1. Items of Personal Information Collected, and the Collection Method

1. A. Items of Personal Information Collected
   1. ① When a user signs up for membership for the first time, the Company collects the minimum necessary personal information as compulsory collection items as of the following for the purposes of membership sign-up processing, successful customer consulting, and the provision of various services.
      <Membership Sign-up>
      1. ID, email address, nickname, password, password confirmation, card number (Phoenix Darts Club Card), mobile phone number, SMS reception status, country information, face information (photo and features)
      <Membership Sing-up of Child Users> ※ Child Users: Users falling under the criteria of child specified in each country, such as a person aged 14 years or less in Korea, a person aged 13 years or less in the U.S./Canada, a person aged between 13 and 16 years in Europe, and a person aged 18 years or less in Brazil
      1. Information of the user's legal representative, ID, email address, nickname, password, password confirmation, card number (Phoenix Club Card), mobile phone number, SMS reception status, country information, face information (photo and features)
      <Optional> : New service and customized service notifications, service provision and advertising according to statistical characteristics, event information notifications, information on events and opportunities for participation
      1. Email address, address, mobile phone number
      <Optional> : Participation in events hosted by Phoenix Darts
      1. Name, gender
   2. ② The following information can be automatically generated and collected in the process of service use or business processing.
      1. IP address, cookies, time and date of visit, service use records, defective use records
   3. ③ The following information can be collected in the process of using additional services and applying events with the Phoenix Darts ID, limited to the users of such services.
      1. Name, phone number, mobile phone number, address, email address, card number (Phoenix Darts Club Card)
   4. ④ If user authentication is necessary for compliance with relevant regulations in using some services, such as paid content and games, the following information can be used.
      1. Name, date of birth, gender, duplication information (DI), encrypted connection information (CI), mobile phone number (optional), i-PIN (when using i-PIN), citizen/alien information
   5. ⑤ In the course of paid service use, the following payment information can be collected
      1. Credit Card Payment: Name of the credit card company, card number, etc.
      2. Mobile Phone Payment: Mobile phone number, mobile carrier, payment approval number, etc.
      3. Account Transfer: Name of the bank, account number, etc.
2. B. Personal Information Collection Method
   The Company collects personal information using the following methods.

   1. Website, written forms, fax, phone, customer service board, email, applications for events, delivery requests.

2. Purpose of Personal Information Collection and Use

The Company processes personal information for the following purposes.
The personal information processed is not used for purposes other than the following and, if the purpose of the information use is changed, necessary measures, such as obtaining the user’s consent, will be implemented according to the Personal Information Protection Act.

1. A. Contract Fulfillment in Relation to Service Provision and the Settlement of Payment for Services Provided
   To provide content, provide specially customized services, process payments for paid services and user authentication, deliver items, send bills
2. B. Member Management
   To provide membership services, identify individual users, impose restriction on use for members violating service terms and conditions, impose sanctions on persons disrupting smooth service operation and illegally using services, check the intention of membership sign-up, limit membership sign-up and number of membership sign-up, check the consent of legal representatives for the personal information collection of child users, process the authentication of legal representatives in the future, preserve records for dispute settlement, handle complaints, deliver notifications, check the intention for withdrawal from membership
3. C. Use of Competition System and Prevention of Illegal Use by Bad Members
   Users’ personal information is commonly used in the following websites according to the regulations specified below.
   In the case that common use of personal information is necessary for items other than the following, the respective customers are notified of such.

   Commonly used personal information items	Personal information, game-related data, etc., under Paragraph A, Article 1 of the Privacy Policy
   Commonly used websites	All service pages included on the *.phoenixdarts.com website operated by the Company and Phoenixdarts app service

4. D. New Service Development, Marketing and Advertising
   To develop new services and provide customized services, check service validity, identify access frequency, process statistics of service use by members, provide services and location-based advertising according to statistical characteristics, provide event information and participation opportunities through email and social network services, provide advertising information

3. Personal Information Sharing and Provision

The Company uses the personal information of users within the scope notified under 2. Purpose of Personal Information Collection and Use, does not use the information in excess of the scope without the user’s prior consent, and, in principle, does not externally disclose the information.

