Notice
Greetings, Adventurers.
Amendments will be made to the Privacy Policy of Black Desert Mobile effective March 31, 2026 (Tue).
The full version of the current Privacy Policy and the amendment can be found below.
Please refer to the following link for the current version of Black Desert Mobile Privacy Policy:
[Black Desert Mobile Privacy Policy]
📝 Notice on Amendment regarding Black Desert Mobile Privacy Policy
※ Amendments are marked in red.
|
Before |
After |
|
Table of Contents |
|
|
1. What type of information does Pearl Abyss collect, and how? |
1. What type of information does Pearl Abyss collect, and how? 2. What is the legal basis for Pearl Abyss to process personal information? 3. Why does Pearl Abyss process personal information? 4. Does Pearl Abyss share personal information with third parties? 5. How long does Pearl Abyss store personal information, and how is it deleted? 6. How does Pearl Abyss transfer personal information overseas? 7. How does Pearl Abyss protect personal information? 8. What personal information is automatically collected? 9. What rights and choices do users have pertaining to their personal information? 10. Is there an age restriction for using the service?
|
|
Introduction |
|
|
Pearl Abyss and its affiliated or subsidiary companies (hereinafter referred to as “Pearl Abyss” or the “Company”) provide game services such as PC, console, mobile, and other services such as official website (hereinafter referred to as “Services”). The Company stores, processes, and shares personal information in certain circumstances in order to provide these services. The Company is committed to protecting the security of users’ personal information provided to use the Company’s services. The Company aims to provide information on how and for what purposes users’ personal information is used, and what measures the Company takes to protect users’ personal information through this Privacy Policy. This policy is subject to change due to government regulations such as laws, or the Company’s internal policy changes, and the Company strives to comply with laws and their subordinate regulations. The Company discloses the policy in multiple languages. Please refer to the privacy policy for the region in which you are playing.
|
Pearl Abyss and its affiliated or subsidiary companies (hereinafter referred to as “Pearl Abyss” or the “Company”) provide game services such as PC, console, mobile, and related services through integrated websites (hereinafter referred to as “Services”). The Company collects, uses, stores, and processes users’ personal information in order to provide these services, and is committed to protecting the security of users’ personal information provided to use the Company’s services during said processes.
The Company aims to provide information on how and for what purposes users’ personal information is used, and what measures the Company takes to protect users’ personal information through this Privacy Policy.
This policy is subject to change due to government regulations such as laws, or the Company’s internal policy changes, and the Company strives to comply with laws and their subordinate regulations. The Company discloses the policy in multiple languages. Please refer to the privacy policy for the region in which you are playing.
|
|
1. What type of information does Pearl Abyss collect, and how? |
|
|
The Company collects the following personal information when users sign up, use provided services, create data, edit account information, and through phone calls, faxes, customer support, event participation, partnered companies, and other methods.
1) Information provided by users ① Following information is collected when registering an account for Black Desert Mobile: - Google: social login identifier - Apple: social login identifier - LINE: social login identifier * Playing the game or syncing to an official account with a Google, Apple, or LINE account will only collect information on the social login identifier provided by each social networking service. No other information provided by these social networks is collected or stored. * Only members who have previously registered their accounts with Facebook or X (formerly "Twitter") have their respective social login identifiers processed. The Company no longer provides Facebook or X (formerly "Twitter") as account registration methods; thus, related social login identifiers will not be collected.
② The following information is collected when additional service is provided. Secondary password: Email address, secondary password Purchase: Information required to use the payment method Customer support: Information required for support, including email address Events/Promotions: Information required for the event/promotion, including name and address Gift delivery: Name, address, email address Pre-registration and related notices: email address Announcements and various notifications: email address Tax Reporting and Processing: information specified as necessary for tax-related reporting according to the laws of each country, including serial number
2) Information collected while using the services The following information may automatically be collected while using the services. - IP address, web service history, gameplay information, unauthorized gameplay records, purchase history, cookies. - Mobile device information (model, OS information, advertising ID, etc.) |
The Company collects the following personal information when users sign up, use provided services, create data, edit account information, and through phone calls, faxes, customer support, event participation, partnered companies, and other methods.
