RN1 Co., Ltd. (hereinafter, the “Company”) complies with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and other relevant laws governing personal data protection for information and communications service providers. The Company has established this Privacy Policy to protect users’ information and rights to the fullest extent. Please review and consent to the following.
1. Categories of Collected Personal Information
2. Purpose of Collection and Use
3. Methods of Collection
4. Outsourcing of Personal Data Processing
5. Retention and Use Period
6. Procedures and Methods for Data Destruction
7. Ensuring Accuracy of User Data
8. Temporary Suspension of Service to Protect Data
9. Sharing and Provision to Third Parties
10. Measures to Ensure Confidentiality
11. User Responsibilities for Self-Protection
12. Handling of Unrecognized Use and Complaints
13. Restrictions on Data Handlers
14. Rights of Users and Legal Representatives and How to Exercise Them
15. Use of Automated Data Collection Tools and Opt-Out
16. Data Protection Officer and Contact Information
17. Notification of Policy Changes
a. At Registration
Required: Email, full name, phone number, gender, date of birth, password, profile photos (at least two), nickname, address, occupation, personality traits, interests, MBTI type, athletic ability metrics, registration date, mobile carrier, device identifiers (ADID/IDFA), IP address, DI (unique device identifier).
Optional: Invitation code, active sports crew. Additionally, for service stability, the Company may collect:
1) Cookies, access timestamps, service usage logs, records of misuse;
2) For identity verification or manual bank transfer requests: mobile carrier, bank account number;
3) For credit card payments: card issuer, card number;
4) For mobile micropayments: phone number, carrier, approval code;
5) For bank transfers: bank name, account number;
6) For friend-avoidance feature: address book entries (name and number of selected contacts).
b. During Service Use or Business Processes
IP address, timestamps, usage logs, records of misuse, device logs;
Mobile carrier;
Geolocation data during app use;
Device model, country code (MCC);
Advertising identifiers (ADID, IDFA).
c. Collection Methods
The Company collects personal data via website, mobile web/app, paper forms, fax, phone, support boards, email, event entries, joint partnerships, and automated data-collection tools.
a. Service Delivery and Billing
To fulfill service contracts, provide personalized content, authenticate users, process purchases and payments, and collect fees.
b. User Management
Identity verification, user identification, prevention of abuse and unauthorized access, limiting registration attempts, dispute resolution record-keeping, handling complaints, and sending notices.
c. New Services, Marketing, and Analytics
Development of new features and authentication services, targeted promotions, statistical analysis, advertising, event information distribution, usage frequency analysis, and service effectiveness validation.
Personal data is collected only with user consent during service sign-up or through the methods listed above to ensure service delivery.
The Company may entrust personal data processing to third parties for service improvement. In such cases:
a. Users will be notified in advance.
b. The Company will enter into contracts requiring subcontractors to comply with data-protection instructions, maintain confidentiality, prohibit third-party provision, and assume liability for breaches, retaining such agreements in writing or electronically.
[Subcontractor: NICE Information Service Co., Ltd. – Mobile identity verification on sign-up and ID recovery]
Upon achieving the purpose of collection (e.g., user withdrawal), personal data will be destroyed without delay, except as follows:
a. Internal Policy Cases
1) Misuse Records (fraudulent registrations, policy violations): Retained 3 years to prevent abuse.
2) Repeat Withdrawal/Re-registration Prevention: Retained 3 months after withdrawal (ID, password, phone, device info, real name, nickname, photos, registration/withdrawal dates, relevant logs).
3) Complaint/Inquiry Resolution: Retained until resolution (same data items as above).
b. User-Requested Retention
Data retained for periods explicitly requested or consented by the user.
c. Legal Requirements (without user consent)
Under the Consumer Protection in Electronic Commerce Act:
— Transaction records: 5 years (retain only email and phone for identification; other data destroyed within 1 month of withdrawal).
— Payment records: 5 years.
— Complaint/dispute records: 5 years (retain only email and phone for 7 days post-withdrawal; other data destroyed within 7 days).
— Site visit logs: 3 months.
— All other registration data: 1 month post-withdrawal.
d. Inactive Account Policy
If no login or activity occurs for 1 year, the Company will notify users 30 days before by email or SMS and move data to separate storage per the Information and Communications Network Act. Accounts may be reactivated upon user request and identity verification. Exceptions apply if the user requests extension, has remaining benefits, or legal retention periods exist.
a. Procedure: Data exceeding retention periods or purposeless data is moved to a secure database (or locked storage for paper) and destroyed per internal policy and legal requirements.
b. Methods: Paper documents are shredded or incinerated; electronic files are irreversibly deleted using technical methods.
If data is clearly inaccurate, the Company may request correction or destroy the erroneous data to prevent service issues.
If the Service is attacked or compromised, the Company may temporarily suspend services using personal data until the issue is fully resolved to protect user data.
Except with user consent or legal obligation, the Company will not use or share personal data beyond the stated scope. Pursuant to the Personal Information Protection Act, those handling personal data shall not:
a. Obtain or consent through fraudulent means;
b. Disclose or permit unauthorized use;
c. Damage, alter, falsify, or leak data without authority.
The Company will not disclose personal data to third parties without consent. Even with consent, data will not be re-disclosed to parties likely to misuse it. The Company will not comply with unilateral government data requests absent lawful procedures. Personal data is used only for core services; any additional collection will follow separate consent procedures.
When using PAIRPLAY in public (e.g., internet cafés), ensure no malware or hacking tools are present. The Company secures data, but is not liable for personal negligence or third-party breaches.
The Company designates a complaints handler to address unrecognized data use or other issues promptly and provide feedback to users.
Only authorized staff handle personal data, secured by unique credentials that are regularly updated. Staff receive ongoing training on this Privacy Policy.
Users or their legal representatives may access, correct, or request deletion of their data at any time via the app, website, customer center, or email. Withdrawal requests follow the Company’s prescribed form. During correction requests, data will not be used or shared until corrected. The Company will notify third parties of corrections if data was already shared. Deleted data is handled per Section 5 and cannot be used for other purposes.
The Company uses cookies to provide personalized services. Cookies are small data files sent by the server to the browser and stored on the user’s device.
a. Purpose: Enhance user convenience—no malicious use.
b. Opt-Out: Users may disable cookies in browser settings (e.g., Internet Explorer: Tools > Internet Options > Privacy). Disabling cookies may impair service functionality.
Users may direct privacy inquiries or complaints to the Data Protection Officer or the responsible department during business hours (Mon–Fri, 09:00–18:00).
Data Protection Officer
Name: Hyeong-Ho Do
Position: Director
Email: admin@rnumber1.com
For additional reporting or consultation:
– Personal Information Dispute Mediation Committee (www.118.or.kr / 118)
– Korea Internet & Security Agency (www.eprivacy.or.kr / 02-580-0533~4)
– Supreme Prosecutors’ Office Cybercrime Division (www.spo.go.kr / 02-3480-2000)
– National Police Agency Cyber Terror Response Center (www.ctrc.go.kr / 02-392-0330)
Revisions to this Privacy Policy will be announced via the in-app “Announcements” board at least 7 days prior to enforcement.
This Privacy Policy has been effective since November 15, 2022.