0.2.0-Privacy Policy-ENG

Effective Date: [9] [25], 2023

 

Privacy Policy

 

Overthehand Inc. (the “Company”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. To that end, we have prepared this Privacy Policy to explain how we may collect, use, and share your information. We encourage you to review this Privacy Policy carefully, as it can help you make informed decisions when you visit and/or use our Services. If you are below 18 years of age (or the age of majority applicable in your jurisdiction of residence), have your parent or legal guardian review this document.

 

 

We review our Privacy Policy regularly to ensure that it reflects any changes to our operation, privacy practices, and/or Services, as well as changes to laws and regulations applicable in jurisdictions where we are conducting business (“Applicable Laws”). And we may amend this Privacy Policy at any time and without prior notice by posting the amended version, along with the updated “Effective Date” on this page. You hereby acknowledge and agree that by doing so, we have provided you with sufficient notice of the amendment. If we make a revision that materially changes our privacy practices, we will make reasonable efforts to notify you in a timely manner.

 

 

You also hereby acknowledge and agree that your continued use of our Services shall constitute your acceptance of our current Privacy Policy and any future amendments thereto. If you disagree with the current or the subsequent, amended Privacy Policy, you must discontinue your access and/or use of the Services. This Privacy Policy and any future amendments thereto supplement, and form part of, our Terms of Service, as amended, supplemented, or modified from time to time. Accordingly, capitalized terms used, but not defined in this Privacy Policy, have the meanings set out in the Terms of Service.

 

 

  1. Information We May Collect About You

 

By the term “personal data,” we refer to information that relates to an identified or identifiable individual. Your email address, internet protocol (IP) address, or other pieces of information from which you can be directly or indirectly identified are typically considered personal data. And we may collect your personal data in three ways: a) information you provide to us directly; b) information we collect automatically during your use of the Services; and c) information we collect from third parties.

 

a) Information collected directly from you:

 

  • Account data: we may collect information that you provide when you set up an account, e.g., email address, phone number, and password.

  • Communication data: we may collect information that you share about yourself when you contact us via email, chat, website form, etc., whether for a support inquiry, feedback, or any other purpose.

  • Survey data: we may collect information about you if you choose to participate in a survey, contest, promotion, marketing campaign, etc.

 

In order to animate your avatar, we may access your device’s camera and use technologies that track your facial expression. However, we do not collect, store, or record any images from your device’s camera or any facial-tracking data. Any images from your device’s camera or facial-tracking data are used at run-time only for purposes of animating your avatars.

 

b) Information collected automatically during your use of the Services:

 

  • Usage data: we may collect information about how you engage or otherwise interact with the Services, including information about the duration and frequency of your use, the content you view, the actions you take, etc.

  • Content data: we may collect the content you create using the Services, including your customized avatar.

  • Technical data: we may collect certain device and network information during your access and use of the Services, e.g., device model, operating system, IP address, system language, web browser, referring site, etc. We also may collect diagnostic, performance-related information such as crash reports and performance logs. 

 

Note that we, our service providers, and/or business partners may use cookies and other similar technologies such as flash cookies and web beacons to collect the information above.

 

c) Information collected from third parties

 

We may receive information about you from third parties, e.g., when another user shares information about you in a support inquiry, feedback, etc.

 

 

  1. Children’s Privacy

 

The Services are not intended for people under the age of 13 or the minimum age applicable in your jurisdiction of residence, and we do not knowingly collect personal data of anyone younger than the specified minimum age. If you know of any individual under the specified minimum age creating an account or otherwise using the Services, please contact us at cs@overthehand.com so that we can take appropriate actions to prevent their access to the Services and remove their personal data from our records as soon as possible.

