NDP HOLDINGS INC. (hereinafter referred to as the Company) utilizes users' personal data to provide some services in order to provide the best service to them.

This privacy policy contains the following matters in order to inform you of the purpose and method of using your personal data collected when you use the services (application programs, websites, etc.) provided by the Company and what measures are taken to protect personal data. This policy has been prepared under the Personal Information Protection Act of the Republic of Korea. And our company does its best to provide services in compliance with international standards.

The Company would like to inform you of the purpose and method of using the personal data provided by users through this Privacy Policy and what efforts the Company makes to protect users’ personal data.

This Privacy Policy may be changed due to changes in related laws and guidelines or changes in the Company's internal policies.


Article 1 (Users personal data collected and used)


1. When a user signs up for membership and the Company provides services, the following information may be collected and used in order to provide service and customer consultation smoothly.

Users who are members and their legal representatives may refuse to collect and use the following information at any time by withdrawing (withdrawal from membership) consent to provide personal data.

① Member ID (including an e-mail address), password, mobile phone number, birthdate, game version information, terminal and device information (a model name, carrier information, OS information and version, hard disk capacity, CPU (chipset), GPU, RAM, device identification number, MAC address, terminal language, and country information)

② ID, nickname, a friend list, contact information, profile pictures, names, gender, address, birthdate, language and country code on the external platform in the case of services that are linked to external platforms such as social media and chat services,

③ Service use records, access logs, payment records, IP addresses generated in the process of using the service

2. If a user intends to use additional services operated based on the user's personal data, such as a user’s participation in events/advertisements or purchase of paid content, the following information may be collected and used.

In such case, the Company must notify the user of the matters and obtain the user's consent.

① A user’s mobile phone number, address, gender, e-mail address, age, marital status, field of interest, or occupation

② Information of third parties (even in this case, the third party's information is only temporarily used and not stored) such as phone numbers and e-mails stored in the address book of the user's device, including a mobile phone, etc., in the case of services linked with the social community function

③ A user’s credit card number, ID and password of the payment affiliate companies for gift vouchers, and account number of the bank in the case of purchasing paid content or related services

3. If the service requires age verification or identity verification, the following information may be collected with the user's separate consent.

① Encrypted personally identifiable information (CI)

② Information on duplicate subscription confirmation (DI)

③ Name, birthdate, and gender

④ Information on whether a user is a native or a foreigner

4. The Company may collect personal data that Google provides by using the Google Analytics’ advertisement function and Appsflyer’s function as below. And a user may cancel the consent to such use by using the function in the Google advertisement settings or the advertisement environment settings for mobile apps.

① Remarketing using the Google Analytics

② Google Display’s network exposure report

③ Google Analytics’ demographics and interests report

④ Integrated service that enables data to be collected using advertisement cookies and anonymous ID via Google Analytics

⑤ Provision of the app and game analysis services


Article 2 (Method of collecting personal data)


1. The Company may collect users' personal data in the following ways;

① A user directly enters the data in the course of using the website or services.

② Collection of data through participation in events and promotions and a separate consent process when a user applies for events and promotions

③ Collection of data when a user voluntarily provides in a customer consultation or when the Company requests a user for necessary data afterward

④ Collection of data through partner companies and platforms in an affiliated relationship


Article 3 (Purpose of collection and use of personal data)

1. The Company may use the collected personal data for the following purposes;

① User management

- Individual identification in accordance with content provision, confirmation of a user’s intention to sign up, limits on a user’s subscription or the times of a user’s subscriptions, confirmation of a user’s duplicate subscriptions, confirmation of a user’s age and gender, confirmation of whether a user is a native or foreigner, management of faulty users, detection of abnormal users and restrictions on their use, fulfillment of the contract, or dispute handling

② Provision of service

- Complaint handling and other customer service provision, notice delivery, provision of paid payment services and payment details notification, or cooperative plays and community service support in the games

③ New service development and marketing/advertising utilization

- New services, event information guides, service quality improvements, and statistical information processing

④ Provision of automatic friend addition and automatic friend registration functions

- Provision of automatic friend addition and registration functions by collecting and using the user's mobile phone number and the mobile phone number of third parties stored in the address book of the user's device


Article 4 (Period of retention and use of personal data)


1. Collected personal data shall be retained and used while the user's qualification is maintained. If a user's qualification is lost or a user's qualification is even maintained, the collected personal data will be destroyed without delay in case of fully achieving the purpose of using the data.

