FACTBLOCK GLOBAL PTE. LTD. (“we” or the “Company”) lawfully processes and securely manages personal information in compliance with the Personal Information Protection Act (“PIPA”) and other applicable laws and regulations in order to protect the rights and freedoms of users. Accordingly, pursuant to Article 30 of the PIPA, we have established and disclosed this Privacy Policy (the “Policy”) to inform users of the procedures and standards for the processing of personal information and to ensure that related grievances are handled promptly and smoothly.

 

Article 1 (Scope of Collection, Purpose of Use, Retention and Use Period of Personal Information)

(1) The Company processes users’ personal information for the following purposes. The personal information processed will not be used for any purpose other than those listed below, and if the purpose of use changes, the Company will take necessary measures, such as obtaining separate consent pursuant to Article 18 of the PIPA.

1. Simplified Registration

• Simplified Registration (Apple) Collected Items: (Required) Social media linked ID / (Optional) Email

• Simplified Registration (Google) Collected Items: (Required) Social media linked ID, Email

• Simplified Registration (Kakao) Collected Items: (Required) Social media linked ID, Email / (Optional) Nickname, profile photo, gender, date of birth, birth year, phone number

• Simplified Registration (Naver) Collected Items: (Required) Social media linked ID, Email / (Optional) Nickname, gender, date of birth, age range

• Simplified Registration (MetaMask) Collected Items: (Required) Wallet address / (Optional)

• Simplified Registration (WalletConnect) Collected Items: (Required) Wallet address / (Optional)

• Purpose of Use: For user identification, membership management, service provision, customer support, and analysis for service improvement

• Grounds for Collection: User consent

• Retention and Use Period: Until member withdrawal

2. Reward Service Participation - Quests

• Collected Items: (Required) Social media linked ID (Google, Facebook, X, Discord, Telegram), email, network, wallet address

• Purpose of Use: For participant identification, winner selection and notification, reward distribution, and service operation and management

• Grounds for Collection: User consent

• Retention and Use Period: Until member withdrawal

3. Reward Service Participation - Engagement-Based Reward Service

• Collected Items: Member identifier (internal ID), advertising identifier, device and app information, participation and usage records

• Purpose of Use: For participant identification, verification of participation, reward distribution, and settlement

• Grounds for Collection: User consent

• Retention and Use Period: Until member withdrawal

4. Store Use

• Collected Items: (Required) Name, mobile phone number, date of birth, gender, Korean or other nationality, identity verification information (CI/DI), refund information (account holder name, bank name, account number)

• Purpose of Use: For redemption of coupons, items, and other products, refunds, and related inquiries

• Grounds for Collection: User consent

• Retention and Use Period: 5 years (Electronic Commerce Act)

5. Lounge Use

• Collected Items: Posts and comments created and registered by users, attached images, activity history (posting/editing/deletion records, likes/shares, follow/report history, point accrual/retrieval records)

• Purpose of Use: Content posting and display, personalized feed recommendations, leaderboard calculation and reward distribution, community operation and protection (fraud detection and moderation), handling complaints and disputes, and improving service quality and usability

• Grounds for Collection: User consent

• Retention and Use Period: Until member withdrawal

6. Lounge Influencer Agreement

• Collected Items: (Required) Name, date of birth, mobile phone number, email / (Optional) Operating channel

• Purpose of Use: For influencer applications, execution of service agreements, and provision of benefits offered by the Company

• Grounds for Collection: User consent

• Retention and Use Period: Until termination of the influencer agreement

7. Open Profile

• Collected Items: (Required) Profile image, name or nickname / (Optional) Company name, job title, introduction, social accounts (X, LinkedIn, Facebook, Discord, Telegram, etc.), email, mobile phone number

• Purpose of Use: For registration and management of open profiles, provision of communication features such as follow, messaging, and contact sharing among members, and improvement of service quality through reliable profile operations

• Grounds for Collection: User consent

• Retention and Use Period: Until member withdrawal

8. Event/Promotion

• Collected Items: (Required) Nickname, name, email, mobile phone number, mailing information (name, address, contact information) / Resident registration number (only when subject to reporting under the Income Tax Act)

• Purpose of Use: For participant identification, winner selection, and performance of all tasks related to prize distribution

• Grounds for Collection: User consent

• Retention and Use Period: Until prize delivery is completed

9. Inquiries

• Collected Items: (Required) Email

• Purpose of Use: For customer inquiries and support

• Grounds for Collection: User consent

• Retention and Use Period: 3 years

10. Personalized Services

• Collected Items: (Required) Member registration information, service usage record, access log, IP address, MAC address, HDD device information, online identifier (advertising ID, UUID, and other user identifiers), device information

• Purpose of Use: For providing customized content and services, and analysis for service improvement

• Grounds for Collection: User consent

• Retention and Use Period: Until member withdrawal

(2) The Company uses YouTube API services and complies with the Terms of Service and Privacy Policy.