1. A. If the user has given consent in advance
2. B. If the information use is required according to statutes or requested by an investigation agency in compliance with the procedures and method specified for the purpose of the investigation
3. C. If the information use is determined to be appropriate in light of the criteria below
   1. ① Whether or not the information use is relevant to the original purpose of information collection
   2. ② Whether or not the additional use or provision of personal information can be predicted in light of the circumstances in which the personal information was collected or the information processing practice
   3. ③ Whether the interests and benefits of data subject are unfairly violated
   4. ④ Whether measures necessary for securing safety, such as pseudonymization or encryption, have been taken

4. Consignment Processing of Personal Information

1. A. The Company consigns personal information processing as follows for the purpose of service quality improvement, and specifies the necessary matters for ensuring the safe management of personal information in the consignment agreement.
   1. ① Personal information consignment processing organization of the Company and details of the consignment operation

      Consigned Company	Consigned Duties	Period of personal information retention and use
      Consigned Company	Provision of payment means, such as mobile phone payment, deposit without a bankbook, payment through account transfer, credit card payment, paper voucher payment	Until contract expiration
      WHOIS Corp.	SMS system	Until contract expiration
      Alchera Inc.	User identification and authentication	Until contract expiration

2. B. According to the Personal Information Protection Act, the Company, when entering into a consignment contract, specifies the prohibition of personal information processing for purposes other than the implementation of the consigned operation, technical and administrative protection measures, limitation of re-consignment, management and supervision of the consignee, and responsibilities for damage compensation, etc., in the contract, and supervises whether the consignee safely processes the personal information.
3. C. In the case that the content of a consignment operation or the consignee is changed, the Company discloses such without delay according to the Privacy Policy.

5. Period of Personal Information Retention and Use

1. A. The Company processes and retains users’ personal information within the period of personal information retention and use for which the users’ consent was obtained at the time of personal information collection, and immediately destroys the information when the purpose of the information collection and use is fulfilled. * ID to prevent illegal use, Phoenix Darts card number, mobile phone number: For two years after withdrawal from membership * Other personal information: For five days after withdrawal from membership
   However, if information preservation is necessary according to the data-related statues of Korea, the Company stores the respective member’s information for the period specified by the related statutes.
   1. ① Protection of Communications Secrets Act
      1. Log-in records: 3 months
   2. ② Act on the Consumer Protection in Electronic Commerce, etc.
      1. Records of contracts or withdrawal of membership: 5 years
      2. Records on payment and supply of goods, etc.: 5 years
      3. Records on consumer complaint and conflict settlement: 3 years
   3. ③ Electronic Financial Transactions Act
      1. Records on electronic financial transactions: 5 years
   4. ④ Preservation period if users were pre-notified of the retention period or user consent has been obtained individually
      1. Pre-noticed period or period for which individual consent has been obtained

6. Personal Information Destruction Procedures and Methods

1. A. In principle, the personal information of users is destroyed without delay once the purpose of collection and use of the personal information is attained.
2. B. In the case that continuous preservation of personal information is necessary according to other statutes although the period of personal information retention for which consent was obtained from the respective data subject has passed or the purpose of information processing has been fulfilled, the personal information is transferred to a separate database (DB) or preserved in a different storage location.
3. C. The Company’s personal information destruction procedures and methods are as follows.
   1. ① Destruction Procedures
      The Company selects personal information for which a reason for destruction has occurred, and destroys it with approval from the privacy officer.
   2. ② Destruction Methods
      1. Personal information printed on paper is destroyed through shredding using a shredder or incineration.
      2. Personal information saved in an electronic file format is deleted using a technical method to prevent regeneration of the records.

7. Matters relating to the overseas transfer of personal information

Your information may be sent overseas as the Company provides services worldwide. Each country may have different laws pertaining to information protection.
In particular, if you are residing in a European country, laws on the protected range of information in other countries outside of the EEA (European Economic Area) may be different to that of your own country of residence.

The Republic of Korea and the EU have adopted the Personal Information Protection Adequacy Decision for the transfer of personal information to the Republic of Korea in accordance with the GDPR.

You can always reach Support or the personnel or department in charge of privacy protection (privacy@phoenixdarts.com) and request discontinuance of an overseas transfer of your personal data.

However, if some information is not provided to an overseas partner per your request, you may experience some limitations when using our official website or game services.

When transferring your information to partners and service providers listed under 「4. Consignment processing of personal information」, the Company transfers information in compliance with the European Commission’s Standard Contractual Clauses. Your information will be transferred with adequate protection.

For more information, please feel free to contact Support on our official website or the personnel or department in charge of privacy protection (privacy@phoenixdarts.com).