① Information collected to register an account for Black Desert Mobile: - Social login: social login identifier - Date of birth ※ Only members who have previously registered their accounts with Facebook or X (formerly "Twitter") have their respective social login identifiers processed. The Company no longer provides said platforms as account registration methods; thus, related social login identifiers will not be collected. ② Information collected to create a secondary password - Email address - Secondary Password ③ Information collected to provide additional services - Purchase: Purchase history (Date of purchase, purchased items, order number, charge) ※ Detailed information required during the payment process (credit card, bank transfer, simple payment service, etc.) is collected directly by the payment service provider. - Customer support: Contact information for customer support and information required to process inquiries - Events and promotions: Information required for the event and promotion, including name and address - Gift delivery: Name, address, email address, contact information - Pre-registration and related notices: Email address - Announcements and various notifications: Email address - Tax Reporting and Processing: Information specified as necessary for tax-related reporting according to the laws of each country, including a serial number
2) Information automatically collected while using the Services - IP address, gameplay and service history, game version information, unauthorized gameplay records, purchase history, cookies, mobile device information (model, OS information, advertising ID, etc.) |
|
2. What is the legal basis for Pearl Abyss to process personal information? (New) |
|
|
- |
The Company complies with the legislation of the region where the users reside, and processes personal information in accordance with the following legal bases. The applicable legal bases depend on various circumstances, including but not limited to the type of information collected, the circumstances of collection, the services used, and the user’s location (IP address or country settings of the device). The Company complies with the following bases to process users’ personal information in a lawful and transparent manner.
1) Fulfillment of contract Processing user information in order to allow users to create accounts or provide and operate essential features for the service based on the contractual relationship with users is based on the fulfillment of said contract.
2) Legitimate interest The Company may process user information when it is determined that the pursuit of legitimate interests of the Company or a third party overrides the rights of privacy and freedoms of the user. This includes achieving the legitimate operational purposes of the Company, such as protecting the integrity of the services, maintaining fairness, and enhancing security.
3) Compliance with legal obligations The Company processes user information to comply with relevant legal obligations of each country, such as retention of personal information or submission of said information to relevant authorities.
4) Protection of vital interest of users The Company may process user information to protect the life, body, and safety of said user or other individuals as an emergency measure.
5) Consent
※ The Company is committed to identifying the optimal legal basis and process personal information accordingly in jurisdictions where specific legal basis stated above is not recognized as legitimate under applicable laws of each country of service. |
|
3. Why does Pearl Abyss process personal information? |
|
|
The Company collects and uses information for the following purposes.
1) The Company process the necessary data to provide services The Company processes necessary data for the following reasons in order to provide services based on the contractual relationship with users: - To allow users to create accounts and use our services; - To operate our services; - To provide products and services; - To provide service-related information; - To settle payments for purchases and uses of paid services; - To abide by relevant legislation
2) The Company collects data to provide more appropriate services to users. The Company collects and processes necessary data for the following reasons in order to provide appropriate services to the users: - To improve the services; - To update player profiles and improve features; - To set and manage registered user accounts; - To provide updates; - To maintain user settings and provide content; - To respond and provide support to submitted user opinions or inquiries; - To provide notices regarding Terms of Service changes, service disruptions, customer support matters, updates, security alerts, and support messages.; - To create events and promotion programs; - To send event and promotion gifts
3) The Company processes necessary data to maintain safe and fair services. The Company collects and processes necessary data for the following reasons in order to maintain safe and fair services: - To prevent and limit abusive and unauthorized use by malicious users; - To provide services to protect personal information; - To allow for a quality game experience across multiple devices; - To find bugs, errors, and provide solutions; - To analyze data in response to disputes.
4) The Company processes necessary data to deliver targeted advertisements and marketing information. - To track content accessed by users in relation to services and online behaviors; - To customize advertisements and offer targeted marketing and promotions; - To provide customized gaming services such as content and features tailored to interests of individual users.
5) The Company may analyze and classify the entirety of the collected data after anonymization. |
The Company collects and uses information for the following purposes.
1) To process the necessary data for providing services The Company processes necessary data for the following reasons in order to provide services based on the contractual relationship with users: - To support users’ account creation and use of service; - To provide products and operate services; - To provide information on use of service; - To settle payments for purchases and uses of paid services; - To fulfill the legal obligations under relevant laws and regulations.
