Superblock Co., Ltd. (hereinafter referred to as the "Company") complies with the relevant legal provisions that information service providers must adhere to, including the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Communication Secrets Protection Act. The Company strives to protect the rights and interests of users by establishing a privacy policy based on applicable laws and regulations concerning the processing of personal information related to the services provided by the Company. This privacy policy applies to the use of services provided by the Company and includes the following contents.
Article 1 (Status of Personal Information Collection and Use)
① The Company processes user's personal information for smooth service provision as follows.
Classification (task name) | Purpose of processing | Information to be collected and used | Retention/use period |
Membership Registration | • Verification and Authentication of the User's Identity
• Delivery of Various Notices and Notifications | Mandatory Information: Email address corresponding to the ID, nickname | Until the user withdraws membership.
※ If an investigation or inquiry is being conducted due to a violation of relevant laws, it will be retained until the conclusion of the investigation or inquiry, in accordance with internal regulations or relevant laws. |
Information Generated and Collected during Service Usage | • Smooth Operation and Improvement of the Service
• Prevention of Unauthorized Use of the Service | Mandatory Information: Country, visit date and time, service usage records, device information (OS, screen size, device type, location information, device identifier, advertising ID), device token, IP address | Same as above |
Identity Verification (KYC) | • Provision of Identity Verification (KYC) Service | Mandatory Information: Name, CI (Customer Identifier), DI (Device Identifier), mobile phone number, date of birth, gender, telecommunications company, information about domestic/foreign status, and other information required for identity verification (KYC) | Until the user withdraws membership or revokes consent.
※ If an investigation or inquiry is being conducted due to a violation of relevant laws, it will be retained until the conclusion of the investigation or inquiry, in accordance with internal regulations or relevant laws. |
Product Purchase and Delivery | • Product delivery and purchase history guidance | Mandatory Information: Name (Recipient), Address, Contact (e.g., mobile phone number) | Same as above |
② User's personal information is collected during the process of user registration and service usage when the user agrees to the collection of personal information and provides information directly during service usage.
③ The Company processes and retains personal information within the period specified in the related laws or within the period agreed upon by the information subject at the time of collecting personal information. However, in the following cases, personal information is processed and retained until the end of the respective reasons:
1) In case of ongoing investigations or inquiries due to violations of relevant laws, until the end of the investigation or inquiry. 2) In case of the existence of creditor-debtor relationships resulting from website usage, until the settlement of the relevant creditor-debtor relationship. 3) In case of the obligation to retain according to relevant laws, until the end of the specified retention period:
- Communication Secrets Protection Act: Website visit records (3 months).
- Act on Promotion of Information and Communications Network Utilization and Information Protection: Records of personal identification (6 months).
Article 2 (Handling of Personal Information of Children Under 14 Years of Age)
The Company does not collect or use information about individuals under the age of 14 who require the consent of their legal representatives, such as parents or guardians, or individuals of the age for which parental consent is required according to the user's country.
Article 3: Matters Concerning Outsourcing of Personal Information Processing
The Company outsources personal information processing tasks for smooth personal information management and supervises whether the entrusted party processes personal information safely.
Outsourced Parties (Data Processors) | Outsourced Tasks |
Google Cloud Platform (Google Inc.) | • Storage and Analysis of Information |
Amazon Web Services, Inc. | • Storage of Information |
AppsFlyer | • Storage and Analysis of Information |
Article 4: Provision of Personal Information to Third Parties
If the Company intends to provide a user’s personal information to third parties, it will first obtain the user’s consent, detailing the recipient of the personal information, the purpose of the recipient’s use of the information, the specific personal information to be provided, and the retention and usage period of the recipient. This consent may be obtained either during membership registration or through a separate process. If the user does not consent, their personal information will not be provided to third parties. Even if the user consents to the provision of their personal information, they may withdraw their consent at any time.
The Recipient of Personal Information | The purpose for which the recipient of personal information uses such information | Particulars of personal information to be provided | The period during which the recipient retains and uses personal information |
Over Foundation LTD. | To verify airdrop recipients and the amount of Over Tokens, and to facilitate the airdrop process. | Email address | Until three months from the start date of the Over Token airdrop. |
OverFlex Co., Ltd. | To identify buyers and facilitate their use of the OverFlex Market. | Email address | Until user withdrawal |
Delivery Service Providers (courier, etc.) | Product shipping, returns, and exchanges | Name (Recipient), Address, Contact (e.g., mobile phone number) | 3 months after delivery is completed (for dispute resolution) or any period required under applicable law |
Article 5: Matters Concerning Overseas Transfer of Personal Information
The Company entrusts the personal information of users to overseas cloud services for data analysis and data loss prevention.
Company Name | Purpose of Transfer | Contact | Data Transferred to | Information Transferred | When and How | Duration of retention and use |
Google Cloud Platform | Data storage on Google Cloud Storage and data analysis via Google BigQuery | 080-822-1422 | United States | All collected personal information | Personal information is stored in the Google Cloud Computing environment within minutes after data collection. | Until user withdrawal or termination of the outsourcing contract |
Amazon Web Services, Inc | Data storage using Simple Storage Service | 02-1544-8667 | United States | All collected personal information | Personal information is stored in the Amazon Cloud Computing environment within minutes after data collection. | Until user withdrawal or termination of the outsourcing contract |
AppsFlyer | Data storage and data analysis by queries | United States | All collected personal information | Personal information is stored in a cloud computing environment within minutes after data collection. | Until user withdrawal or termination of the outsourcing contract |
Article 6: Personal Information Disposal Procedure
① When personal information becomes unnecessary due to the expiration of the retention period or achievement of the processing purpose, the Company promptly disposes of such personal information. However, in cases where there is a specified retention period within the Company's internal policies or relevant laws, the personal information is stored and managed separately for a certain period before disposal.
