HomeAboutRankingEventGameShop
  • English
  • Japanese
  • Chinese

Privacy Policy

Article 1. Purpose

1.1. This Privacy Policy outlines how Lighters Company Co., Ltd (hereinafter the "Company") manages, protects, and uses personal information collected from members using the Kooky service (hereinafter the "Service").

1.2. The Company complies with applicable laws, including the Act on Promotion of Information and Communication Network Utilization and Information Protection.

1.3. This policy clearly states how personal information is used, processed, and protected.

1.4. This policy is always accessible on the Service interface.

Article 2. Items and Methods of Collecting Personal Information

2.1. Personal Information Collected
Users automatically consent to personal information collection upon registration. Optional information will be collected only if users voluntarily provide it.

  • Required Items: Email account, password (encrypted), email verification code (temporarily stored), authentication status, profile name, service version, OS and OS version, device model name, terminal unique ID, language, Time Zone.
  • Optional Items: Purchase history, country/region, gender, name, phone numbers in address book, profile picture (including metadata), status messages, purchased items/products, location data.

2.2. Methods of Collection

  • (a) Membership registration, inquiries, event applications, and delivery requests.
  • (b) Automatic collection during service usage (usage records, logs, IP addresses, payment records, and cookies).

2.3. Location Data

  • Precise location data is accessed temporarily (not stored) when using the "Kooky Map" feature.

Article 3. Purpose of Collection and Use of Personal Information

The company uses collected personal information for:

3.1. Providing service and content delivery.

3.2. Member management:

  • Prevention of unauthorized usage, confirming duplicate registrations, handling complaints, notifications, and dispute resolution.

3.3. Marketing and analytics:

  • New service development, customized service recommendations, statistical analysis, marketing information, and participation opportunities.

Article 4. Sharing and Provision of Collected Personal Information

4.1. The company uses members' personal information strictly within the scope stated in Article 3 and does not disclose it externally without prior consent, except in the following cases:

  • (a) With users' explicit prior consent.
  • (b) Upon lawful request by judicial or investigative authorities under applicable laws. In such cases, the company strictly follows legal procedures, providing only minimal required data.

4.2. Personal information may be shared with third parties only when members explicitly consent. In such cases, the information is held only for the duration consented to or as required by applicable law, after which it is destroyed immediately.

  • Customer registration/management: Until membership termination.
  • Consumer complaint/dispute records: 3 years. Payment/supply
  • transaction records: 5 years.
  • Advertisement records: 6 months.
  • User access logs: 1 year.

Article 5. Consignment of Personal Information

5.1. Outsourced Data Handling
To improve service efficiency, the company entrusts personal information processing to specialized external companies. To ensure safe management, contracts strictly stipulate confidentiality obligations, prohibition of third-party use, and accident liability.

5.2. Entrusted Companies and Processing Details

  • Amazon Web Services: Cloud server management (no direct access to personal data).
  • Amplitude, Google Analytics: Usage analysis (no personally identifiable information collected).

5.3. Delegation of Payment Processing
The company entrusts payment processing to external payment processors as follows and does not directly store or handle sensitive payment information (e.g., card numbers, CVV):

  • Mobile Payments (App Store, Google Play Store): Only payment receipt IDs and purchase details provided by platforms are stored for delivering paid assets (Loovy). Sensitive payment information (e.g., credit card details) is processed in accordance with Apple's and Google's payment policies and is not collected or stored by the company.
  • Website Payments (Stripe, Xendit): Payments for Loovy, digital goods, tickets, merchandise, etc., are processed by Stripe and Xendit. The company stores only payment receipt IDs and purchase details. Sensitive payment information (credit card numbers, CVVs) is securely handled according to the policies of Stripe (https://stripe.com/privacy) and Xendit (https://www.xendit.co/terms-and-conditions) and is not stored by the company.

5.4. Payment Protection and Liability

  • The company is not liable for issues outside of its control (e.g., payment gateway downtime, delays, or failures).
  • Users must report payment issues via hello@kooky.io. The company will respond within one business day (max 48 hours); requests received on weekends/holidays are processed on the next business day.

Article 6. Retention and Use Period of Personal Information

6.1. Users must personally request account deletion through the service interface. Email-based requests without verification cannot be processed.

6.2. Upon account deletion, personal information is permanently deleted, except as specified below:

  • Fraudulent activity records: stored for 1 year.
  • Encrypted email addresses: stored for 1 year after deletion.
  • Device IDs and phone numbers: encrypted, stored for 6 months (to prevent duplicate registrations).

6.3. Additional legally mandated retention periods:

  • Contracts/payment records: 5 years.
  • Consumer complaints/disputes: 3 years.
  • Advertising records: 6 months.
  • Transaction and financial records: 5 years.
  • Service visit logs: 3 months.