However, the Company may retain the following data for the ‘retention period’ under the grounds specified in ‘Retention grounds.’

① Retention grounds: For the purpose of resolving consumer complaints and disputes when a user wishes to withdraw from his/her membership

Retention period: 30 days

Retained items: a user’s mobile phone number, e-mail, access records, access date and time, access location information, record of faulty uses, device model information, download records, payment records, member ID, password, or nickname

② Grounds for retention: For guiding information related to carry out events or selecting winners

Retention period: 30 days

Retained items: a user’s name, address, phone number, mobile phone number, e-mail, member ID, nickname, mobile operator, open market store ID, open market store nickname, or birthdate

2. If individual consent is obtained from a user, the user's personal data may continue to be retained and used.

Notwithstanding the provisions of Paragraph 1, if it is necessary to retain the personal data under the provisions of related laws, such as the Act on the Protection of Consumers in Electronic Commerce, etc. (hereinafter referred to as the Electronic Commercial Law) and the Protection of Communications Secrets Act, the Company may retain user’s data for a period stipulated in the related laws.

In such case, the Company must use the stored data only for storage, and the retention period is as follows;

① Records on display and advertisement: 6 months (Electronic Commercial Law)

② Records on contract or subscription withdrawal: 5 years (Electronic Commercial Law)

③ Records on payment and commodity supplies: 5 years (Electronic Commercial Law)

④ Records on consumer complaints or dispute handling: 3 years (Electronic Commercial Law)

⑤ Service usage records such as access log and access IP data: 3 months (Protection of Communications Secrets Act)


Article 5 (Procedures and methods for destruction of personal data)


1. The Company must destroy the data without delay after achieving the purpose of collecting and using personal data.

① Destruction procedure

- The Company must destroy personal data that has elapsed the retention period in a way that cannot be reproduced.

② Destruction method

- Personal data stored in electronic file format must be deleted using a technical method that cannot reproduce the record.

- Personal data printed on paper must be shredded and destroyed.


Article 6 (Sharing and provision of personal data)


1. In principle, the Company must not provide users' personal data to external parties. However, exceptions may be made in the following cases;

① If a user consents in advance

② If the case complies with special provisions of the laws or if an investigation agency makes a request under the procedures and methods set forth in the Act for a judgment or order of a court, legally binding orders of an administrative agency, or investigation


Article 7 (Rights of users and legal representatives and how to exercise them)


1. Protection of personal data of minor under the age of 14

① If the Company requires consent for the collection, use, provision, etc. of the privacy policy for children under the age of 14 (hereinafter referred to as minor), the Company must obtain the consent of their legal representative separately from the consent of the minor.

② The Company may request the minimum necessary data in order to obtain the consent of Paragraph 1, such as the names and contact data of the legal representative. And the collected personal data of the legal representative must not be used for purposes other than to confirm the consent of the legal representative or provided to third parties.

③ The consent of the legal representatives shall be used for the purpose of resolving consumer complaints and disputes if there are cases of a contract between the minor and the Company, subscription withdrawal, payment, commodity supplies, etc.

④ The consent of the legal representatives whose consent is withdrawn or whose validity period has expired must be destroyed in a way that cannot be reproduced 30 days after the purpose of use has expired.

However, if it needs to be retained under the provisions of the relevant laws, such as the Commercial Act or the Act on the Protection of Consumers in Electronic Commerce, etc., the Company shall retain the personal data of the legal representatives for the period stipulated by the relevant laws and regulations.

⑤ The minor's legal representatives may request to view or correct the minor's personal data, or to withdraw consent to collect, use and provide personal data. If such a request is made, the Company must take necessary measures without delay.