 

 

  1. How We May Use Your Information

 

We may use your personal data for the following purposes:

 

  • To provide you with services that you’ve requested

  • To analyze how you interact with the Services

  • To maintain and improve the content and functionality of the Services

  • To provide you with personalized content when you use the Services

  • To develop new products and services

  • To provide you with customer support and respond to your inquiries, feedback, or questions

  • To diagnose and fix technical issues in the Services

  • To send you marketing and promotional communications 

  • To promote the Services via marketing campaigns

  • To send administrative information regarding the Services, e.g., changes to the Terms and other policies

  • To enforce the Terms and other policies

  • To detect and prevent abuse, fraud, and illegal activities on the Services

  • To comply with our legal and regulatory obligations

  • To defend our rights and interests in court and administrative proceedings

 

We will not use your personal data for purposes that are materially different, unrelated, or incompatible with those listed above in the absence of a prior notice. 

 

 

  1. How We May Share Your Information

 

We will not share your personal data with third parties except (a) to those described in this Privacy Policy; (b) to the extent that we are required to do so under Applicable Laws; (c) if we have a duty to disclose; (d) if our legitimate business interests requiring disclosure; (e) to the extent the disclosure is consistent with the Terms and/or other agreements with you; or (f) at your request or with your consent.

 

Without limiting the generality of the foregoing, we may share your personal data with the following third parties as part of processing your personal data for the purposes described in Article 2 above:

 

Service providers, business partners, and professional advisors. We may share your personal data with those third parties who have been contracted to help us meet our business operations needs such as facial-expression tracking service, web hosting services, email newsletter services, customer support services, etc.  They will access, process, and/or store your personal data in accordance with our instructions, and we take commercially reasonable steps to ensure that they acknowledge the confidentiality of your personal data, undertake to respect your privacy rights, and comply with all relevant privacy and data protection laws.

 

Government agencies, authorities, or third parties when required or permitted by law. We may share your personal data with law enforcement, regulators, courts, government authorities, or third parties if we have a good-faith belief that such disclosure is reasonably necessary to meet any Applicable Laws, legal processes, or enforceable governmental requests; to detect, prevent, report, or otherwise address fraud, illegal activity, or security or technical issues; or to protect against harm to the rights, property, or safety of us, our users, or another party as required or permitted by law. 

 

Other parties in corporate transactions. In the event of a corporate transaction involving the sale of some or all of our assets (e.g., merger, acquisition, reorganization, asset sale, bankruptcy, dissolution), personal data could be included in the transferred assets. If such a transaction occurs, we will use reasonable means to notify you, either through email and/or a prominent notice on the Services.

 

Other users and the public. We may publish your avatars and/or User Content on our marketing campaigns to promote the Services. And when you use your avatar outside the Services in accordance with the Terms, your avatar and/or User Content will likely be available for viewing by the public as well.

 

 

  1. International Transfer

 

By accessing and using the Services, you hereby understand and agree that your personal data may be stored and processed in South Korea or any other country in which we or any of our service providers, business partners, and professional advisors maintain facilities. You hereby consent to the international transfer of your personal data to jurisdictions that may not provide equivalent levels of data protection as your jurisdiction of residence. 

 

 

  1. Data Security

 

You hereby understand and agree that you use the Services at your own risk. We have implemented reasonable measures, including administrative, technical, and physical safeguards, to protect your personal data from unauthorized access, disclosure, alteration, or destruction. Yet no measure is completely secure, and we cannot guarantee that unauthorized access to, or loss, misuse, or alteration of your personal data will not occur. 

 

Furthermore, please note that you also play an important role in protecting your own personal data. When creating an account with us, we encourage you to choose a password of sufficient length and complexity, to not reveal this password to any third party, and to contact us immediately if you become aware or have a reason to believe that your personal data are no longer secure. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Services or third-party services.

 

 

  1. Data Retention Period

 

We may retain your personal data for as long as is necessary to satisfy the purposes set out in this Privacy Policy. When we determine that your personal data are no longer necessary to achieve the purpose for which the data were collected or otherwise processed, we will securely destroy the records or remove any details that will identify you. Please note that if you decide to close your account, we may still need to maintain your personal data when retention of the data is necessary to comply with our legal, regulatory, accounting, or tax reporting obligations, or to establish, exercise, or defend against legal claims. 

 

  1. Choices Regarding Your Information

 

Account data and closure. You can access and edit some of your account data by signing into your account. And if you no longer want to use the Services, you can close the account. As stated in Article 7, however, we may retain your personal data after the closure if such retention is necessary to comply with legal or other obligations, or to establish, exercise, or defend against legal claims.

