CALIVERSE VR Privacy Policy
In an aim to protect the freedom and rights of data subjects, CALIVERSE (hereinafter "the Company") processes and manages personal information in a lawful and secure manner in compliance with Personal Information Protection Act and related laws and regulations. The following Privacy Policy provisions established and disclosed by the Company pursuant to Article 30 of the Personal Information Protection Act informs data subjects of the procedures and basis of processing personal information and promotes an efficient and effective processing of related complaints.
Article 1. Purpose of Processing, Collecting items, and Retention and Usage period of Personal Information
① The company shall collect personal information in the minimum necessary scope to provide its services in accordance with Personal information protection act.
② The company provides the CALIVERSE VR application and related network services to VR platform operators(including Meta, Apple, and Google). For this purpose, the company processes the following categories of personal data without requiring the separate consent of the data subject.
Article 15. 1. 4 of
Personal Information Protection Act
(Fulfillment of agreement)
Digital Rights Management (‘DRM’)
Applying DRM to content
Meta User ID, Device Identifier
within 1 year from the date of use
Article 15. 1. 2 of
Personal Information Protection Act
(Regulated by law)
Article 6 of
Act of the consumer protection in electronic commerce. etc.
(Preservation, etc. of transaction records)
Customer counseling
Consultation, responding to inquiries
E-mail, Inquiry Details
3 years
③ Notwithstanding the provisions of Article 1, the personal information may be processed until the end of an ongoing investigation of violation of applicable law, the settlement of claim and obligation based on the usage of homepage, or when required by other applicable laws.
Article 2. Destruction of Personal Information
① The Company will immediately destroy the personal information that is no longer needed, such as when the retention period has expired or the purpose of collecting the personal information is achieved.
② If the retention period as the data subject agreed has expired or the purpose of processing has been achieved but the personal information should be retained in accordance with other laws and regulations, The Company transfers such personal information to a separate database (DB) or a different storage location.
③ The procedures and methods for destroying personal information are as follows:
(1) Destruction procedure
The Company selects the personal information for which the cause for destruction has occurred and destroys the personal information with the approval of the personal information protection manager of The Company.
(2) Destruction method
The Company destroys information in the form of electronic files so that restoration is not possible, and destroys personal information recorded and saved in paper documents by shredding or incinerating them.
Article 3. Consignment of Personal Information Processing
For smooth service provision, the Company consigns the following processing of personal information:
NAVER Cloud Corp.
Issuance of DRM licenses
Onionfive Inc.
Provision of customer counseling software
Sending emails of customer counseling results
1. If you refuse to receive bulk emails in the process or do not utilize customer inquiry, personal information will not be entrusted to each subcontractor according to the consigned tasks.
2. When the Company enters into an consignment contract related to processing of personal information, it specifies matters related to the prohibition of personal information processing beyond the purpose of consignment according to Article 26 of the Personal Information Protection Act, technical and administrative protective measures, restrictions on re-consignment, management and supervision of subcontractors, liability for damages, etc., in documents such as contracts, and monitors whether consignees are handling personal information securely.
3. If the content of the consigned tasks or the consignee changes, the Company will promptly inform the members of the changed content through this Privacy Policy.
Article 4. Rights and Obligations of Data Subjects & Methods of Exercising Such Rights
① Data subjects may exercise the rights to demand access to, correction and deletion of, and suspension of processing of their personal information at any time against The Company.
② The exercise of the rights under Article 6. 1 shall be made in writing, by email or fax, or other means to The Company in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and The Company shall take necessary measures without delay.
③ The exercise of the rights under Article 6. 1 may also be made by the data subject’s legal representative or agent who has been delegated. In this case, a power of attorney in accordance with the form of Appendix 11 to the "Guidelines for the Processing of Personal Information" (No. 2023-12) must be submitted.
④ The right to demand access to and suspension of processing of personal information may be restricted under Article 35(4) and Article 37(2) of the Personal Information Protection Act.
⑤ The right to demand correction and deletion of personal information cannot be exercised if the personal information is specified to be collected by relevant laws and regulations.
⑥ The Company shall verify whether the person who demands access to, correction and deletion of, and suspension of processing of personal information under a data subject’s rights is the data subject or a his/her authorized representative.
