Black Desert Mobile Privacy Policy (Global) 

  

1. What type of information does Pearl Abyss collect, and how? 
2. Why does Pearl Abyss collect personal information? 
3. Does Pearl Abyss share personal information with third parties? 
4. How long does Pearl Abyss store personal information, and how is it deleted? 
5. How does Pearl Abyss transfer personal information overseas? 
6. How does Pearl Abyss protect personal information? 
7. What personal information is automatically collected? 
8. What rights and choices do users have pertaining to their personal information? 
9. Is there an age restriction for using the service? 
10. How do you contact Pearl Abyss? 
  
 

Pearl Abyss and its affiliated or subsidiary companies (hereinafter referred to as “Pearl Abyss” or the “Company”) provide game services such as PC, console, mobile, and other services such as official website (hereinafter referred to as “Services”). The Company stores, processes, and shares personal information in certain circumstances in order to provide these services. The Company is committed to protecting the security of users’ personal information provided to use the Company’s services. 
   
The Company aims to provide information on how and for what purposes users’ personal information is used, and what measures the Company takes to protect users’ personal information through this Privacy Policy. 

 

This policy is subject to change due to government regulations such as laws, or the Company’s internal policy changes, and the Company strives to comply with laws and their subordinate regulations. The Company discloses the policy in multiple languages. Please refer to the privacy policy for the region in which you are playing. 

 

1. What type of information does Pearl Abyss collect, and how?   
The Company collects the following personal information when users sign up, use provided services, create data, edit account information, and through phone calls, faxes, customer support, event participation, partnered companies, and other methods. 

 

1) Information provided by users 
① Following information is collected when registering an account for Black Desert Mobile: 

 - Google: social login identifier 

 - Apple: social login identifier 

 - LINE: social login identifier 

* Playing the game or syncing to an official account with a Google, Apple, or LINE account will only collect information on the social login identifier provided by each social networking service. No other information provided by these social networks is collected or stored. 

* Only members who have previously registered their accounts with Facebook or X (formerly "Twitter") have their respective social login identifiers processed. The Company no longer provides Facebook or X (formerly "Twitter") as account registration methods; thus, related social login identifiers will not be collected. 

 

② The following information is collected when additional service is provided. 

Secondary password: Email address, secondary password 

Purchase: Information required to use the payment method 

Customer support: Information required for support, including email address  

Events/Promotions: Information required for the event/promotion, including name and address 

Gift delivery: Name, address, email address 

Pre-registration and related notices: email address 

Announcements and various notifications: email address 

Tax Reporting and Processing: information specified as necessary for tax-related reporting according to the laws of each country, including serial number 

 

2) Information collected while using the services  

The following information may automatically be collected while using the services. 

- IP address, web service history, gameplay information, unauthorized gameplay records, purchase history, cookies. 

- Mobile device information (model, OS information, advertising ID, etc.) 

  

2. Why does Pearl Abyss collect personal information? 

The Company collects and uses information for the following purposes. 

 

1) The Company process the necessary data to provide services 
 The Company processes necessary data for the following reasons in order to provide services based on the contractual relationship with users: 
 - To allow users to create accounts and use our services; 
 - To operate our services; 
 - To provide products and services; 
 - To provide service-related information; 
 - To settle payments for purchases and uses of paid services; 
 - To abide by relevant legislation   

  

2) The Company collects data to provide more appropriate services to users. 
The Company collects and processes necessary data for the following reasons in order to provide appropriate services to the users: 

- To improve the services; 
- To update player profiles and improve features; 

- To set and manage registered user accounts; 

- To provide updates; 
- To maintain user settings and provide content; 
- To respond and provide support to submitted user opinions or inquiries; 
- To provide notices regarding Terms of Service changes, service disruptions, customer support matters, updates, security alerts, and support messages.; 
- To create events and promotion programs; 
- To send event and promotion gifts 

 

3) The Company processes necessary data to maintain safe and fair services. 
The Company collects and processes necessary data for the following reasons in order to maintain safe and fair services: 

- To prevent and limit abusive and unauthorized use by malicious users; 
- To provide services to protect personal information; 
- To allow for a quality game experience across multiple devices; 

- To find bugs, errors, and provide solutions; 
- To analyze data in response to disputes. 