 

Promotional communication. You can opt out of marketing, promotional, or advertising emails by using the “unsubscribe” link in the emails. Please note that even if you opt out of marketing communications, you may still receive other communications, e.g., emails about the security of your account, emails regarding updates to the Terms, this Privacy Policy, or other policies, etc.

 

 

Cookies. We, our service providers, or business partners may use cookies and other similar technologies to collect your personal data. You can set your browser to remove or reject browser cookies before accessing and/or using the Services. Please note, however, that certain features of the Services may not function properly without the aid of cookies.

 

 

  1. Links to Third-Party Websites

 

The Services may display links to third-party websites, applications, or plug-ins. If you follow such links, please note that those third parties may collect or share your personal data and have their own privacy policies. We do not control those third parties or your privacy settings on their services, and you hereby acknowledge and agree that we shall not have any responsibility or liability in connection with your visits to those third-party websites, applications, or plug-ins via links displayed on the Services. By providing these links, we do not imply that we endorse or have reviewed these sites. Please contact the third-party services directly for information on their privacy practices and policies.

 

 

 

10.  How to Contact Us

 

If you have any questions or concerns regarding our privacy practices, or if you need assistance or want to exercise your rights as a data subject, please contact us at cs@overthehand.com. Please note that we may need to verify your identity before we proceed with your request in order to protect your privacy and security.

 

 

11. Global Policy

 

This Privacy Policy is global in scope yet is not intended to override any legal rights or prohibitions in any jurisdiction where such rights or prohibitions prevail. In such event, the rights and obligations set out in this Privacy Policy will apply, subject only to amendment under any applicable local laws or regulations having precedence.

 

The original version of this document is written in Korean, and this document is an English translation of the original version for reference purposes only. In the event of a conflict between the original Korean version and the English version, the original Korean version shall prevail.

 

 

 

Supplemental Terms for Users in South Korea

 

If you are using the Services in South Korea, the following additional terms apply. In the event of any inconsistency between these Supplemental Terms and the provisions in the main body of the Privacy Policy, the following Supplemental Terms shall prevail.

 

a. Children’s Privacy. In South Korea, the Services are not intended for people under the age of 14, and we do not knowingly collect personal data of anyone younger than the specified minimum age.

 

b. Notice Regarding Amendment. Should the Company make amendments to the Privacy Policy, we will provide you with notice of the amended Terms, alongside the current Privacy Policy, indicating the effective date and reason for the changes. We will provide notification from 7 days before the amended Privacy Policy takes effect until the day prior to the new effective date. However, if the change is material, we will announce it 30 days ahead of the new effective date, and individually notify you of such significant changes via email or other means. If you do not express your intention to reject the amendment within 7 or 30 days, you will be regarded as having consented to the amendment.

 

c. Data Retention. We will retain records on your visit to our Services for three months pursuant to the Protection of Communications Secrets Act.

 

d. Your Rights as a Data Subject. You have the right to:

  • To access personal data we hold about you

  • To rectify any inaccurate data held about you or request the deletion of your personal data

  • To request suspension of our processing of your personal data.

 

e. Delegation of Personal Data.

 

f. Data Protection Officer. If you have any inquires regarding this Priacy Policy or our privacy practices, or if you want to exercise your rights as a data subject, please contact the following representative: [name], [cs@overthehand.com], [+82 (0)2-336-4564].

 

 

 

[아래는 추후 GDPR 관련 부가 조항 추가 시 시작점으로 사용할 수 있는 문서입니다.]

Supplemental Terms for Users in the EEA, UK, and Switzerland

 

a. Data Controller. Overthehand Inc., a company registered at B1, 71, Yanghwa-ro 7-gil, Mapo-gu, Seoul, Republic of Korea (registration no. 110111-7908647), is the data controller for personal data collected in connection with provision of our Services in Europe. 

