1. What information does PEARL ABYSS collect, and how is it collected?

 

PEARL ABYSS CORP. together with its affiliates and subsidiaries (collectively, “PEARL ABYSS” or “we”), provides game services for PC, console, and mobile, as well as related website services (the “Services”). To operate and improve the Services, we may store and process your personal information and, in certain situations, share it. We take your privacy seriously and work hard to keep the personal information you provide to use the Services safe.

 

Through this Privacy Policy, we explain how and why we use the personal information you provide, and the steps we take to protect it.

This Privacy Policy may be updated if laws or regulations change, or if our internal policies are revised. We are committed to complying with applicable laws and regulations. If we make changes, we will post a notice on our website so you can easily review the updates.
We also provide this Privacy Policy in multiple languages. Please review the version written in the language of your region.

 

 

1. What information does PEARL ABYSS collect, and how is it collected?

We collect personal information when you sign up, use the Services, generate content, update your account, contact us by phone or fax, get help from customer support, enter events or promotions, or when our partners share information with us as permitted by law.

 

1.1 Information you provide

(a) When you create a PEARL ABYSS account:

Email address, password, name, region, date of birth

 

(b) When you play on PlayStation or Xbox:

Account identifier

(c) When we provide additional Services:
My Page: nickname
Customer Support: email address, account identifier, name, mobile phone number, date of birth, address, information generated automatically, device identifiers, and other details needed to handle your inquiry
Event/Promotion entries: name, mobile phone number, address, date of birth, email address, and any other information required by the event or promotion
Prize delivery: name, address, mobile phone number, email address
Pre-registration and related updates: email address, mobile phone number
Notices and other communications: email address, mobile phone number
Tax reporting and processing: a unique identification number and other information required under the tax laws of each relevant country

 

1.2 Information collected during Service use

The following information may be collected automatically while you use the Services:
(a) IP address, web usage logs, game activity, fraud/abuse logs, payment history, cookies
(b) Device information (e.g., MAC address)
(c) When using the Black Desert Plus app: mobile device details (device model, OS information, advertising ID, etc.)

 

 

2. Why does PEARL ABYSS collect personal information?

We collect and use personal information for the purposes below.

 

2.1 To provide the Services
We process the data needed to perform our contract with you and run the Services, including to:
(a) let you create an account and use the Services
(b) operate the Services
(c) provide our products and Services
(d) share Service-related information
(e) process billing and payments for paid features
(f) comply with applicable laws

2.2 To offer a better, more relevant experience
We collect and process data to make the Services work better for you, including to:
(a) improve the Services
(b) update profiles and enhance features
(c) set up and manage registered accounts
(d) deliver updates
(e) remember your preferences and deliver content
(f) handle questions and complaints and provide support
(g) send notices such as changes to terms, Service outages, support updates, security alerts, and other important messages
(h) run events and promotions
(i) ship prizes for events and promotions
(j) manage newsletter subscriptions

 

2.3 To keep the Services safe and fair。
We collect and process data as needed to:
(a) prevent and restrict fraud, abuse, and unauthorized use
(b) provide Services that protect your information
(c) enable smooth gameplay across multiple devices
(d) find bugs and errors and fix issues
(e) analyze data to handle and resolve disputes

 

2.4 To deliver personalized ads and marketing
We process data to:
(a) track the content you access related to your Service use and online activity
(b) personalize ads and send targeted marketing and promotional offers
(c) provide customized Services, including content and features that better match your interests

 

2.5 To analyze data in de-identified form
We may convert the data we collect into a form that does not identify you and use it for analysis and classification.

 

3. Does PEARL ABYSS share personal information with third parties?
We share personal information only when you have agreed in advance, when it’s necessary to provide the Services, or when we must comply with law. We follow the appropriate legal process in doing so.

 

3.1 With your prior consent

Before collecting from or sharing with a third party, we explain who will receive your information, what will be shared, and why, and then obtain your consent.

 

3.2 When it’s necessary to provide the Services

(a) Other users and the public

If you post on our website forums, your posts are visible to other users or the public.
If you use public in-game chat, your messages are visible to other users.
If you violate our terms or policies, or if you are selected as an event participant or winner, certain gameplay information about you may be disclosed on in-game pages, our website, or official community notices.