2. Matters related to the management of a user's own personal data

① Users and their legal representatives may inquire or modify their personal data.

It may be done through the function of member data inquiry/change within the service or through a wired phone call with a counselor.

However, if the user's personal data is linked with an external platform such as social media or chat services, the user must inquire or change the personal data in accordance with the method provided by the platform company.

② If a user requests the correction of personal data errors, the Company shall take necessary measures without delay, such as correcting the error or notifying the user of the reason for the failure to correct. And the relevant personal data must not be used or provided until the necessary measures are taken.

However, if the provision of personal data is requested under other laws, the personal data may be provided or used.


Article 8 (Consignment of handling personal data)


1. The Company may consign the handling of personal data for service implementation as follows;

The Company regulates and operates necessary matters to safely manage personal data when the Company consigns personal data handling under the related laws.

① Marketing and business cooperation partners, etc. determined by the Company

② Details of consignment work: user management, customer consultation handling, event and marketing work processing, or event gift supplies and processing

③ Period of retention and use of personal data: until the use of the service is suspended or the consignment contract is terminated


Article 9 (Technical/Administrative protection measures for personal data)


1. The Company takes the following technical and administrative measures to protect the users’ personal data handled by the Company and prevent users' personal data from being lost, leaked, or damaged.


① Password encryption

- User's password is stored and managed after encrypted.

Therefore, if a user forgets his/her password, it is impossible to check the password. We adopt the way of issuing a new password after an identity verification procedure.

② Strengthening the network security

- The Company takes various technical measures to prevent users' personal data from being leaked by abnormal network access such as hacking or computer viruses. It constantly monitors network access.

The Company also uses an encryption communication method equipped with security even for communication between the Company server and database.

③ Implementation of security training and designation of a person in charge

- The Company regularly holds employees’ training for security maintenance of users' personal data. It obtains expertise in handling personal data by designating a person in charge who handles users' personal data and minimizes the risk of personal data leakage.


④ Access and storage control

- The Company sets the area where personal data is handled and stored as a security zone and controls the area by allowing only those authorized rights to handle personal data to enter. Tangible objects and electronic records, including personal data, are also kept in an area with a corrective device or a computer with individual access authorities.


Section 10 (CCPA privacy rights of California residents)

1. Our company complies with the California Consumer Privacy Act.

2. Personal data collected/shared for business purposes Our company may have collected and shared the following categories of data that may directly or indirectly identify you or your device or data that may reasonably be associated with you or your device (“Personal Data”) for business purposes.

① Identifiers – a user’s nickname, unique personal identifiers, online identifiers, IP address, e-mail address, account names or other similar identifiers

② Commercial data- a user’s records of purchased/acquired/considered products or services, other purchases or consumption histories or trends

③ Geolocation data- a user’s geolocation data such as his/her country of residence

3. Purpose of collection

1) The above personal data has been used/shared in order to improve the quality of the services provided by our Company, provide the services, maintain the users’ accounts, offer customer services, verify customer identities, perform advertising, and analyze user patterns as follows;

- to solve technical problems and improve the quality of Company’s services
- to identify individual users to provide the Company's services
- to obtain technical protection against unauthorized program uses related to the Company’s services
- to avoid inappropriate gameplay that could harm other users of the Company’s services
- to collect/answer customer inquiries and provide customer supports in regard to the Company's services
- to provide forum services on the Company website
- to provide users with information on Company events and surveys, offer them opportunities to participate in Company events and surveys, provide Company advertisements, and use for the Company’s other marketing and promotional purposes - to track usage patterns, analyze user trends, and calculate Company service usage statistics

4. Prohibition of selling personal data

1) Our Company does not sell the data of customers, who use our services, for financial gains or Company’s specific profits.


5. Prohibition of discrimination

1) Our Company does not discriminate against users exercising their rights under the CCPA, although some features and functions offered on the Services may change or no longer be available.

6. Privacy rights of California Residents

① California residents have the right to receive identification data of our Company that uses their personal data or the consignment company that handles the data for the purpose of the relevant company’s direct marketing and the description of the categories of personal data that has been used.