 

4) The Company processes necessary data to deliver targeted advertisements and marketing information. 
 - To track content accessed by users in relation to services and online behaviors; 
 - To customize advertisements and offer targeted marketing and promotions; 
 - To provide customized gaming services such as content and features tailored to interests of individual users. 

 

5) The Company may analyze and classify the entirety of the collected data after anonymization. 

 

3. Does Pearl Abyss share personal information with third parties? 
The Company may share personal information with third parties through due legal process if the user has given prior consent, if it is necessary to provide services, or to comply with applicable laws. 

 

1) In the event the user consented in advance 

 
- Before collecting or providing information, the Company informs users of to whom the information will be provided, which information will be provided, and the purpose for providing the information, and obtains consent before providing personal information to third parties. 

 

2) In the event that it is necessary to provide our services 

2-1) Other users and public 

- Posts uploaded on the forums in the official website will be displayed for other users and the public. 

- In-game public chat will be displayed for other users. 

- In the event users violate Terms of Service or Operational Policies, or win an event, parts of the user’s in-game information may be displayed on in-game pages, the official website, or official community forums. 

 

2-2) Business Partners 

The Company may share personal information to its business partners and vendors to provide services. 

- Payment Service Provider: To process and receive results of payments without issue; 

- Cloud Platform Provider: To use cloud services and for associated data processing and storage 

- Event Agency: To manage tickets and the hosting of online and offline events; 

- Marketing Agency: To provide services tailored to individual interests; 

- Other business partners: To provide various gameplay services including detecting and preventing unauthorized activities and providing customer service. 

 

3) In order to comply with applicable laws 

 3-1) Public authorities and investigative bodies 

- The Company may disclose user data to public authorities by the due process of law to abide by the law, protect the Company, its employees,ㄴ other rights, properties, or safety. 
 - The Company may also provide user data based on legal requirements or upon request from investigative authorities in accordance with procedures defined by applicable law. 

 

4. How long does Pearl Abyss store personal information, and how is it deleted? 
 1) Personal Information Retention and Deletion Period  

The Company maintains and uses personal information for as long as a user’s account remains active. In principle, once the purpose for which the personal information was collected and used has been fulfilled (e.g.,x. upon ona user’s request for termination, or at the conclusion of a participatory event), the relevant information will be promptly deleted. Personal information is stored by the Company for a designated period before deletion in the following circumstances: 

 

 ① Retention according to other (termination) policies of the Company  

 - To minimize damages caused by identity theft, such as unintended account termination or unauthorized payments, the user’s personal information will be stored for 7 days after requesting account termination. 

  - To prevent abusive and unauthorized use by malicious users, ban records will be stored.  

 

② Retention mandated by law 

- When retention of personal information is required under relevant laws of each country 

  

2) Personal Information Deletion Method  

The Company destroys personal information printed on paper (e.g., printouts, written documents) by shredding or incineration, and information saved in the form of an electronic format is permanently deleted using irreversible methods. 

 

5. How does Pearl Abyss transfer personal information overseas? 

User data may be processed by Pearl Abyss and its affiliates or subsidiaries located around the world and may be transmitted to or stored in the cloud service region or IDC of the Company.  

Users can always reach Support or the personnel or department in charge of personal information and request discontinuance of overseas transfers of personal information. However, if personal information is not provided to an overseas company per request, the user may experience some limitations when using our official website or game services.  

 

* Notice for users residing in the European Economic Area (EEA) 

The Company is employing adequate security measures in order to protect personal information of users residing in the European Economic Area (EEA). Please refer to ‘6. How does Pearl Abyss protect personal information?’ for details on how the data is being protected. 