8. Rights of Users and Their Legal Representatives, and the Method of Exercise

1. A. Users’ Rights and Duties, and the Method of Exercise
   1. ① A user can exercise the right to access, modify, delete and/or request processing suspension of his or her personal information registered at any time, and request withdrawal from membership or withdrawal consent to personal information collection. To access, correct, modify, delete and/or request processing suspension of his or her personal information, or to withdraw consent to personal information collection, the user is required to contact the privacy officer in writing, by phone or through email. Upon receipt of such a request the Company will take the necessary measures without delay. ( Please refer to the Guide for Withdrawal from Membership. )
   2. ② When receiving a user’s request to correct an error in his or her personal information, the Company does not use or provide the personal information until the correction is completed. If incorrect personal information has already been provided to a third party, the Company notifies the correction results to the third party without delay to ensure the correction of the information provided. For personal information revoked or deleted by the respective user’s request, the Company processes it according to 5. Period of Personal Information Retention and Use, and prevents access to or use of the information for other purposes.
2. B. Personal Information Protection of Child Users
   1. ① For account registration, child users must read the purpose of personal information collection and use by the Company and obtain permission from their legal representatives, such as parents, before inputting their personal information online. The Company can request child users to provide the minimum necessary information, such as the names and contact information of their legal representatives, and the personal information of the legal representatives collected will not be used for purposes other than obtaining the consent of the respective legal representatives concerned, nor provided to a third party.
   2. ② The consent of a legal representative is used for the purpose of handling consumer complaints and disputes raised in relation to contracts between minors and the Company, subscription withdrawal, payment and/or product or service supply, etc.
   3. ③ In the case of that a reason to notify a legal representative about the processing of a child user’s personal information occurs, the Company will provide the notification faithfully by complying with the government's laws and guidelines.
   4. ④ A legal representative of a child user can request to access, modify and/or delete personal information of the child user and, upon receiving such a request, the Company takes necessary measures without delay.
3. C. Privacy rights of users residing in the European Economic Area (EEA)
   Users accessing the Services from the European Economic Area have the following additional rights relating to personal information, but their effectiveness and procedures may be determined in accordance with the laws and regulations of individual countries.
   1. ① The right to request the Company to send personal information to another company
   2. ② The right to contact the supervisory authority

9. Personal Location Information Processing

The Company processes personal location information as follows according to the Act on the Protection and Use of Location Information.

1. A. Purpose of Personal Location Information Processing and Information Retention Period
   For location-based service provision and improvement, the Company collects and uses personal location information and, when the [Period of Retention] expires or the purpose of the information use is fulfilled, the Company destroys the information without delay using a method that makes it irrecoverable and non-regenerative in accordance with the provisions of Article 6 of the Privacy Policy.
2. B. Grounds for the Retention of Usage and Provision Verification Data of Personal Location Information and the Retention Period
   According to Paragraph 2, Article 16 of the Act on the Protection and Use of Location Information, the Company arranges for data verifying the collection, use and provision of location information of the location information subjects to be automatically recorded in the location information system, and preserves the data for at least one year.
3. C. Matters Related to Third-party Provision and Notice
   The Company does not provide location information to a third party without prior consent from the personal location information subject and, in the case of personal location information provision to a third party designated by a user, the Company immediately notifies the person to whom the information was provided as well as the time and date, and purpose of provision to the personal location information subject.
4. D. Matters Related to the Rights and Duties of Legal Guardians, and the Method for Exercise
   For the rights and duties of personal location information subjects and their legal guardians under the Act on the Protection and Use of Location Information, and the method for exercise, Article 7 (Rights of Users and Their Representatives, and the Method of Exercise) of the Privacy Policy applies.
5. E. Information of the Location Information Officer
   The Company’s privacy officer under Article 11 of the Privacy Policy concurrently holds the position of location information officer.

10. Matters Relating to the Installation, Operation and Rejection of an Automatic Personal Information Collection System

1. A. What Are Cookies?
   1. To provide individualized and customized services, the Company uses cookies, which save and load user information.
   2. A cookie is a very small text file sent by a server that is used in a website operation to the user’s browser, and saved on the hard disk of the user’s computer. When the user subsequently visits the website, the website server reads the cookie file saved on the user’s hard disk. Cookies are used to maintain the user’s environment settings and provide customized service.
   3. Cookies do not automatically or actively collect individual identification information, and users can reject cookie usage or delete cookies at any time.
2. B. Purpose of the Use of Cookies by the Company
   To analyze the frequency of access, type of access, and duration of access to the Company’s services and website.
   To identify the degree of participation in each event, the type of service use, the scale of users, etc.
3. C. How to block cookies from getting saved
   1. You have the right to block cookies from getting saved on your hard drive. 'This can be done by going to your web browser’s option settings to allow all cookies, ask for permission each time cookies get saved, or to block all cookies from getting saved.
   2. The method of designation to allow cookie installation is as follows.
      1. Internet Explorer: Go to [Tools] at the top of the browser → [Internet Options] → [Personal Information] → [Advanced]
      2. Chrome: Go to [︙] at the top-right of the browser → [Settings] → [Privacy and security] → [Cookie and other site data] to change your settings.
      ※ Other web browsers adhere to their respective settings.
   3. However, if the user refuses to have cookies saved, some services may be no longer available.

