❥ HeartCode
About Games 문의하기
‹ 하트코드 홈으로

Privacy Policy

한국어 English

Privacy Policy of Team Heartcode (hereinafter the “Company”)

Team Heartcode (“Company”) strictly complies with the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, and other applicable laws and regulations that an information and communications service provider must observe.

Through this Privacy Policy, the Company explains in the clearest way possible how users’ personal information is processed and what efforts are made to protect users’ personal information.

This Privacy Policy discusses the policies for games serviced by Team Heartcode.

Personal Information Collected

To provide convenient membership registration and service delivery, the Company supports various social login methods and collects only the minimum personal information required upon the first use of the service.

When signing up through Google or Apple accounts, an identifier for member identification is collected.

When signing up as a guest, a device identifier is collected.

The collected identifiers are not connected to the user’s real-world identity.

While using the service, additional personal information may be collected from users who make customer inquiries, participate in events, or apply for giveaways.

Whenever additional personal information is collected, the Company provides guidance at the time of collection, including “the items of personal information collected, the purpose of collection and use, and the retention period,” and obtains consent.

The information guided and collected is provided directly by the user during sign-up or service use, or may be collected through webpages, email, fax, phone calls, etc., during customer service interactions.

In addition, automatically generated information such as IP addresses, cookies, service usage records, and device information (country information, language information) may be collected during service use.

Use of Collected Personal Information

The Company uses personal information solely for the following purposes related to member management and service development, provision, and improvement.

  • To confirm the intent to register, identify users, provide services, and confirm withdrawal requests
  • To enforce usage restrictions on members who violate relevant laws or Company Terms of Use, prevent acts that may hinder stable service operations such as fraudulent use, prevent account theft and fraudulent transactions, deliver notices such as amendments to terms, preserve records for dispute resolution, handle complaints, and protect users
  • To provide event information, participation opportunities, and advertising or promotional information
  • To analyze service usage records and access frequency, prepare service usage statistics, and provide customized services and advertisements based on statistical analysis
  • To establish a safe service environment that users can trust in terms of security, privacy, and safety
  • To communicate with users to respond to inquiries and complaints
  • To use personal information as part of the process of creating and releasing content most suitable for users

If the Company needs to process personal information for purposes not specified in this Privacy Policy, the Company will notify the user and obtain consent when necessary.

Additional Provisions for Residents of the European Economic Area and the United Kingdom

The Company always processes users’ personal information based on one of the legal grounds specified in Articles 6 and 7 of the GDPR.

The Company processes users’ personal information for the purposes specified in the previous section based on the following legal grounds.

Contract Performance (GDPR Article 6(1)(b))

The Company processes personal information for the following purposes because it is necessary to perform a contract or take steps at the request of the data subject prior to entering into a contract:

  • Transmission of content such as games, videos, and music, and provision of related services
  • Communication with users to respond to inquiries and complaints
  • Completion of transactions or services requested by the user
  • Providing notices regarding changes to this Privacy Policy or Terms of Use when necessary
  • Allowing access to restricted areas of the service
  • Resolution of disputes with users

Legitimate Interests (GDPR Article 6(1)(f))

The Company processes personal information for the following purposes because it is necessary for the pursuit of legitimate interests:

  • Service development, statistics, analysis, surveys, and other marketing activities for service improvement
  • Achieving marketing or promotional objectives
  • Verifying whether the service meets user needs
  • Supporting the creation and release of content most suitable for users
  • Processing strictly necessary cookies

Consent (GDPR Article 6(1)(a))

The Company processes personal information based on users’ consent for the following purposes:

  • Processing cookies (excluding strictly necessary cookies) and personal information obtained through such cookies
  • Providing special information, updates, new services, or promotional materials of “IF you” or other third parties when requested by the user or when the user consents
  • Providing newsletters or other information requested by the user

Personal information described in Item 2 (excluding strictly necessary cookies) is essential for providing the service, and if the user does not provide such personal information, the Company cannot provide the service.