2) To provide better services to users The Company collects and processes necessary data for the following reasons in order to provide appropriate services to the users. The Company may analyze the collected data after anonymization for the purpose of service improvement: - To improve the services and features; - To set and manage registered user accounts, and update user profiles; - To maintain user settings and provide content - To respond and provide support to submitted user opinions or inquiries; - To provide updates and notices regarding Terms of Service changes, service disruptions, customer support, and security alerts for the services; - To operate programs and send prizes for events and promotions.
3) To maintain safe and fair services The Company collects and processes necessary data for the following reasons in order to maintain safe and fair services: - To prevent and limit abusive and unauthorized use by malicious users; - To provide services to protect personal information; - To allow for a quality game experience across multiple devices; - To find bugs, errors, and provide solutions; - To analyze data in response to disputes.
4) To deliver targeted advertisements and marketing information - To track and analyze content accessed by users in relation to services and online behaviors; - To customize advertisements and offer tailored marketing and promotions; - To provide customized gaming services such as content and features tailored to the interests of individual users. |
|
4. Does Pearl Abyss share personal information with third parties? |
|
|
The Company may share personal information with third parties through due legal process if the user has given prior consent, if it is necessary to provide services, or to comply with applicable laws.
1) In the event the user consented in advance - Before collecting or providing information, the Company informs users of to whom the information will be provided, which information will be provided, and the purpose for providing the information, and obtains consent before providing personal information to third parties.
2) In the event that it is necessary to provide our services 2-1) Other users and public - Posts uploaded on the forums in the official website will be displayed for other users and the public. - In-game public chat will be displayed for other users. - In the event users violate Terms of Service or Operational Policies, or win an event, parts of the user’s in-game information may be displayed on in-game pages, the official website, or official community forums.
2-2) Business Partners The Company may share personal information to its business partners and vendors to provide services. - Payment Service Provider: To process and receive results of payments without issue; - Cloud Platform Provider: To use cloud services and for associated data processing and storage - Event Agency: To manage tickets and the hosting of online and offline events; - Marketing Agency: To provide services tailored to individual interests; - Other business partners: To provide various gameplay services including detecting and preventing unauthorized activities and providing customer service.
3) In order to comply with applicable laws 3-1)Public authorities and investigative bodies - The Company may disclose user data to public authorities by the due process of law to abide by the law, protect the Company, its employees, other rights, properties, or safety. - The Company may also provide user data based on legal requirements or upon request from investigative authorities in accordance with procedures defined by applicable law. |
The Company may share personal information with third parties through due legal process if the user has given prior consent, if it is necessary to provide services, or to comply with applicable laws.
1) In the event the user consented in advance The Company informs users of the recipient, purpose, items, retention, and usage period before providing personal information to third parties and obtains prior consent as required by applicable laws.
2) Information disclosed by the user within the service When users access services open to public, relevant information may be displayed for other users and the public. - Chats: in-game public chat will be displayed for other users; - Notices: minimum information of users will be displayed in public via notice on access restrictions or event winners.
3) Business partners to whom work is outsourced The Company provides personal information to business partners to provide services without issue. The Company includes necessary provisions in the contract to ensure that personal information is processed safely. - Payment service providers: to process and receive results of payment; - Cloud service providers: to provide system infrastructure, data processing, and storage for service operation; - Event agencies: to conduct online and offline events, verify participants, and deliver prizes; - Marketing agencies: to conduct events and promotional campaigns, and send advertising information within the scope of user consent; - Customer support and security operation providers: To provide customer service, detect and prevent unauthorized activities, and enhance service security.