6.4. Children Under 14:

  • Company does not collect age information; responsibility for compliance rests with users/legal guardians.
  • Accounts identified as belonging to users under 14 without guardian consent may be suspended.
  • Company is not liable for minor usage without parental consent.

Article 7. Procedures and Methods for Destroying Personal Information

7.1. Personal information is promptly destroyed once retention periods expire or the purpose is fulfilled.

7.2. Destruction procedure:

  • Data used for registration is destroyed immediately after fulfilling the purpose.

7.3. Destruction methods:

  • Printed data: shredded or incinerated.
  • Electronic data: irrecoverably deleted.

Article 8. Members' Rights and Their Exercise

8.1. Right to Access, Modify, and Delete Personal Information

  • Members (or their legal representatives) may request access, modification, or deletion of their personal information.
  • Requests for deletion of personal information can be made directly via the "Profile/My Profile" menu within the Service.
  • If a request is made via email, additional identity verification may be required.

8.2. Account Deletion and Restriction Measures

  • The Company may restrict, suspend, or delete accounts that violate applicable laws or the Company's operational policies.
  • Deleted accounts cannot be recovered, and the deleted information will not be used for other purposes.

8.3. Correction of Personal Information and Notification to Third Parties

  • If a member requests a correction of their personal information, and if such information has been shared with third parties, the Company will notify those third parties and make corrections where applicable.

8.4. Exercising Rights Through an Authorized Representative

  • If a member is unable to exercise their rights personally, they may authorize a legal representative or agent to act on their behalf.
  • To process such requests, the Company requires official documentation, such as a power of attorney and identity verification documents.

Article 9. Technical and Managerial Measures for Personal Information Protection

9.1. Technical measures:
Data backups, antivirus software, encrypted communications, firewalls, intrusion prevention.

9.2. Managerial measures:
Limited staff access, regular privacy training, and a designated Personal Information Protection Officer (CEO).

Article 10. Use of Cookies and User Options

10.1. The company uses cookies (small text files sent to and stored in user devices) to provide faster and more personalized services.

10.2. Purpose of cookies:

  • Strictly Necessary Cookies: Essential for login and secure services. Blocking these may restrict service access.
  • Functional Cookies: Store user preferences for personalized user experience.
  • Analytics Cookies: Used anonymously via Google Analytics and Amplitude to analyze service use. No personally identifiable information (PII) is collected, thus separate consent for these analytics cookies is not required.

10.3. User rights concerning cookies:

  • Users can refuse cookie storage through browser settings. Blocking necessary cookies may limit service functionality.

10.4. Cookie settings (by browser):

  • Chrome: [Settings] → [Privacy and Security] → [Site Settings] → [Cookies and Site Data]
  • Safari: [Preferences] → [Privacy]
  • Microsoft Edge: [Settings] → [Site Permissions] → [Cookies and Site Data]

Article 11. Linked Websites

The company may provide links to external websites or content. Such sites are not governed by this Privacy Policy, and users should review privacy policies of those websites separately.

Article 12. Personal Information Protection Officer

The company appoints a Personal Information Protection Officer to handle inquiries and complaints about privacy matters.

  • Officer: Hami Kim, CEO
  • Email: hami@kooky.io
  • Customer Service Team: hello@kooky.io

12.1. Working Hours

  • Weekdays: 10:00 AM – 7:00 PM (Lunch: 12:30 PM – 1:30 PM)
  • Closed: Weekends and public holidays

12.2. Other reporting agencies for privacy infringements:

  • Personal Information Infringement Report Center (privacy.kisa.or.kr, Tel: 118)
  • Cyber Investigation Division, Supreme Prosecutors' Office (www.spo.go.kr, Tel: +82-2-3480-2000)
  • National Police Agency Cyber Safety Bureau (www.cyber.go.kr, Tel: 182)

Article 13. Amendments to Privacy Policy

13.1. When amending this policy, the company will announce the changes via service notices or app push notifications.

  • Significant amendments affecting user rights: Notified at least 7 days in advance.
  • Critical amendments: Notified at least 30 days in advance.
  • Minor or new-user-only amendments: Effective immediately without prior notice.

13.2. Users not objecting by the effective date are deemed to consent.

13.3. Additional data collection or third-party sharing will require separate explicit consent.

13.4. Effective date and amendment history

  • Effective date: October 20, 2020
  • Amendments:
    • May 20, 2023: Added Loovy and Stripe/Xendit payment details
    • October 15, 2024: Added precise location feature
    • March 14, 2025: Added email verification-related policies

Contact

hello@kooky.io

Operation Hours

9AM - 6PM (Monday to Friday, excluding public holidays)

Address

#A-603, Media Complex (floor 6), 14, Sejong-daero, Jung-gu, Seoul, Republic of Korea
Lighters Company Co.,LTD.| Representative: Hami Kim
Terms and Conditions|Privacy Policy
COPYRIGHT © Lighters Company Co.,LTD. ALL RIGHT RESERVED.