② Personal information printed on paper is shredded or incinerated, and electronically stored records are deleted using technical methods that prevent reproduction.
Article 7: Rights, Obligations, and Exercise Methods of Information Subjects and Legal Representatives
① Information subjects can inquire about or modify personal information, request the withdrawal of consent for collection/use, or request termination of membership.
② The exercise of the above rights can be made through the personal information protection officer by sending an email or other means according to Article 41(1) of the Enforcement Decree of the Personal Information Protection Act.
③ The exercise of rights can also be done through the legal representative or a proxy with delegated authority. In this case, the person making the request must submit a power of attorney according to the format in Annex 11 of the Enforcement Rule of the Personal Information Protection Act.
④ The right to access and request processing suspension of personal information may be limited according to Article 35(4) and Article 37(2) of the Personal Information Protection Act.
⑤ The request for correction and deletion of personal information cannot be made in cases where the relevant personal information is specified as a collection target under other laws.
⑥ The Company confirms whether the requester of access, correction, deletion, or suspension of personal information is the information subject or a legitimate representative.
Article 8: Matters Concerning the Security of Personal Information
The Company establishes and operates the necessary technical, administrative, and physical protection measures for security in accordance with Article 29 of the 「Personal Information Protection Act」, including:
- Technical countermeasures against hacking, etc
- Installation and regular updates of security programs to prevent personal information leakage and damage caused by hacking, computer viruses, and similar threats.
- Implementation of systems in restricted access areas with both technical and physical monitoring and blocking measures to prevent unauthorized access from external sources.
- Monitoring and detection of network traffic to identify attempts of illegal information alteration and other unauthorized activities.
- Preservation and Prevention of Tampering Access Records
- Retention and management of access records (web logs, summary information, etc.) to the personal information processing system for a minimum of 2 years.
- Implementation of security features to ensure the integrity and protection of access records against tampering, theft, or loss.
- Access Control to Personal Information
- Establishment and operation of procedures for granting, modifying, and revoking access permissions to the systems processing personal information.
- Utilization of intrusion detection systems to control unauthorized access attempts from external sources.
Article 9: Installation, Operation, and Rejection of Automatic Personal Information Collection Devices
① The Company uses "cookies" for the following purposes. A cookie is a small amount of information that the server (http) used to operate the website sends to the user's computer browser or mobile application, and is stored on the user's computer's internal hard disk or mobile device.
- Purpose of cookie use: To provide convenient service functions
- Disadvantages of refusing to store cookies: There may be difficulties in using customized services.
- Installation/Operation and Rejection of Cookies: Depending on the type of browser or app, you can refuse to save cookies in the following ways.
- How to set cookies if you use Google Chrome look
- How to set cookies if you use Microsoft Edge look
- How to set cookies if you use Safari look
- How to set cookies if you use the Safari App look
- How to set cookies if you use Chrome App look
- How to set cookies when using the Naver App: Settings > Browsing History > Delete Cookies
- Android: Settings > Applications > Select Services > Storage > Clear Cache
- iOS: Settings > Privacy > Tracking > Select Disable Service App
② In order to provide users with a better experience, the Company uses a "web log analysis tool" that automatically collects and analyzes behavioral information such as visit records and access methods when accessing the homepage/app. In some cases, the Company outsources web log analysis to a third party, and the information collected in the process may be transferred overseas.
Article 10: Matters Concerning the Personal Information Protection Officer
The Company designates a personal information protection officer who is responsible for the overall management of personal information processing and handles complaints and damage relief related to personal information processing. Please contact the responsible department for quick and sufficient responses to user inquiries.
division | manager | contact |
Personal Information Protection Officer | Title/Position: CPO
Name: Joong-ho Lee | privacy@superblock.xyz |
Article 11: Methods for Remedying Information Subject's Rights Infringement
① The Company ensures the information subject's right to self-determination regarding personal information and makes efforts to provide counseling and remedies for damages caused by personal information infringements. If necessary, please contact the relevant department for reporting or consultation.
② Information subjects can apply for dispute resolution or consultation related to damages caused by personal information infringement to the Personal Information Dispute Mediation Committee, KISA Privacy Infringement Report Center, and other institutions in order to receive relief from personal information infringement. For other reports or consultations regarding personal information infringements, please contact the following institutions:
- Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
- KISA Privacy Infringement Report Center: 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
- National Police Agency: 182 (ecrm.cyber.go.kr)
③ According to the provisions of Article 35 (right to access personal information), Article 36 (right to correction or deletion of personal information), and Article 37 (right to request suspension of personal information processing) of the Personal Information Protection Act, those who have suffered infringement of rights or interests due to decisions or actions of public authorities can request administrative adjudication in accordance with the Administrative Adjudication Act.
- Central Administrative Appeals Commission: (without an area code) 110 (www.simpan.go.kr)
Supplementary Provisions
This policy will be effective from Mar 21, 2025.