• YouTube Terms of Service: https://www.youtube.com/t/terms

• Google Privacy Policy: https://policies.google.com/privacy

• YouTube API Services Terms of Service: https://developers.google.com/youtube/terms/api-services-terms-of-service

• The collected data includes the YouTube channel name, number of subscribers, number of videos, views, and video list. If you do not wish to grant the Company access to your YouTube API data, you can revoke permission at the following link: https://myaccount.google.com/permissions

(3) The Company processes and retains personal information within the personal information retention and use period required under applicable laws or consented to by users at the time of collection.

• Member information: Until membership withdrawal

• Until debt or credit relationships arising from service use are settled

(4) To prevent members from repeatedly withdrawing and re-registering or arbitrarily terminating accounts to obtain economic benefits from discount promotions, event benefits, and similar offerings provided by the Company, or from engaging in improper or unlawful conduct such as unauthorized use of another person’s identity, identity verification records are retained for three months after membership withdrawal.

(5) Where retention is required under applicable laws and regulations, the Company may retain users’ personal information for a certain period prescribed by such laws even after the purpose of collection and use has been achieved.

1. Protection of Communications Secrets Act

• Service usage-related access records (Retention Period: 3 months)

2. Electronic Financial Transactions Act

• Records related to electronic financial transactions (Retention Period: 5 years)

3. Consumer Protection in Electronic Commerce Act

• Records of contracts or subscription withdrawals (Retention Period: 5 years)

• Records of payments and supply of goods (Retention Period: 5 years)

• Records of consumer complaints or dispute handling (Retention Period: 3 years)

• Advertising records (Retention Period: 6 months)

 

Article 2 (Collection, Use, Provision, and Rejection of Behavioral Information)

(1) The Company collects and uses behavioral information in the course of service use in order to provide optimized services to data subjects, and does not provide customized advertisements.

(2) The Company collects behavioral information as follows.

1. Items of behavioral information collected: Service visit history, purchase history, other online activity information, advertising identifier

2. Method of collecting behavioral information: Automatically collected and stored through log information analysis tools (e.g., Google Analytics) when users use the service

3. Purpose of collecting behavioral information: Improving and developing services based on analysis of user interests

4. Retention and use period and subsequent processing method: Deleted upon membership withdrawal

(3) The Company collects only the minimum behavioral information necessary to improve the service and does not collect sensitive behavioral information that may clearly infringe on individuals’ rights, interests, or privacy, such as ideas, beliefs, family and relatives, education and medical history, and other social activity records.

(4) Users have the option to block the collection and use of behavioral information by the Company, and may do so as follows.

• Android: Settings > Google > Ads > Delete advertising ID

• iOS: Settings > Privacy & Security > Tracking > Turn off “Allow Apps to Request to Track”

(5) Users may make inquiries regarding behavioral information, exercise their right to refuse, and report damages through the following contact details.

• Department in charge of personal information protection

• Department: Product Team

• Email: info@playfablo.com

 

Article 3 (Provision of Personal Information to Third Parties)

(1) The Company processes users’ personal information only within the scope specified in the purpose of processing personal information and does not provide it to third parties without the user’s consent.

(2) The Company provides personal information to third parties as follows for the smooth provision of services.

1. Community Partner

• Recipient: Community operating entity

• Purpose of Provision: Participant identification for quest participation, verification of participation details, winner selection, and reward distribution

• Items Provided: Nickname, email, network information, wallet address

• Grounds for Provision: User consent

• Retention and Use Period: Until membership withdrawal

2. Reward Service Partners

• Recipients: AdPopcorn Co., Ltd., TNK Factory Co., Ltd.

• Purpose of Provision: Participant identification for reward services, verification of participation, reward distribution, and settlement

• Items Provided: Member identifier (internal ID), advertising identifier, device and app information, participation and usage records

• Grounds for Provision: User consent

• Retention and Use Period: Until membership withdrawal

(3) The Company may provide personal information to relevant authorities without the user’s consent where the Company is required to submit personal information pursuant to applicable laws and regulations, or where emergency situations arise such as disasters, infectious diseases, incidents or accidents posing an imminent danger to life or body, or imminent property loss.

 

Article 4 (Entrustment of Personal Information Processing)

(1) The Company entrusts the following personal information processing tasks in order to ensure smooth handling of personal information.