 

(b) Business partners and vendors

We may share personal information with the following partners to operate the Services:
Payment processors: to process payments and share the results of those transactions
Cloud platform providers: to host the Services and store/process data in cloud environments
Event agencies: to manage tickets and run online/offline events
Marketing agencies: to deliver Services and offers tailored to your interests
Other partners: to detect and prevent fraud/abuse, respond to customer inquiries, and otherwise support the operation of the game Services

 

3.3 To comply with law

(a) Public authorities and law enforcement
 We may disclose data to public authorities when required to comply with law or to protect PEARL ABYSS, our employees, or the rights, property, or safety of others, following due process.
 We may provide data to investigative agencies when legally required or when a lawful request is made for an investigation under applicable procedures.

4. How long does PEARL ABYSS retain personal information and when is it deleted?

4.1 Retention and deletion periods

We keep personal information while your account remains active. As a rule, we delete it without undue delay once the purpose of collection and use has been fulfilled (for example, when you request account deletion or when an event’s stated retention period ends). In the cases below, we retain data for a limited period and delete it after that period expires:

 

(a) Under our internal retention/deletion policies

To prevent harm from identity theft (e.g., unauthorized account deletion or payment fraud), we retain key account data for 15 days after an account deletion request.
To prevent fraud, abuse, and unauthorized use by malicious users, we retain enforcement/sanction records.
To prevent duplicate item grants after re-registration, we retain account identifiers (Xbox, PlayStation) and records of package, Pearl Box, and DLC item grants.

 

(b) As required by law

We retain personal information when, and to the extent, required under the laws of each applicable country.

 

4.2 How we delete personal information

Paper records (printouts, hard copies) are destroyed by shredding or incineration. Electronic records are permanently erased using technical methods that make recovery impossible.

 

5. What steps does PEARL ABYSS take when transferring personal information outside your country?
Your data may be processed by PEARL ABYSS CORP. and its affiliates or subsidiaries around the world. It may also be transferred to or stored in the cloud regions or data centers (IDCs) we use.
You may contact Customer Support or our privacy officer and related team at any time to ask us to stop cross-border transfers of your personal information. Please note that if, per your request, we do not provide your information to overseas service providers, you may be unable to use some or all features of our website or game Services.

 

 

5.1 For users in the European Economic Area (EEA)

(a) We apply appropriate safeguards to protect the personal data of EEA residents. For more on our protections, see “6. How does PEARL ABYSS protect personal information?”
(b) The EU and the Republic of Korea have adopted a GDPR adequacy decision for transfers to Korea. This allows personal data to be transferred safely from the EU to Korea without additional certification or mechanisms.
(c) Korea’s Personal Information Protection Act provides a level of protection essentially equivalent to the EU GDPR.
(d) When your personal data is transferred to our partners or service providers outside the EEA, we enter into contracts that incorporate the EU Standard Contractual Clauses so that such transfers occur with appropriate safeguards.

 

5.2 For users in Japan

(a) The third parties to which personal information is transferred are located in the United States of America and the Republic of Korea.
(b) Both the United States of America and the Republic of Korea participate in the Global Cross-Border Privacy Rules (CBPR) System and maintain privacy protections consistent with the CBPR framework.
(c) Safeguards at third parties: Our entrusted providers are Microsoft Azure and AWS. They apply appropriate and necessary security controls and comply with all eight OECD Privacy Principles.

 

 6. How does PEARL ABYSS protect personal information?
We use technical, administrative, and physical measures to help ensure your information is not lost, stolen, leaked, altered, or destroyed.

 

6.1 Technical measures
(a) Beyond items specified by law, we encrypt additional categories of personal information.
(b) We protect important data that contains personal information by encrypting files and transmissions or using file-locking and similar security features.
(c) We continuously monitor to guard against hacking and malware. We also back up personal information regularly and use a range of security tools, such as anti-virus solutions and firewalls.
(d) We apply required security controls to our structured database systems that handle personal information.

 

6.2 Administrative measures
(a) We limit access to personal information to the minimum number of authorized personnel.
(b) We provide regular privacy and security training to employees and entrusted processors.
(c) A dedicated team manages our privacy program and policies. We conduct regular internal compliance checks and take immediate corrective action when issues are found.

 

 6.3 Physical measures
(a) We maintain separate, controlled facilities for systems that store personal information and operate access-control procedures for those locations.
(b) Documents and removable media that contain personal information are kept in locked, secure locations.