The Republic of Korea and the EU have adopted the Personal Information Protection Adequacy Decision for the transfer of personal information to the Republic of Korea in accordance with the GDPR. Personal information can be safely transferred from the EU to the Republic of Korea without the need for additional authentication under the Adequacy Decision.  

The Personal Information Protection Act in the Republic of Korea guarantees equal protection of personal information as the GDPR of the EU. 

When transferring personal information to partners and other service providers, the Company enters into contracts with such vendors based on the European Commission’s Standard Contractual Clauses when transferring such information to said companies outside EEA to ensure the personal information is transferred with adequate protection.  

  

* Notice for users residing in Japan 

Where the third parties are located: Republic of Korea, USA 

Policies and information on privacy security of said countries: CBPR Membership 

Information on privacy security measures of said third parties: The Company provides personal information to MS Azure and AWS, which implement adequate and necessary security measures and follow all 8 OECD Privacy Principles.  

 

6. How does Pearl Abyss protect personal information? 

The Company uses the following technological, management, and physical measures to prevent data loss, theft, breach, alteration, and destruction of personal information of users. 

  

1) Technological Measures 
- The Company encrypts personal information specified within relevant laws and regulations, as well as additional information, when stored. 
- Files and data transfers containing important information (including personal information) are protected by encryption, file locks, or other such security measures. 
- The Company monitors the users’ personal information at all times to prevent leaks or destruction. The Company also regularly backs up personal data, and utilizes anti-virus programs, firewalls, and other various security devices to protect personal information from hacking or viruses. 
- The Company implements necessary security measures for its systematically organized database system to process personal information. 

 

2) Management Measures 
- The Company keeps access rights to personal information to a minimum. 
- The Company carries out a training program about privacy protection on a regular basis for personnel and consigned companies handling personal information. 
- The Company has established and manages the Privacy Policy with the department in charge of privacy protection. Additionally, the Company aims to enforce internal regulations and execute regular checkups in order to rectify issues as soon as they are discovered. 

 

3) Physical Security Measures 
 - The Company has a separate location where personal information is physically stored. Entry to this location is monitored with an established entry protocol. 
 - Documents and other forms of information storage containing personal information are stored in lockable facilities in safe locations.  

 

7. What personal information is automatically collected? 

 

1) What are cookies, and why are they used?  
Cookies are temporary files stored in the user’s computer, containing data created when accessing websites. The Company uses “cookies” to track users’ language and verification information, store user setting information to provide personalized services, and create a more user-friendly website environment. 
Additionally, the Company uses cookies to collect overall statistics about the websites’ users to analyze tendencies, manage the website, and to understand how our websites are used. 

  

How to block PC web browser cookies from being saved 

Chrome: Go to [⋮] at the top-right of the browser → [New Incognito window] (Shortcut: Ctrl+Shift+N)  

Microsoft Edge: Go to […] at the top-right of the browser → [New InPrivate window] (Shortcut: Ctrl+Shift+N) 

② How to block mobile web browser cookies from being saved 

Chrome: Go to [⋮] at the top-right of the browser → [New Incognito tab] 

Safari: Settings > Apps > Safari > Advanced > Block All Cookies 

Samsung Internet: Tap the ‘Tab’ icon on the bottom of the browser > Activate Secret Mode > Turn on Secret Mode 

 

2) What is weblog analysis?  

The Company uses Google Analytics as the external weblog analyzing tool to analyze the preferences and interests of the users. To block Google Analytics, please refer to the following page:  

- How to block Google Analytics: https://tools.google.com/dlpage/gaoptout/  
  
 

3) What is targeted advertising? 

The Company provides targeted advertisements with analysis of users’ online behaviors and access records based on advertising IDs. The Company allows the following advertisers to collect behavioral data through the following methods:  

① Online advertisers providing targeted advertisement: Google, Meta (Facebook), X (Twitter)  

② Behavioral data collection method: Automatically collected when the user visits the official website or launches the application. 

