Privacy Policy

Nostellar Corporation (“the Company”) is actively protecting the personal information of its members and is committed to protecting the rights and interests of members by complying with the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., the Personal Information Protection Act, and guidelines established by related organizations.

Through this privacy policy, the Company informs members of the purposes and methods by which the personal information provided by them is being used, and the efforts the Company is making to protect the personal information of members.

The privacy policy of this service is subject to change at any time due to changes in related laws and regulations or changes in the Company’s internal policies, and the Company will notify changes through the official community (https://www.nostellar.com).

Items of Personal Information Collected and Method of Collection
The Company collects the following personal information for basic service provision such as member registration, smooth response to inquiries, and provision of various services.

(1) Items of Personal Information Collected

a. At the time of initial member registration or when linking with third-party platforms to use game services, the Company collects the following personal information:

Login email, nickname (user-selected settings)
b. The following information may be automatically generated and collected during service use:

Service usage records, access logs, IP information, records of improper usage, mobile device information (model name, mobile carrier, operating system information, language and country information, unique device identifier, advertising ID, etc.)
c. The Company may collect the following personal information with the consent of members for the purpose of participating in events and customer service:

Email address, identity verification information, purchase history verification, and other necessary information for customer service
(2) Method of Personal Information Collection

The Company collects personal information in the following ways:

Game login & registration

Purpose of Collection and Use of Personal Information
The Company uses the collected personal information for the following purposes:

(1) Fulfillment of service provision contracts and provision of content, purchase and payment of fees, refunds

(2) Member management

Identity verification according to membership services, personal identification, prevention of improper use by bad members and unauthorized use, confirmation of intent to join, age verification, confirmation of consent from legal representatives when collecting personal information of children under 14, confirmation of consent for users under 18 when registering as a member, verification of the identity of the legal representative, complaint handling and customer consultation, record preservation for dispute resolution, delivery of notices

(3) Use in marketing and statistical analysis

Development and specialization of new services (products), delivery of promotional information such as events, provision of services and advertising based on demographic characteristics, determining the frequency of access, or statistical analysis of service usage by members

  1. Sharing and Provision of Personal Information

The Company uses the personal information of its members within the scope notified in [2. Purpose of Collection and Use of Personal Information] and does not exceed this scope or disclose personal information to the outside without the prior consent of the member, as a principle. However, there are exceptions in the following cases:

  • When the member has agreed in advance to the disclosure or provision
  • In case of violation of the Terms of Service or operational policies set by the Company
  • When necessary for the settlement of charges for the provision of services
  • When it is necessary for the execution of the contract for service provision and it is economically or technically difficult to obtain prior consent
  • When information is provided to third parties in a form that cannot identify specific individuals
  • When required by law or by the request of an investigating authority according to the procedures and methods set out in the law for investigation purposes
  • In cases where there are special regulations in laws such as the Act on Real Name Financial Transactions and Confidentiality, the Use and Protection of Credit Information Act, the Basic Telecommunications Act, the Telecommunications Business Act, the Local Tax Act, the Consumer Protection Act, the Bank of Korea Act, the Criminal Procedure Act, etc.
  1. Retention and Use Period of Personal Information

The Company promptly destroys the information after the purpose of collecting and using personal information is achieved, in principle. However, the Company retains personal information for 15 days after the request for withdrawal to minimize damage due to account theft. Also, if necessary to preserve the information even after achieving the purpose of collection and use according to related legal provisions, the Company retains member information for a certain period as prescribed by relevant laws:

  • Records on display/advertisements: 6 months (Act on the Consumer Protection in Electronic Commerce)
  • Records on contracts or subscription withdrawal: 5 years (Act on the Consumer Protection in Electronic Commerce)
  • Records on payment and supply of goods: 5 years (Act on the Consumer Protection in Electronic Commerce)
  • Records on consumer complaints or dispute resolution: 3 years (Act on the Consumer Protection in Electronic Commerce)
  • Records on website visits: 3 months (Protection of Communications Secrets Act)
  1. Procedures and Methods of Personal Information Destruction

The Company destroys personal information without delay after the purpose of its collection and use is achieved, following the procedures and methods below:

(1) Destruction Procedure

Information entered by users for membership registration, etc., is stored for a certain period after achieving the purpose according to internal policies and other relevant laws and regulations (see Retention and Use Period) and is then destroyed.

(2) Destruction Method

Personal information stored in electronic file formats is deleted using a technical method that prevents the records from being restored. Personal information printed on paper is destroyed by shredding or incinerating.

  1. Rights of Users and Legal Representatives and How to Exercise Them

Members and legal representatives can inquire, modify, or withdraw consent (withdrawal) of their personal information or that of children under the age of 14 at any time. However, service use is unavailable after withdrawal, and personal information is processed according to the relevant regulations.