4) In order to comply with applicable laws The Company provides data to investigative or public authorities by the due process of law to comply with legal obligations during the operation of service. - Public authorities: to disclose data by the due process of law for the purpose of abiding by the law and protecting rights; - Investigative authorities: to provide data upon request in accordance with procedures defined by applicable law. |
|
5. How long does Pearl Abyss store personal information, and how is it deleted? |
|
|
1. Personal Information Retention and Deletion Period The Company maintains and uses personal information for as long as a user’s account remains active. In principle, once the purpose for which the personal information was collected and used has been fulfilled (e.g.,x. upon ona user’s request for termination, or at the conclusion of a participatory event), the relevant information will be promptly deleted. Personal information is stored by the Company for a designated period before deletion in the following circumstances: ① Retention according to other (termination) policies of the Company ② Retention mandated by law
2) Personal Information Deletion Method
|
1) Personal Information Retention and Deletion Period In principle, once the purpose for which the personal information was collected and used has been fulfilled (e.g., upon a user’s request for termination, or at the conclusion of a participatory event), the Company promptly deletes the relevant information. However, personal information is stored by the Company for a designated period before deletion in the following circumstances: ① Retention according to internal Company policies - To minimize damages caused by identity theft, such as unintended account termination or unauthorized payments, the user’s personal information will be stored for 7 days after requesting account termination; - To prevent abusive and unauthorized use by malicious users, ban records will be stored. ② Retention mandated by law - When retention of personal information is required under relevant legislations of each country
2) Personal Information Deletion Method The Company destroys personal information printed on paper (e.g., printouts, written documents) by shredding or incineration, and information saved in the form of an electronic format is permanently deleted using irreversible methods. |
|
6. How does Pearl Abyss transfer personal information overseas? |
|
|
User data may be processed by Pearl Abyss and its affiliates or subsidiaries located around the world and may be transmitted to or stored in the cloud service region or IDC of the Company. Users can always reach Support or the personnel or department in charge of personal information and request discontinuance of overseas transfers of personal information. However, if personal information is not provided to an overseas company per request, the user may experience some limitations when using our official website or game services.
* Notice for users residing in the European Economic Area (EEA) The Company is employing adequate security measures in order to protect personal information of users residing in the European Economic Area (EEA). Please refer to ‘6. How does Pearl Abyss protect personal information?’ for details on how the data is being protected. The Republic of Korea and the EU have adopted the Personal Information Protection Adequacy Decision for the transfer of personal information to the Republic of Korea in accordance with the GDPR. Personal information can be safely transferred from the EU to the Republic of Korea without the need for additional authentication under the Adequacy Decision. The Personal Information Protection Act in the Republic of Korea guarantees equal protection of personal information as the GDPR of the EU. When transferring personal information to partners and other service providers, the Company enters into contracts with such vendors based on the European Commission’s Standard Contractual Clauses when transferring such information to said companies outside EEA to ensure the personal information is transferred with adequate protection.
* Notice for users residing in Japan Where the third parties are located: Republic of Korea, USA Policies and information on privacy security of said countries: CBPR Membership Information on privacy security measures of said third parties: The Company provides personal information to MS Azure and AWS, which implement adequate and necessary security measures and follow all 8 OECD Privacy Principles. |
User data may be processed by Pearl Abyss and its affiliates, subsidiaries, or partners located around the world and may be transmitted to or stored in the cloud service region or IDC of the Company. Users can always reach Support or the personnel or department in charge of personal information and request discontinuance of overseas transfers of personal information. However, if personal information is no longer transferred, the user may experience some limitations when using our official website or game services. 1) Notice for users residing in the European Economic Area (EEA) The Company complies with requirements from GDPR and is employing the following measures to safely transfer data of users residing in the European Economic Area (EEA): - Implementation of adequate safety measures: implementation of adequate technological and management measures to protect users’ personal information (refer to ‘7. How does Pearl Abyss protect personal information?’ for details) - Transfer in accordance with the Adequacy Decision: safe data transfer without the need for additional authentication under the Adequacy Decision between the Republic of Korean and EU that ensures equal protection. - Implementation of Standard Contractual Clauses (SCCs): EU Standard Contractual Clauses ensure adequate protection when transferring data to non-EEA countries that are not under the Adequacy Decision.
2) Notice for users residing in Japan - The Company provides the following information regarding data transfer to countries outside Japan in accordance with the Act on the Protection of Personal Information (APPI): - Countries of transfer: Republic of Korea, USA - Policies on privacy security of said countries: members of APEC Cross-Border Privacy Rules (CBPR) that has an international-level privacy security system (implemented) |
|
7. How does Pearl Abyss protect personal information? |
|
|
The Company uses the following technological, management, and physical measures to prevent data loss, theft, breach, alteration, and destruction of personal information of users.
