information of its members, and abides by privacy protection regulations of related laws that the Company must comply with, such as the “Act on Promotion of Information and Communications Network Utilization and Information Protection” and “Personal Information Protection Act”.

The Company will inform Members of what information it collects, how it is used, how it is shared with others (“entrustment or provision”), and when and how it destroys information when its purpose of use has been achieved.


1. Items of Personal Information and Collection Method
The Company collects the minimum amount of personal information required to provide the Service.
We collect the minimum amount of personal information required through websites or applications in the process of sign up and Service use.
The Personal information collected from Members through customer support and service processing, events, surveys, and other event 
-Email, address, in-game nickname, STEAM ID, STEAM nickname 
The personal information collected from Members where it is inevitable for recovery, refund, etc. in the course of using free/paid services
-Email address, details of purchase confirmation, payment receipt for payment by another person, not himself/herself
The Company collects the information of Members in a way of the followings:
Receiving personal information from partner services such as STEAM, etc.
When Member submits a website input, written form, fax, telephone, or e-mail in the course of consultation through the customer support
Through participation in online and offline events

2. Purposes of Collecting and Using Personal Information
Personal information is used for managing subscribers, providing and improving Services, and creating new Services.
The Company collects and uses personal information of Members for the following purposes:
Confirmation of Member’s intent to sign up, verification of the identity of the Member, identification of the Member, and prevention of delinquent actions
Development of new Services and provision of various Services
Handling civil petitions such as inquiries or complaints, retaining records for dispute settlement, and delivering notices
Preventing and restricting actions that interfere with seamless Service operation (including any account fraud and delinquent actions)
Confirmation of event participation and use for marketing and advertising
Used to analyze Service use records and access frequencies, calculate statistics on Service use, establish Service environment for privacy protection and improve Service


3. Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR) 
The Company complies with the General Data Protection Regulation (GDPR) as well as the domestic laws of each Member of the European Union, including the UK.
The following may apply when the Company provides services to Members in EU countries and the UK.
[Purpose/Basis of Personal Information Processing]
The Company uses personal information collected from Members only for purposes specified in "2. Purposes of Collecting and Using Personal Information ", informs Members prior to any use thereof and asks for agreement.
In addition, the Company may process personal information in accordance with applicable laws including GDPR in any of the following cases:
Consent of the data subject
Sign and fulfil a contract with the data subject
Legal compliance
For the pursuit of legitimate interests of the company (except for cases where the benefits, rights or freedom of the data subject is more important than that of the company.)
[Guarantee of Members' Rights in EU Countries]
The Company is committed to protecting Members’ privacy. In accordance with applicable laws including GDPR, a Member may request that his or her personal information be transferred to another manager (right to portability) and refuse the processing of his or her information (right to object). In addition, a Member has a right to file a complaint with their respective data privacy protection supervisory authorities.
The Company may also use personal information for marketing purposes such as event promotion or advertisements, for which the Company obtains a prior agreement (consent). A Member may withdraw the agreement at any time if he or she doesn't want it.
A Member may inquire the foregoing matters to the Customer Service via document, (please see point 13 below) phone or email. The request will be handled in a proper and timely manner.
When a Member requests for the correction of personal information (right to rectification), the concerned information shall not be displayed until such correction is completed.
We have appointed The DPO Centre Ltd (www.dpocentre.com) to be our EU representatives within the European Economic Area (EEA). You can find their contact details below in section 13 if you would like to contact them directly regarding GDPR enquiries. 


4. Provision and Entrustment of Personal Information
As a rule, the Company does not provide personal information to any external party without consent from the Member.

The Company does not provide personal information to any external party without consent from the Member, and personal information is only provided to a third party after obtaining the Members’ consent within the scope necessary for using the services of external partners and others.
- Service: GranAge
- Recipient: PICTOLOGI / KR
- Purpose of Provision: Game services (operating games, responding to inquiries, delivery of announcements, promotion notifications such as events, marketing and events, delivery of prizes, paying prize money, and processing tax and public service charges)
- Personal Information to be Provided: Email address, in-game nickname, STEAM ID, STEAM nickname

However, exceptions are given below.
If there is a request from an investigating agency in accordance with procedures and methods prescribed by laws for investigation purposes or in accordance with the provisions of the laws

The company entrusts selected tasks to external companies to provide convenient and better services.
The company entrusts personal information to perform some of the necessary tasks in providing services from outside companies. And the Company manage and supervise the entrusted company to avoid violating the relevant laws and regulations; the contents of the Company's personal information consignment agency and consignment work are as follows.