 

7. What information is collected automatically?

7.1 What are cookies and why do we use them?

Cookies are small files saved on your device when you visit a website. We use cookies to remember your language and sign-in details, store settings to deliver a more personalized experience, and make the site easier to use. We also use cookies to analyze usage trends, manage the website, and compile statistics about how visitors use our site.

 

(a) How to block cookie collection in desktop browsers
Chrome: Click the menu ⁝ (top right) → New Incognito Window (shortcut: Ctrl+Shift+N)
Edge: Click the menu … (top right) → New InPrivate window (shortcut: Ctrl+Shift+N)
(b) How to block cookie collection in mobile browsers
Chrome (mobile): Tap the menu ⁝ (top right) → New incognito tab
Safari (iOS): Settings → Safari → Advanced → Block All Cookies
Samsung Internet: Tap the Tabs icon (bottom) → Turn on Secret mode → Start

 

7.2 What is web analytics?

We use Google Analytics to understand users’ preferences and interests on our website.
Opt out of Google Analytics: https://tools.google.com/dlpage/gaoptout/

 

7.3 What is personalized advertising?
We provide personalized ads by analyzing your Service usage patterns and access logs based on advertising identifiers. The online ad partners we allow to process your behavioral information and how they collect it are:

(a) Online ad partners: Google, Meta (Facebook), X (Twitter)
(b) How behavioral information is collected: Automatically when you visit our website or launch our apps
(c) How to limit collection/use of your advertising ID:
Android: Settings → Google → Ads → Delete advertising ID (Learn more in device settings)
iOS: Settings → Privacy → Tracking → Allow Apps to Request to Track (Off)

 

8. What rights and choices do users have regarding personal information?

You have the right to view, correct, delete, restrict processing of, and withdraw consent to the use of your personal information, and we respect and support these rights.
You can view or edit your information at any time under My Page > View Account Info.
You can delete your account under My Page > Delete Account. Deleting your account may also delete related information that was created or stored while you used the Services.
You may also request access, correction, deletion, restriction, or withdrawal of consent through Customer Support or our privacy inquiries team.
We may refuse a request to delete or restrict processing if we are required by law to retain certain information.

 

 8.1 Rights of residents of the European Economic Area (EEA)
EEA residents have additional rights regarding their personal information, which may vary by country.
(a) The right to contact a supervisory authority.

8.2 Rights of California residents
Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), California residents may request that we provide:
(a) A list of personal information disclosed to third parties for direct marketing purposes during the 12 months preceding the request date
(b) The identities of the third parties that received such information

 

We do NOT sell personal information for direct marketing purposes. For other marketing-related uses of personal information, see “2.4 To deliver personalized ads and marketing.”

9. Is there an age requirement to use the Services?
9.1 Website Services
We do not knowingly collect or solicit personal information from, target interest-based advertising to, or knowingly allow use of our Services by users who are considered children under the laws of their country/region (e.g., under 13 in the U.S./Canada, under 18 in Europe, under 17 in Japan) (each, a “Child User”).

(a) Child Users must not send personal information to us. If we learn that we have collected personal information from a Child User, we will delete it as quickly as practicable.
(b) If you believe we might have information from or about a Child User, please contact us immediately.

 

9.2 Game Services
(a) We limit access to our game Services based on the age ratings authorized in each service territory.

 
10. How can I contact PEARL ABYSS?
If you have questions about privacy or need help resolving a privacy issue, contacting Customer Support is the fastest way to get assistance.

Privacy Complaints Handling Department: Information Security Division

Email: privacy@pearlabyss.com

 

1) EU Data Protection Officer (DPO) and EU Representative — Contact

If you reside in the European region, you may also contact:
DPO: The Office of the Data Protection Officer
Address: 48 Gwacheon-daero 2-gil, Gwacheon-si, Gyeonggi-do, 13824, Rep. of Korea
Email: dpo@pearlabyss.com

 

EU Representative — Contact
VeraSafe has been appointed as PEARL ABYSS's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to dpo@pearlabyss.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031

VeraSafe Czech Republic s.r.o Klimentská 46 Prague 1, 11002 Czech Republic

VeraSafe Netherlands BV Keizersgracht 555 1017 DR Amsterdam Netherlands

VeraSafe Ireland Ltd. Unit 3D North Point House North Point Business Park New Mallow Road Cork T23AT2P Ireland

 

Addendum
This Privacy Policy takes effect on September 16th, 2025.