1. FACTBLOCK Corporation

• Details of Entrusted Work: Development and operation/management services for providing the service

• Retention and Use Period: Until membership withdrawal or termination of the entrustment agreement

2. Amazon Web Services, Inc. (Seoul Region)

• Details of Entrusted Work: Data storage and management

• Retention and Use Period: Until membership withdrawal or termination of the entrustment agreement

3. NICE Information Service Co., Ltd.

• Details of Entrusted Work: Provision/operation of mobile phone identity verification services

• Retention and Use Period: Not separately stored, as the information is already held by the contractor

4. NHN Cloud Corporation

• Details of Entrusted Work: Provision/operation of international SMS delivery services

• Retention and Use Period: Until membership withdrawal or termination of the entrustment agreement

(2) In accordance with Article 26 of the PIPA, when entering into an entrustment contract, the Company specifies in documents such as contracts matters including prohibition of processing personal information other than for the purpose of performing entrusted work, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the entrusted party, and liability for damages.

(3) If the details of entrusted work or the entrusted party change, the Company will disclose such changes through this Policy without delay.

 

Article 5 (Procedures and Methods for Destruction of Personal Information)

(1) When personal information becomes unnecessary, such as upon expiration of the retention period or achievement of the processing purpose, the Company destroys such personal information without delay.

(2) Where personal information must continue to be preserved pursuant to other laws and regulations even after the retention period consented to by the user has expired or the purpose of processing has been achieved, such personal information will be transferred to a separate database or stored in a different storage location.

(3) The procedures and methods for destruction of personal information are as follows.

1. Destruction procedure: The Company selects personal information for which grounds for destruction have arisen and destroys such personal information with the approval of the Company’s Privacy Officer.

2. Destruction method: Personal information stored in electronic files is destroyed so that the records cannot be reproduced, and personal information stored in paper documents is destroyed by shredding or incineration.

 

Article 6 (Rights and Duties of Users and Legal Representatives and Methods of Exercising Them)

(1) Users may exercise their rights against the Company at any time, including requesting access to, correction, deletion, and suspension of processing of personal information. However, such rights may be restricted under applicable laws including Article 35(4), Article 36(1), and Article 37(2) of the PIPA.

(2) Users may exercise their rights by e-mail, telephone, or other means pursuant to Article 41(1) of the Enforcement Decree of the PIPA, and the Company will take action without delay.

(3) The exercise of rights may be made through a legal representative or authorized agent. In such case, a power of attorney in the form set forth in attached Form 11 of the “Public Notice on Personal Information Processing Methods (No. 2023-12)” must be submitted.

(4) Users and legal representatives may access or correct personal information in ‘Settings > Profile Management > Account Information’ after logging into the service.

(5) If personal information subject to correction or deletion is specified as a collection item under other laws, deletion cannot be requested.

(6) The Company verifies whether the person requesting access, correction, deletion, or suspension of processing is the user or a legitimate agent.

 

Article 7 (Measures to Ensure Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information.

1. Administrative measures

• Establishment and implementation of internal management plans

• Minimization of personnel handling personal information and implementation of information protection training

2. Technical measures

• Installation of security programs and regular updates to prevent leakage or damage due to hacking or computer viruses

• Management of access rights to personal information processing systems and use of intrusion prevention systems

• Encryption of important personal information such as user passwords

3. Physical measures

• Designation and operation of protected areas such as controlled or restricted areas

• Access control procedures for unauthorized persons

 

Article 8 (Privacy Officer)

(1) The Company designates the following Privacy Officer who is responsible for the overall handling of personal information and user complaints related to personal information processing.

• Department: Product Team

• Name: Kwon-Sam Lee

• Email: info@playfablo.com

(2) Users may file a request for access to personal information pursuant to Article 35 of the PIPA with the following department.

• Department: Product Team

• Email: info@playfablo.com

(3) Users may contact the Privacy Officer or the department in charge regarding all personal information protection inquiries, complaints, and damage relief arising from use of the Company’s services.

(4) The Company is not liable for damages not attributable to the Company, such as user negligence or accidents occurring in areas not managed by the Company, even though the Company has fulfilled the technical, physical, and administrative measures required by law.

 

Article 9 (Methods of Remedy for Infringement of Rights and Interests)

(1) Users may apply for dispute resolution or consultation with the following organizations regarding personal information infringement.

• Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)

• Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)

• National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)

• Supreme Prosecutors’ Office: (without area code) 1301 (www.spo.go.kr)

(2) Any person whose rights or interests have been infringed due to a disposition or omission made by the head of a public institution in response to a request under Articles 35, 36, and 37 of the PIPA may file an administrative appeal in accordance with the Administrative Appeals Act.

• Central Administrative Appeals Commission: (without area code) 110 (www.simpan.go.kr)

 

Article 10 (Changes to the Privacy Policy)

(1) This Policy is effective as of March 16, 2026.

(2) Previous versions of the Privacy Policy may be found at the top of this document.