(1) Entrusted Company: Amazon Web Service / US
- entrusted Tasks: Sending Email
- Personal Information Retention and Use Period: Until unsubscribing or the end of the entrustment agreement term

(2) Entrusted Company: Zendesk / US
- entrusted Tasks: User’s complaint and dispute settlement
- 3 years


5. Transfer of Collected Personal Information Overseas
The Company entrusts personal information outside of Korea to provide Members with the stability of service delivery and the latest technology, and stores the personal information acquired from or generated by the Member in a database owned by Google Cloud Platform (Google LLC) 
- Entrusted Company: Google Cloud Platform (Google LLC)
- Personal Information Transfer Country: Google Cloud Platform Service Area (North America, etc.)
- Chief Privacy Officer Contact Information: googlekrsupport@google.com
- Personal Information Items Transferred: All data including personal information collected and stored by the Company, such as email, in-game nickname, STEAM ID, STEAM nickname
- Transfer Date: Upon sign up and use of the service
- How to Transfer: Move data location to server located in Global Cloud area through a security-enhanced private network
- Entrusted Tasks: System administration and site operation through Google Cloud Platform
- Personal Information Retention and Use Period: Retain until unsubscribing or until the expiration date of personal information


6. Retention and Destruction of Personal Information
As a rule, the Company destroys personal information immediately when the purpose of collecting and using personal information is achieved.
Personal information stored in electronic files is safely deleted using technical methods, and information printed on paper is shredded or incinerated to prevent it from being restored or regenerated.
However, in order to minimize the damage caused by account theft when requesting unsubscription, it will be kept for thirty(30) days after requesting unsubscription and then destroyed.
The Company has implemented the “Personal Information Validity Period Plan”, which separately stores and manages or deletes the personal information of subscribers who have not used the service for one (1) year. The personal information that has been separated and stored for one (1) year will be destroyed without delay.

The personal information to be kept for a certain period in accordance with other laws and applicable regulations is as follows.
(1) Record of payment and provision of goods
    - Grounds Law: Act on the Consumer Protection in Electronic Commerce
    - Retention Period: 5 years
(2) Record of consumer complaint and dispute settlement
    - Grounds Law: Act on the Consumer Protection in Electronic Commerce
    - Retention Period: 3 years
(3) Record of consumer complaint and dispute settlement
    - Grounds Law: Act on the Consumer Protection in Electronic Commerce
    - Retention Period: 6 months
(4) Record of electronic financial transactions
    - Grounds Law: Protection of Communications Secrets Act
    - Retention Period: 5 years
(5) Records of sign-in
    - Grounds Law: Protection of Communications Secrets Act
    - Retention Period: 3 months


7. Member’s Rights and How to Exercise Those Rights
Members can go to “Manage Account” to view or update their personal information at any time.
Members can go to “Unsubscribe” to withdraw their consent to the collection and use of their personal information at any time.
If a Member requests that errors in their personal information be corrected, the personal information that is corrected cannot be used or provided until the corrections are made. If incorrect personal information has already been provided to a third party, the corrected information will be immediately made available to the third party so that necessary corrections can be made.


8. Technical and Managerial (Organisational) Measures for Privacy Protection
The Company takes the following technical and managerial (organisational) measures to ensure the safety of personal information in order to prevent personal information from being lost, stolen, leaked, altered or damaged while handling the privacy of Members.
Establishment of internal management plan
The Company establishes and implements and internal management plan for the safe management of personal information processed by the company.
Encryption of Member’s privacy
The Company encrypts and stores personal information such as Member’s email, and password using a secure password algorithm.
Measures against hacking, etc.
The Company is doing its best to prevent Members’ personal information from being leaked or damaged as a result of hacking or computer viruses. Personal information is backed-up on a regular basis as a preemptive measure against possible damages done to personal information, and the latest vaccine programs are used to prevent any leakage or damage of Members’ personal information. Encoded communication is also used to transfer personal information safely through networks.
Minimization of number of employees that handle personal information and their training
The Company restricts the number of personal information handlers to the minimum necessary for the performance of its business operations and has them recognize the importance of personal information protection through protection through administrative measures such as training.