1) Technological Measures - The Company encrypts personal information specified within relevant laws and regulations, as well as additional information, when stored. - Files and data transfers containing important information (including personal information) are protected by encryption, file locks, or other such security measures. - The Company monitors the users’ personal information at all times to prevent leaks or destruction. The Company also regularly backs up personal data, and utilizes anti-virus programs, firewalls, and other various security devices to protect personal information from hacking or viruses. - The Company implements necessary security measures for its systematically organized database system to process personal information.
2) Management Measures - The Company keeps access rights to personal information to a minimum. - The Company carries out a training program about privacy protection on a regular basis for personnel and consigned companies handling personal information. - The Company has established and manages the Privacy Policy with the department in charge of privacy protection. Additionally, the Company aims to enforce internal regulations and execute regular checkups in order to rectify issues as soon as they are discovered.
3) Physical Security Measures - The Company has a separate location where personal information is physically stored. Entry to this location is monitored with an established entry protocol. - Documents and other forms of information storage containing personal information are stored in lockable facilities in safe locations |
The Company uses the following technological, management, and physical security measures to prevent data loss, theft, breach, alteration, and destruction of personal information of users. Nevertheless, in cases of unforeseen incidents, the Company will faithfully take necessary measures, including reporting to relevant authorities in accordance with applicable laws and cooperating with investigations.
1) Technological Measures - Data encryption: files and data transfer encyptions in accordance with applicable laws and internal regulations - Limited access: file locks and security measures implemented on personal information processing database system to prevent unauthorized access - Defensive measures: all-time monitoring and operation of security devices (anti-virus programs, firewalls, etc.) to prevent leaks or destruction from hacking or viruses - Data restoration: regular personal information backup to prepare for unforseen incidents (damage, loss, etc.)
2) Management Measures - Limited access: access rights to personal information limited to a minimum - Security training program: training program about privacy protection on a regular basis for personnel and consigned companies handling personal information - Designated department in operation: the department in charge of privacy protection has established and manages the Privacy Policy - Internal checkups and audits: regular checkups on internal regulations to rectify issues as soon as they are discovered
3) Physical Security Measures - Physical access restriction: physically separated location for physically stored personal information system, entry monitoring under established entry protocol |
|
8. What personal information is automatically collected? |
|
|
What are cookies, and why are they used? Cookies are temporary files stored in the user’s computer, containing data created when accessing websites. The Company uses “cookies” to track users’ language and verification information, store user setting information to provide personalized services, and create a more user-friendly website environment. Additionally, the Company uses cookies to collect overall statistics about the websites’ users to analyze tendencies, manage the website, and to understand how our websites are used. ① How to block PC web browser cookies from being saved Chrome: Go to [⋮] at the top-right of the browser → [New Incognito window] (Shortcut: Ctrl+Shift+N)
2) What is weblog analysis?
|
1)Definition and usage of cookies Cookies are temporary files stored in the user’s computer, containing data created when accessing websites. The Company uses “cookies” to track users’ language settings and verification information, store user setting information to provide personalized services, and create a more user-friendly website environment. Additionally, the Company uses cookies to collect overall statistics about the websites’ users to analyze tendencies, manage the website, and to understand how our websites are used. ① How to block PC web browser cookies from being saved Chrome: Go to [⋮] at the top-right of the browser → [New Incognito window] (Shortcut: Ctrl+Shift+N)
2) Information on weblog analysis service The Company uses Google Analytics as the external weblog analyzing tool to analyze the preferences and interests of the users. To block Google Analytics, please refer to the following page:
The Company analyzes users’ online behavioral data based on advertising IDs to provide tailored services and benefits (including advertisements) that suit each user’s needs. The Company is partnered with the following companies to collect and process behavioral data through the following methods: ① Online advertisers providing targeted advertisement: Google, Meta (Facebook), X (Twitter)
|
|
9. What rights and choices do users have pertaining to their personal information? |
|
|
Users are entitled to the right to view, edit, delete, restrict processing, or withdraw consent for their personal information, and the Company protects the rights of the users. Users may always query or modify their personal information in Settings > Account. Users may always delete their account in Settings > Account > Delete Account. If personal information is deleted due to account withdrawal, related information generated or accumulated during service use may also be deleted. Users can contact Customer Support or the department in charge of privacy protection to view, edit, delete, restrict processing, or withdraw consent on their personal information. The Company may deny requests for deleting or restricting the processing of personal information under circumstances specified by law.