To inquire or modify personal information of members or children under the age of 14, click “Change Personal Information” or “Account Management.” Withdrawal can be processed by clicking “Membership Withdrawal,” after which the identity verification process allows direct access, correction, or withdrawal.

If a member requests correction of an error in personal information, the Company will not use or provide the personal information until the correction is completed. If personal information that has not been corrected has already been provided to a third party, the Company will notify the third party of the corrected information without delay to ensure correction.

The Company processes and restricts the access or use of deleted personal information by request of the member or legal representative according to the stipulated retention and usage period [4. Retention and Use Period of Personal Information] and ensures it cannot be read or used for other purposes.

If the Company has a justifiable reason to refuse the request of a member for access or correction of all or part of their personal information, the Company will notify the member without delay and explain the reason.

  1. Installation, Operation, and Rejection of Automatic Personal Information Collection Devices

The Company uses “cookies” that store and retrieve user information to provide personalized services to members. Cookies are very small text files sent to the member’s mobile device/PC by the server used for service operation and are stored on the member’s mobile device/PC. When the member uses the service, the server reads the contents of the cookies stored on the mobile device to identify the member’s information and provide personalized services.

The Company uses cookies for customized services, such as syncing member profile information, and members have the choice to install cookies. Members can set their mobile device/PC settings to allow or deny the use of cookies, and cookies can also be deleted. However, if the use of cookies is not permitted, there may be difficulties in using services that require login.

  1. Technical, Administrative, and Physical Measures to Protect Personal Information

The Company has established and implements technical, physical, and administrative measures to ensure that members’ personal information is not lost, stolen, leaked, altered, or damaged to secure stability.

However, the Company is not responsible for any problems arising from the leakage of personal information due to the member’s negligence, such as device loss, or accidents in areas not managed by the Company, even if the Company has fulfilled its obligation to protect personal information. Members should be security conscious about their accounts, change passwords periodically, and take great care not to leak personal information when logging in on public devices.

(1) Technical Measures

A. The Company protects stored personal information by using security functions such as encryption or file locking functions for items designated by relevant laws, and personal information can only be accessed after identity verification.

B. The Company takes measures to ensure that personal information can be safely transmitted over the network through encrypted communication.

C. The Company installs security programs to prevent the leakage and damage of personal information due to hacking or computer viruses, regularly updates and checks them, and installs systems in areas controlled from external access, which are technically and physically monitored and blocked 24 hours a day.

D. The Company regularly backs up personal information in case of emergencies and takes measures to prevent damage from computer viruses using antivirus programs.

E. The Company takes necessary measures for access control to personal information processing systems by granting, changing, and cancelling access rights and regularly reviewing them, using intrusion prevention systems to control unauthorized access from inside and outside.

(2) Administrative Measures

A. The Company restricts access rights to personal information to a minimum number of personnel, which include:

  • Individuals directly involved in marketing, events, customer support, and delivery tasks
  • Personal information protection officer and individuals in charge of personal information protection tasks
  • Others for whom personal information processing is inevitable for their tasks

B. The Company regularly checks and educates personal information handlers regarding their obligations to protect personal information.

C. The personal information protection department dedicated to personal information protection tasks establishes and manages an internal management plan for personal information processing. The Company also regularly checks compliance with internal regulations and makes immediate corrections if any problems are discovered.

(3) Physical Measures

A. Control of Unauthorized Access

The physical storage locations of personal information systems are kept separately, and access control procedures are established and operated.

B. Use of Locking Devices for Document Security

Documents and auxiliary storage media containing personal information are kept in a secure location with locking devices.

  1. Linked Sites

The privacy policy of other companies’ sites linked to the services provided by the Company does not apply to the collection of personal information. The Company has no control over external sites and materials from third parties and is not responsible for the privacy policies or terms of those sites. It is important to check the policies of the visited sites to prevent disadvantages and material damage. The Company is not responsible for any problems that may arise from this.

  1. Response to Inquiries Regarding Personal Information

The Company has designated a personal information management officer as follows to protect members’ personal information and address grievances related to personal information.

Members can make all inquiries related to the protection of personal information during the use of the Company’s services to the personal information management officer or the responsible department. The Company will respond to members’ inquiries quickly and accurately.

Personal Information Protection Department

Contact: nostellar.dev@gmail.com

  1. Notification Obligation

This privacy policy may change from time to time due to changes in related laws, guidelines, or internal policies of the Company. If there are additions, deletions, or modifications to the privacy policy content, they will be notified through the official community 7 days before the amendment.<Addendum>

Announcement Date: February 20, 2020

Revision Date: April 19, 2024

Effective Date: April 29, 2024