9. Matters Regarding Installation/Operation and Rejection of Automatic Devices Collecting Personal Information
In order to provide personalized and customized services, the Company uses “cookies” that store and retrieve information of Members frequently.
Cookies are small text files sent to a Member’s browser by the server used to run the website and stored on the Member’s computer hard disk. When a Member visits a website, the website server reads the contents of the cookies stored on the Member’s hard disk and uses them to maintain the Member’s preferences and to provide customized services.
Cookies do not automatically and/or actively collect information that identifies individuals, and Members can refuse to save or delete these cookies at any time.
The Members have the option to set cookies. Therefore, the Member can set the options in the web browser to allow all cookies, to check every time a cookie is saved, or to refuse to save all cookies. However, if the Member refuse to save cookies, some of the Company’s services that need login may be difficult to use.
How to specify whether to allow cookies to be installed is as follows:
-Internet Explorer: Select Tools Menu > Select Internet Options > Click the Privacy Tab > Advanced Privacy Settings > Set Cookie Level
-Chrome: Select Settings Menu > Select Show Advanced Settings > Privacy and Security Section > Select Content settings > Set Cookie Level
-Safari: Select Preferences Menu > Select Security Tab > Set Cookie and Website Data Level
For more information about cookies and how we use them, please read our Cookie Policy


10. The Chief Privacy Officer
The Company has designated the Personal Information Protection Officer who will be responsible for answering the members’ inquiries regarding personal information and resolving any related complaints.
Personal Information Protection Officer: Igoo Lee
Division in Charge: Personal Information Protection Part
Phone No.: 82-31-778-8740
Email: privacy@way2bit.com
Contact the organizations shown below to file reports or seek consultation for other privacy infringements and get help:
Privacy Infringement Report Center: https://privacy.kisa.or.kr Tel. 118
Personal Information Dispute Mediation Committee: https://kopico.go.kr Tel. 1833-6972
Cyber Crime Investigation Unit, Supreme Prosecutor’s Office: https://www.spo.go.kr Tel. 1301
Cyber Terror Response Center, National Police Agency: https://cyberbureau.police.go.kr Tel. 182


11. Responsibility for Linked Sites
The Company may provide Members with links to other external sites.
In this case, since the Company has no control over external websites, it cannot be held responsible for the usefulness, truthfulness or legitimacy of the services or materials provided to the Members by external sites, and the privacy policy of the linked external sites is independent of the Company. Please check the website’s policies.


12. Obligation to Notify Before Amendments
Members will be notified of any revisions to this Privacy Policy, including any newly added, deleted, or updated information, through ‘Notice’ at least seven (7) days prior to the amendments.
However, notices on important amendments that affect Members’ rights, including changes to the personal information that is collected or to the purpose for using the information, will be made at least thirty (30) days prior to the amendment date. Member’s consent will be obtained again if needed.


13. How to Contact
Please contact us if you have any questions about this privacy policy or the information we collect and store from you.
If you wish to contact us, please send an email us at privacy@way2bit.com or mail us at our physical address at ATTN: Privacy, Way2Bit, 8F., 8, Seongnam-daero 331beon-gil, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea, 13558. If you are in the EU/UK, you can contact our Data Protection Officer by email at eurep@way2bit.com or at their physical address at DPO Centre Ltd., 50 Liverpool St., London, United Kingdom, EC2M 7PR.
Additionally, as we are based in Republic of Korea, we have appointed The DPO Centre Ltd. To be our representative within the EEA. Their contact details are by email at eurep@way2bit.com or +44 203 797 6340. Alternatively, they can be reached by post DPO Centre Ltd., 50 Liverpool St., London, United Kingdom, EC2M 7PR. www.dpocentre.com