③ How to block collection of Advertising ID 

  - Android: Go to Settings – Google – Ads – Delete Advertising ID [See more] 

  - IOS: Go to Settings – Privacy – Tracking – Turn off “Allow Apps to Request to Track”  

 

8. What rights and choices do users have pertaining to their personal information?  
Users are entitled to the right to view, edit, delete, restrict processing, or withdraw consent for their personal information, and the Company protects the rights of the users.  

Users may always query or modify their personal information in Settings > Account.  

Users may always delete their account in Settings > Account > Delete Account.  

If personal information is deleted due to account withdrawal, related information generated or accumulated during service use may also be deleted. 

Users can contact Customer Support or the department in charge of privacy protection to view, edit, delete, restrict processing, or withdraw consent on their personal information. 

The Company may deny requests for deleting or restricting the processing of personal information under circumstances specified by law.  

   

1) Privacy rights of users residing in the European Economic Area (EEA) 
Users residing in the European Economic Area (EEA) have the following additional rights relating to personal information, but their effectiveness and procedures may be determined in accordance with the laws of individual countries. 
① The right to contact the supervisory authority 
    
2) Privacy rights of users residing in California 
Under the California Consumer Privacy Act (CCPA), users residing in California have the right to request the following information from the Company. 
① A list of personal information disclosed to any third party for direct marketing purposes within the last 12 months. 
② Information that identifies any such third party(ies) 
The Company does not sell personal information for direct marketing purposes. For policies regarding the usage of personal information for other marketing purposes, please refer to Section 2. 4) “The Company processes necessary data to convey targeted advertisements and marketing information.”. 

 

9. Is there an age restriction for using the service

1) Account registration

The Company does not knowingly collect or solicit personal information from users defined as "Children" under the applicable privacy laws of their country of residence. The Company does not intentionally target Children for customized advertising, nor does it permit them to use its services. For the purposes of this policy, "Children" refers to users: 

Under the age of 13 in the United States and Canada; 

Under the age of 16 in the European Union (or a lower age of digital consent, if provided by the law of an individual member state in accordance with the GDPR); 

Under the age of 18 in Brazil; and 

Under the age defined by any other applicable national privacy laws. 

 

Children must not submit their personal information to the Company. If the Company learns that it has collected personal information from a Child, it will take prompt steps to delete such data. If you are a Child, please do not send any personal information to the Company, including your name, address, telephone number, or email address. If you believe the Company may have in its possession information from or about a Child, please contact us immediately. 

 

 2) Game Play

- The age limit for the use of game services is set according to the game rating authorized in each service area. 

 

10. How do you contact Pearl Abyss?  
If any questions about personal information protection or have issues related to personal information should arise, please send an inquiry through Customer Support, and the Company will answer it as soon as possible.  

Department in charge of personal information

Department: Information Security Division Email: privacy@pearlabyss.com

 

1) Company and agency in charge of personal information protection in Europe 

If you are residing in Europe, you may inquire about your personal information through the following contact information. 
Company in charge of personal information protection: Pearl Abyss Corp.     
Address: 48 Gwacheon-daero 2-gil, Gwacheon-si, Gyeonggi-do, 13824, Rep. of Korea  
Email: dpo@pearlabyss.com 

 

Company and agency in charge of personal information protection in Europe  

VeraSafe has been appointed as PEARL ABYSS's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to dpo@pearlabyss.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031 

 

VeraSafe Czech Republic s.r.o  Klimentská 46  Prague 1, 11002  Czech Republic

VeraSafe Netherlands BV  Keizersgracht 555  1017 DR Amsterdam  Netherlands

VeraSafe Ireland Ltd.  Unit 3D North Point House  North Point Business Park  New Mallow Road  Cork T23AT2P  Ireland

 

Addendum 

This policy shall enter into force starting (Month) (Day), 2025.