After the Company receives a request for data disclosure that meets the requirements, it shall provide the following data;

- Items of a requestor’s personal data that has collected by our Company in the last 12 months
- Categories of sources from which personal data has been collected in the last 12 months
- Items of personal data shared by our Company with outsourced companies
- Our Company’s business/commercial purposes for which our Company collects and shares such personal data;
- Your specific personal data that has collected by our Company in the last 12 months
- A description of how a recipient has collected and used each category of personal data if your personal data is disclosed for business purposes

② If you are a resident of California, you have the right to request to remove your personal data that has been collected and owned by our Company with certain exceptions.

1) Our Company will remove your personal data from our records after receiving and confirming your request, unless there are exceptions under the CCPA.


Article 11. (Legitimate processing of personal data under the GDPR)

The Company’s processing of personal data shall be legitimate only if at least one of the following is true;

•If a user consents to the processing of his/her personal data
•Procedures necessary for taking action at a user's request if he/she is a party or before he/she enters into a contract:
- Member management, identity verification, etc.
- Performance of the contract related to providing necessary services to users and paying the fee
•Processing is required in order to comply with legal obligation applied to the Company.
- The Company complies with applicable laws, regulations, legal procedures, and government requests.
• Processing is required to protect the important interests of users or other natural persons.
- Detection, prevention, and response to fraud, abuse, security risks, and technical issues that may harm users or other natural persons
•Processing is required in order to perform tasks carried out to satisfy the public interest or to exercise public powers vested in the Company.
•The processing is required for legitimate interests pursued by the Company or a third party (except for cases that such interests are prioritized by the interests of data subjects who need the protection of their personal data or by basic rights and freedom, particularly if the data subject is a minor).
For more data, please refer to "Article 12. Rights of users and their legal representatives and how to exercise them."
Please send an e-mail if you intend to request an authority.

Article 12. (Rights of users and their legal representatives and how to exercise them)

Users and their legal representatives can recant (withdraw) consent to provide their personal data at any time. In order to withdraw consent to provide their personal data, they may withdraw from the games by clicking “Withdraw the game” within the service. However, if personal data is destroyed due to withdrawal, related data that has been generated and accumulated while the user uses the Company's services may be destroyed together.
If a user contacts the person in charge of personal data protection in writing or by e-mail for inquiry and correction of personal data, the Company shall take corresponding measures. However, if the Company has a justifiable reason, it may reject a request for viewing or correcting all or part of the user's personal data. At this time, the Company will notify the users of Its intention to refuse and explain the reasons.
If a user requests the correction of errors in personal data, the personal data will not be used or provided until the correction is completed. In addition, if incorrect personal data has already been provided to a third party, the Company shall notify the third party of the result of the correction and make a correction without delay.
The Company shall handle personal data that has been canceled or removed at the request of the user or legal representatives as stipulated in ‘3. Retention and the use period of collected personal data.’ It cannot be viewed or used for any other purposes.
If a user judges that the processing of his/her personal information violates the regulations, he/she has the right to file a complaint with the supervisory authority in his/her residence, workplace, or where such violation is suspected to occur.


Article 13 (Contact data of the manager of personal data management and the person in charge)

1. A user can contact below and communicate their opinions or complaints about the Company's privacy policy.

The person in charge below will do his best to collect opinions from users and handle complaints.

E-mail: admin@hguild.io

2. If you need to report or consult on other personal data infringement, please get in touch with the following organizations.

- Personal Information Infringement Report Center (http://privacy.kisa.or.kr/ Call 118 without an area code)

- Cybercrime Investigation Department at Supreme Prosecutors' Office (http://www.spo.go.kr/ 02-3480-3571)

- National Police Agency’s Cyber Terror Response Center (http://www.ctrc.go.kr/ Call 182 without an area code)


Article 14 (Obligation of notice)

In principle, if additions, deletions, or amendments are made to the privacy policy, the matters must be notified through the 'Notice' from seven days before the amendments. The Company will notify customers of any changes that are unfavorable to them 30 days before the amendments.


※ Enforcement date of this Privacy Policy: 01 October 2023