Additional Information for California Residents

The Company may have collected the following categories of personal information about or from users within the past 12 months:

  • Identifiers

(including name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, or other similar identifiers)

  • Sources: directly from users / indirectly from users (e.g., observing user behavior in the Company’s services) / third-party service providers such as data analytics providers
  • Purpose: to fulfill or satisfy the reason for which the information was provided (e.g., responding to inquiries, contests, promotions for new games, order processing, fulfilling promotional conditions, evaluating advertising effectiveness)
  • Personal information categories listed in the California Customer Records statute

(including name, signature, address, telephone number, bank account number)

  • Source: directly from users
  • Purpose: to fulfill or satisfy the reason for which users provided the information (e.g., responding to service-related inquiries, fulfilling promotional conditions, evaluating advertising effectiveness)
  • Commercial information

(including records of personal property, products or services purchased, obtained, or considered, or other purchasing/consumption histories or tendencies)

  • Source: directly from users
  • Purpose: to fulfill or satisfy the reason for which the information was provided (e.g., inquiries, order processing, advertising effectiveness evaluation)
  • Internet or other electronic network activity information

(browsing history, search history, and information regarding user interactions with websites, applications, or advertisements)

  • Source: indirectly from users (e.g., observing user behavior in the service) / third-party service providers such as data analytics providers
  • Purpose: fulfilling the reason for which the information was provided (e.g., targeted advertising, evaluating advertising effectiveness)
  • Geolocation data

(including physical location)

  • Source: directly from users / indirectly from users (observing behavior in the service)
  • Purpose: fulfilling the reason for which the information was provided (e.g., responding to inquiries, order processing, targeted advertising, evaluating advertising effectiveness)
  • Inferences drawn from other personal information

(including profiles reflecting preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes)

  • Source: indirectly from users (observing behavior in the service) / third-party analytics providers
  • Purpose: fulfilling the reason for which the information was provided (e.g., targeted advertising, service management, data maintenance and analysis, evaluating advertising effectiveness)

Provision of Personal Information

The Company, in principle, does not provide personal information to external parties without user consent.

The Company does not provide personal information externally without prior user consent.

However, personal information may be provided in the following cases:

  • When the user directly consents to the provision of personal information to an external partner in order to use that partner’s service
  • When the Company is legally obligated to submit personal information
  • When there is an imminent risk to the user’s life or safety and disclosure is necessary to resolve it

For EEA/UK Residents:

When transferring personal information to a third country with an adequacy decision, the transfer is based on the adequacy decision (GDPR Article 45).

If no adequacy decision exists, the Company enters into Standard Contractual Clauses approved by the European Commission (GDPR Article 46(2)(c) and (5)) with the data recipient.

Access, Transfer, and Correction of Personal Information

Users may request access to personal information held by the Company, request correction or transfer, or object to processing.

If a request for correction arises due to inaccurate information, the Company conducts all necessary investigations without undue delay and provides the corrected information to the user or a designated third party as quickly as possible.

For EEA/UK Residents:

Under certain conditions, users may receive their personal data in a structured, commonly used, and machine-readable format and transmit it to another controller without hindrance (GDPR Article 20).

For California Residents:

California Civil Code §1798.83 allows California residents to request information regarding the disclosure of personal information to third parties for direct marketing purposes.

The Company does not share personal information for third-party direct marketing.

Users have the right to know the categories and specific pieces of personal information collected, the sources, purposes of collection, and categories of third parties with whom such information is shared.

Users also have the right to know whether personal information has been sold or disclosed, and may request copies of personal information, which will be provided electronically.

Users may also request information regarding whether personal information has been sold or disclosed for business purposes.

California residents have the right not to be discriminated against for exercising these rights.

To exercise any of these rights, users may contact the Company using the information provided in Section 8.

Users may also designate an authorized agent registered with the California Secretary of State to act on their behalf.

Authorized agents must have written permission to submit requests.

If verifiable, the Company will compare identifying information provided by the user with information already held.

If identity cannot be verified, the Company may request additional information.

Suspension and Deletion of Personal Information

Users may request suspension or deletion of their personal information.

If personal information has been processed beyond the original purpose or collected through fraud or other unlawful means, the Company will verify the user’s identity and take necessary action without undue delay.