11. Technical and administrative personal information protection measures

The Company is establishing the following technical and administrative measures to secure safety in the handling of users’ personal information by preventing the loss, theft, or leakage of, tampering with and/or damage to personal information.

1. A. Password Encryption
   The password for an ID is saved and managed in an encrypted format and is known to the respective user only, and only the user who has the password can check and change his or her personal information.
2. B. Countermeasures for Hacking, etc.
   The Company makes the utmost effort to prevent members’ personal information from being leaked or damaged by hacking or computer viruses. Data backup is administered as frequently as necessary to prevent personal information damage, leakage or damage of users’ personal information and data is prevented using the latest vaccine program, and safe transmission of personal information on the network is ensured through the application of encrypted communication.
3. C. Minimization and Training of Employees Handling Personal Information
   The Company limits the privilege of personal information access to its employees, consignees and the representatives that need to access personal information to process it in place of the Company, and the employees handling personal information are limited to persons in charge of personal information handling. These persons are imposed with a strict duty of confidentiality by contract and, in the case of a breach, are subject to sanctions or termination of contract. The Company allocates and regularly updates separate passwords for access to personal information, and constantly emphasizes compliance with the Privacy Policy by providing training to the persons in charge as frequently as necessary.
4. D. Operation of a Personal Information Protection Organization
   The Company strives to verify compliance with the Privacy Policy and operation status of the persons in charge by operating an internal organization dedicated to personal information protection in order to correct any issues immediately upon detection. The Company, however, is not liable for any issues caused by the leakage of personal information, such as IDs or passwords, due to network problems or the user’s negligence.

12. Privacy Officer and Personal Information Breach-related Consultation and Report

The Company designates a privacy policy officer that assumes general responsibility for privacy handling-related operations as follows in order to handle the complaints of data subjects and execute damage relief in relation to personal information handling. In addition, the Company collects users’ opinions about personal information, and operates a customer service center to handle related complaints.

Chief Privacy Officer

Department that handles issues on personal information

1. A. Authorities and consulting agencies handling infringement of personal information in the Republic of Korea
   1. Infringement of Personal Information Report Center (https://privacy.kisa.or.kr / Without Area Code 118)
   2. Supreme Prosecutors’ Office Cybercrime Investigation Division (https://www.spo.go.kr / Without Area Code: 1301)
   3. Korean National Police Agency Cyber Bureau (ecrm.police.go.kr / Without Area Code: 182)
2. B. Company and agency in charge of personal information protection in Europe (located in the Republic of Korea)
   If you are residing in Europe, you may ask questions regarding your personal information through the following contact information.
   111, Digital-ro 26-gil, Guro-gu, Seoul, Republic of Korea, PHOENIXDARTS CO. LTD. Department that handles issues on personal information
   E-mail : dpo@phoenixdart.com
   
   Company and agency in charge of personal information protection in Europe
   [Grupoaliaga] has been appointed as PHOENIXDARTS's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, [Grupoaliaga] can be contacted in addition to dpo@phoenixdart.com, only on matters related to the processing of personal data.
   To make such an inquiry, please contact [Grupoaliaga] using this contact form: E-mail: SOPORTE@GRUPOALIAGA.COM
   
   
   1. Datos de contacto del delegado de protección de datos:
      Francisco Aritio 162 Edif.2 Office 231, 19004 Guadalajara
      E-Mail : SOPORTE@GRUPOALIAGA.COM

13. Linked Websites

The Company may provide you with links to the websites or data of other companies. In this case, the Company does not have any control over the external websites and data, and therefore is not responsible for or cannot guarantee the usefulness, verity or legitimacy of the services or data provided. When relocated to an external website by clicking a link included in the Company’s website, the user must check the privacy policy of the website as it is not related to the Company.

14. Privacy Policy Change

1. A. This Privacy Policy applies from 19th, July, 2023, and the previous version of the Privacy Policy can be found below.
2. B. When the content of the Privacy Policy is added to, deleted and/or modified, the Company notifies it in “Notice” section of the website. In the case of an important change regarding users’ rights, such as in relation to personal information collection and use or third-party provision, the change is notified at least 30 days in advance.