 

b. Legal Bases for Processing Your Personal Data. We may use your information only when we have a legal basis to do so, and we may use different legal bases depending on the specific purposes of processing the data. In general, we may process your personal data (a) where processing is necessary to perform, or enter into, any contracts (including but not limited to our Terms of Service) with you; (b) based on our legal obligations; (c) based on our legitimate interests to the extent they are not overridden by your interests or fundamental rights and freedoms; (d) based on your consent; and/or (e) for protection of vital interests (ours, yours, or those of another party).

 

[purpose-data type-legal bases mapping]

 

If our legal basis for processing your personal data is your consent, you can withdraw your consent anytime. Please note, however, that withdrawing your consent does not affect the lawfulness of any processing we conducted prior to your withdrawal or the lawfulness of any processing we conduct based on legal grounds other than consent. 

 

c.  International Transfer. If we transfer your information outside of the EEA, the UK, or Switzerland, we may rely on the European Commission’s (EC) or other relevant authorities’ adequacy decisions which determine that a country offers an adequate level of data protection and personal data can flow to that country without any further safeguard being necessary. If you reside in Europe and we transfer your personal data to a country that has not been determined by the EC to provide an adequate level of data protection, we may implement appropriate safeguards such as Standard Contractual Clauses recognized by the EC.

 

d.  Your Rights as a Data Subject. You have the right to:

 

  • Right to be informed. At the time we obtain your personal data, we shall provide you with information about what data we collect from and about you, how we use your personal data, with whom we share your personal data, how long we retain your data, what rights you have with respect to your data, etc.

 

  • Right of access. You may request a confirmation that we process your personal data and what information we hold about you, and a copy of that information unless such provision adversely affects the rights and freedoms of others.

 

  • Right to rectification. You may request we rectify inaccurate or incomplete personal data concerning you. You also may rectify some of your data by editing information in your account. 

 

  • Right to erasure. You may request we delete your personal data if they are no longer necessary to achieve the original purpose for which they were initially collected or processed, are not subject to any retention requirements under applicable laws or regulations, and are not necessary for the establishment, exercise, or defense of legal claims.

 

  • Right to restriction of processing. You may request we restrict the processing of your personal data under certain circumstances, e.g., when you contest the accuracy of the information we hold about you. We may continue to process your personal data if it is necessary for the establishment, exercise, or defense of legal claims or for any other exceptions permitted by Applicable Laws.

 

  • Right to data portability. You may request we provide you or another data controller with a copy of the personal data you provided to us in a structured, commonly used, and machine-readable format unless such provision adversely affects the rights and freedoms of others.

 

  • Right to object. You may request we stop processing your personal data being processed based on our legitimate interests. We will cease processing your personal data unless the processing is based on compelling legitimate grounds or is needed for exercise or defense of legal claims. Where we use your personal data for direct marketing communication, you can always object and opt out of future marketing communications at any time using the “unsubscribe” link in the footer of our promotional emails.

 

  • Rights related to automated decision-making, including profiling. We may engage in automated decision-making that affects your ability to access the Services or otherwise has a significant effect on you. You have a right not to be subject to such automated decision-making unless we can demonstrate that it is necessary for entering into, or the performance of, a contract between you and us. Even if such decision-making is necessary, you have rights to contest the automated decision about you, express your point of view, and require a human review of the decision.

 

  • Right to withdraw consent. To the extent the processing of your personal data is based on your consent, you may withdraw your consent at any time. Please note that withdrawing the consent does not affect the lawfulness of our processing prior to your withdrawal.

 

  • Right to lodge a complaint with a data protection authority. You may have the right to file a complaint directly with a local data protection authority if you believe that the personal data are processed in a way that violates your rights and legitimate interests stipulated by applicable legislations.

 

Please contact us at [cs@overthehand.com] if you want to exercise the rights above. 

 

e. EU and UK Representatives: To the extent that the European Union (EU) General Data Protection Regulation (GDPR) applies, we have chosen the following entity as our EU representative: [company name], [mail address]. If  you are within the European Economic Area (EEA), you can contact this representative by writing to the address above.

 

To the extent that the United Kingdom (UK) GDPR applies, we have chosen the following entity as our UK representative: [company name], [mail address]. If you are within the UK, you can contact the UK representative by writing to the address above.