1) Privacy rights of users residing in the European Economic Area (EEA) Users residing in the European Economic Area (EEA) have the following additional rights relating to personal information, but their effectiveness and procedures may be determined in accordance with the laws of individual countries. ① The right to contact the supervisory authority
2) Privacy rights of users residing in California Under the California Consumer Privacy Act (CCPA), users residing in California have the right to request the following information from the Company. ① A list of personal information disclosed to any third party for direct marketing purposes within the last 12 months. ② Information that identifies any such third party(ies) The Company does not sell personal information for direct marketing purposes. For policies regarding the usage of personal information for other marketing purposes, please refer to Section 2. 4) “The Company processes necessary data to convey targeted advertisements and marketing information.”. |
Users are entitled to the right to view, edit, delete, restrict processing, withdraw consent, or refuse processing based on legitimate interest for their personal information, and the Company protects the rights of the users. Users can contact Customer Support or the department in charge of privacy protection to exercise their rights. The Company may deny user requests to exercise their rights on their personal information under circumstances specified by law.
1) How to exercise user rights - Query or modify their personal information in Settings > Account in the game - Delete their accounts in Settings > Account > Delete Account - Submit an inquiry to Support or the department in charge of privacy protection ※ The Company may deny user requests to exercise their rights (deletion, process restriction, etc.) under circumstances specified by law.
2) Privacy rights of users residing in the European Economic Area (EEA) Users residing in the European Economic Area (EEA) have the following additional rights relating to personal information, but their effectiveness and procedures may be determined in accordance with the laws of individual countries. - The right to contact the supervisory authority
3) Privacy rights of users residing in California Under the California Consumer Privacy Act (CCPA), users residing in California have the right to request the following information from the Company. - A list of personal information disclosed to any third party for direct marketing purposes within the last 12 months - Information that identifies any such third party(ies) The Company does not sell personal information for direct marketing purposes. For policies regarding the processing and use of personal information for other marketing purposes, please refer to Section 3. 4) “To deliver targeted advertisements and marketing information.” |
|
10. Is there an age restriction for using the service? |
|
|
1) Account registration |
1) Account registration The Company does not knowingly collect or solicit personal information from users defined as "Children" under the applicable privacy laws of their country of residence, nor does it permit them to use its services. For the purposes of this policy, "Children" refers to users:
Children must not submit their personal information to the Company. If the Company learns that it has collected personal information from a Child, it will take prompt steps to delete such data. Please ensure that Children do not provide their personal information to the Company. If you become aware that the Company has collected or retains the personal information of a Child, please notify the Company immediately.
2) Game Play
|
|
11. How do you contact Pearl Abyss? |
|
|
If any questions about personal information protection or have issues related to personal information should arise, please send an inquiry through Customer Support, and the Company will answer it as soon as possible.
Department in charge of personal information
Company and agency in charge of personal information protection in Europe
VeraSafe Czech Republic s.r.o
VeraSafe Netherlands BV
VeraSafe Ireland Ltd. |
If any questions about personal information protection should arise, please contact the department in charge of personal information. The Company will provide prompt and sincere guidance.
Department in charge of personal information
1) Company Information in charge of personal information protection in Europe If you are residing in Europe, you may inquire about your personal information through the following contact information. Company in charge of personal information protection: Pearl Abyss Corp. Address: 48 Gwacheon-daero 2-gil, Gwacheon-si, Gyeonggi-do, 13824, Rep. of Korea Email: dpo@pearlabyss.com
2) Agency information in Europe VeraSafe has been appointed as PEARL ABYSS's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to dpo@pearlabyss.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031
VeraSafe Czech Republic s.r.o Rohanské nábřeží 678/23 Prague 8, 18600 Czech Republic
Keizersgracht 555 1017 DR Amsterdam Netherlands Unit 3D North Point House North Point Business Park New Mallow Road Cork T23AT2P Ireland
|
|
Addendum |
|
|
This policy shall enter into force starting August 19, 2025. |
This policy shall enter into force starting March 31, 2026. |
※ Details are subject to change.
Thank you.