Article 5. Measures for Ensuring the Protection of Personal Information
The Company takes the following measures to ensure the protection of personal information:
(1) administrative measures: establishment and implementation of internal management plans, operation of dedicated organizations, and regular employee training;
(2) Technical measures: management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation and update of security programs; and
(3) Physical measures: access control to computer rooms, data storage rooms, etc.
Article 6. Installation, Operation, and Refusal of Devices That Automatically Collect Personal Information
① The Company uses "cookies" that help store and retrieve member’s visit information in order to provide personalized services to its members.
② A cookie is a small amount of information sent from a server (http) that operates a website to a member's browser and may be stored on a member's hard disk in the PC.
(1) Purpose of using cookies: To provide members with optimized information by understanding the services that members visited, the patterns of using and visiting websites, popular search terms, and secure login status, client installation, etc.
(2) Installation, operation, and refusal of cookies: Members can refuse to store cookies through the option settings in the tool> internet options> privacy menu located at the top of their web browser.
(3) If a member refuses to store cookies, there may be difficulties in using the service of The Company.
Article 7. Link to the Websites of Other Companies
The Company may provide members with a link to external websites. The Company does not control such linked external websites and thus does not guarantee nor can be held responsible for the completeness and usefulness of services or information provided by the external websites. Please see the privacy policy offered by the external websites.
Article 8. Personal Information Protection Manager
① The Company has designated the following Personal Information Protection Manager who takes responsibility for the overall management of personal information and handles complaints and remedies related to the processing of personal information:
(1) Personal Information Protection Manager
- Name: Hong Ji-hoon
- Position: Head of Business Development Office
- Tel: +82 2 514 5007
- Fax: +82 2 514 5006
(The above numbers lead to the team in charge of personal information protection.)
(2) Team in charge of personal information protection
- Team name: Service Policy Team
- Tel: +82 2 514 5007
- Fax: +82 2 514 5006
② Data subjects can contact the Personal Information Protection Manager or relevant team for all inquiries, complaints, and remedies related to personal information protection that may arise while using CALIVERSE services. The Company will respond to and handle the inquiries made by data subjects without delay.
Article 9. Request for Access to Personal Information
Data subjects may request access to their personal information under Article 35 of the Personal Information Protection Act by contacting the following team. The Company will make every effort to process the request promptly.
▸ Team in charge of requests for access to personal information
- Team name: Service Policy Team
- Tel: +82 2 514 5007
- Fax: +82 2 514 5006
- E-mail: privacy@caliverse.io
Article 10. Remedies for Infringement of Data Subject’s Rights and Interests
① Data subjects may seek dispute resolution or advice on personal information infringement from the Korea Internet & Security Agency's Personal Information Infringement Report Center, the Korea Communications Commission's Personal Information Dispute Mediation Committee, or other organizations. If you need to report or consult about other personal information infringements, please contact the following organizations:
(1) Personal Information Dispute Mediation Committee: (without an area code) 1833-6972 (www.kopico.go.kr);
(2) Personal Information Infringement Report Center: (without an area code) 118 (privacy.kisa.or.kr);
(3) Supreme Prosecutors' Office: (without an area code) 1301 (www.spo.go.kr); and
(4) National Police Agency: (without an area code) 182 (ecrm.cyber.go.kr).
② The Company acknowledges a data subject’s right to determine his/her own personal information and makes every effort to provide advice and remedies for personal information infringement. If you need to report or consult about personal information infringements, please contact the following team:
▸ For requesting advice and reporting related to personal information protection
- Team name: Service Policy Team
- Tel: +82 2 514 5007
- Fax: +82 2 514 5006
- E-mail: privacy@caliverse.io
③ Any person whose rights or interests are violated by any disposition or inaction of the head of a public agency with regard to a request made under the provisions of Article 35, 36 or 37 of the Personal Information Protection Act may file a petition for an administrative hearing in accordance with the Administrative Appeals Act.
▸ Central Administrative Appeals Commission: (Without an area code) 110 (www.simpan.go.kr)
Article 11. Amendment and Notification of Privacy Policy
This Privacy Policy becomes effective on the date of implementation. The Privacy Policy may be amended in accordance with changes in relevant laws, regulations and guidelines, or internal operation policy. The Company will notify of any addition, deletion, and/or modification in this Privacy Policy through ‘Notice’ at least 7 days prior to the scheduled amendment. However, if an important modification is made to the rights of members, the notification will be posted at least 30 days prior to any such modification.
Addendum
This privacy policy shall be effective on September, 10 2025.
Last updated