The Company destroys personal information immediately upon achieving the purpose of collection.

However, information legally required to be retained will be stored for the required period and then destroyed.

The retained information will not be used for any other purpose unless required by law.

For electronic data files, deletion is carried out using technical methods ensuring irrecoverability.

For printed or paper documents, destruction is carried out by incineration or shredding.

For EEA/UK Residents:

  • Users may request correction of inaccurate personal information and completion of incomplete personal information (GDPR Article 16).
  • Users may request deletion of personal information under specific conditions (GDPR Article 17).
  • Users may request restriction of processing (GDPR Article 18).
  • Users may object to processing (GDPR Article 21).
  • Users may refuse automated decision-making, including profiling, under specific conditions (GDPR Article 22).

For Residents of the Republic of Korea:

If processing is based on consent, processing ceases upon withdrawal unless another legal basis exists (e.g., mandatory retention periods).

Information must be retained for the following periods under applicable laws:

  • Act on Consumer Protection in Electronic Commerce:

Contracts/cancellations: 5 years

Payment and supply of goods: 5 years

Complaints/dispute resolution: 3 years

  • Electronic Financial Transactions Act: 5 years
  • Protection of Communications Secrets Act: login records for 3 months

For California Residents:

Users may opt out of the sale of personal information.

The Company does not currently sell personal information.

Users may also request deletion subject to legal exceptions.

California residents may not be discriminated against for exercising their rights.

Requests may be submitted using the contact information provided in Section 8.

Authorized agents may submit requests on the user’s behalf with written permission.

Verification procedures apply, and additional information may be requested if necessary.

Rights of Users and Legal Guardians, and How to Exercise Them

Users may check their linked information at any time via the app’s settings screen.

Users may withdraw consent to personal information collection and use at any time by requesting “membership withdrawal.”

If a user requests correction of inaccurate personal information, the Company will not use or provide the information until correction is completed.

If incorrect information has already been provided to a third party, the Company will promptly notify the third party to implement the correction.

Technical and Administrative Safeguards for Personal Information

To prevent loss, theft, leakage, alteration, or damage of personal information, the Company implements the following technical and administrative measures:

Technical Measures

  • The Company uses antivirus programs and updates them regularly to prevent damage from computer viruses.
  • The Company operates intrusion prevention systems and monitors attempts 24 hours a day, 365 days a year.

Administrative Measures

  • Employees handling personal information are limited to authorized personnel, assigned separate passwords that are regularly updated, and given continuous training.
  • The Company operates internal departments that audit compliance with personal information protection laws and internal policies, correcting issues immediately when discovered.

Personal Information Protection Officer

The Company designates the following Personal Information Protection Officer to handle inquiries, complaints, and related matters:

  • Personal Information Protection Officer
  • Name: Hyungjin Lee
  • Affiliation: Team Heartcode
  • Email: game.heartcode@gmail.com

Information subjects may contact the Company regarding any personal information protection inquiries, complaints, or damage relief related to the Company’s services or business.

The Company will respond promptly.

Users may also contact:

  • Personal Information Infringement Report Center (privacy.kisa.or.kr / 118)
  • Supreme Prosecutors’ Office Cybercrime Investigation Division (spo.go.kr / 1301)
  • National Police Agency Cyber Bureau (cyberbureau.police.go.kr / 182)

Other

The Company may provide links to other companies’ websites or materials.

The Company has no control over external sites and is not responsible for their usefulness, accuracy, or legality.

When moving to an external site by clicking a link included in the Company’s service, the privacy policy of that site applies, not the Company’s.

Duty of Notice

When additions, deletions, or modifications are made to this Privacy Policy, the Company will notify users through the in-app “Notice” section at least 7 days prior to the revision.

However, for significant changes affecting user rights—such as the collection or use of personal information or provision to third parties—the Company will notify at least 30 days in advance.

  • Date of Notice: October 28, 2025
  • Effective Date: October 28, 2025
❥

Crafted with Heart

© 2024 Team HeartCode. All rights reserved.

Contact

game.heartcode@gmail.com

Legal

개인정보처리방침 Privacy Policy (EN)