About this Policy
The policy on this page explains additional disclosures required by PIPA and contains information about Roblox’s service within Korea. If you are located in the Republic of Korea, the terms set out below apply to you in addition to the terms set out in our Privacy Policy above. You can also contact Roblox using the information below.
Domestic Privacy Representative
Pursuant to Article 39-11 of the PIPA and Article 32-5 of the Network Act, our domestic agent is:
Name: General Agent Co., Ltd (Representative: Eun-Mi Kim)
Address: #1216 Platinum building, 28, Saemunan-ro 5ga-gil, Jongno-gu, Seoul
Telephone number: 02-734-3156
E-mail: Roblox@generalagent.co.kr
Information about Roblox in Korea
Processing of Sensitive Information
With your consent, Roblox or one of our service providers may collect and use your biometric data. Please refer to the Roblox Biometric Privacy Notice for details regarding the processing of biometric data.Information Sharing
Delegation of Personal Information Processing
For the performance of the services detailed in this Privacy Policy, we delegate the processing of your Personal Information to various service providers. The details regarding the service providers and delegated services can be found below.
Here are examples of the services that we might rely on other companies to provide, and examples of the companies that we are likely to share information with.
- Account integrity and security services (e.g., Veriff, Persona, Arkose Labs);
- Analytics services (e.g., Google LLC);
- User acquisition services (e.g., AppsFlyer);
- Community filtering and moderation services (e.g., CommunitySift);
- Customer support services (e.g., Zendesk);
- Surveys and promotions (e.g., Reach3);
- Social media log-in services (e.g., SAP Customer Data Cloud);
- Billing and payment services (e.g., Kount, Worldpay, PayPal, Incomm, Blackhawk, Google, Apple, Amazon, Windows Store, Xbox, Xsolla)
- Hosting and content delivery services (eg, AWS, Equinix, CenturyLink, YouTube, Vimeo).
Transfer of a Personal Information to a Third Party
We provide your Personal Information to third parties as described below.
Name of Recipient |
Types of Personal Information provided |
Purpose of Use by Recipient |
Period of Retention and Use by Recipient |
The Developers of the experiences you access |
Username, display name, game metrics, location (country level), UGC transaction details, user ID, regional location (country level) | Service provision and Storage | 2 years beyond the end of user’s use of the service. Data may be retained longer if we receive a valid legal request, such as a subpoena, in connection with the data. The retention period may based on the jurisdiction of the request. |
International Transfer of Your Personal Information
Roblox Corporation transfers personal information collected from users, as set forth below. Please review the below information carefully and proceed with registration only if you agree to the overseas transfer of personal information as described below. You may refuse to consent however, if you do not consent, you will not be permitted to register an account.
Recipient (Country and Contact Information of Information Manager) |
Date and Method of Transfer | Items of Your Personal Information to be Transferred | Purposes of Use by Recipients | Period of Retention of Use by Recipient |
Roblox Corporation, United States privacy@roblox.com |
Transmitted at creation of a Roblox account and from time to time | All data collected by Roblox, as described in this policy, is stored on its servers in the US | Service provision and Storage | 2 years beyond the end of user’s use of the service |
Roblox Subprocessors and the Developers of the experiences you visit. | Transmitted at creation of a Roblox account and when you visit an experience | Items vary by recipient. Subprocessors may receive data listed | Service provision, enabling features selected by users, and enabling experiences users visit. |
Up to 2 years beyond the end of user’s use of the service
|
Your Rights
You may exercise rights related to the protection of Personal Information by requesting access to your Personal Information or the correction, deletion or suspension of processing of your Personal Information, etc. pursuant to the Personal Information Protection Act (“PIPA”). For any such request you may contact us at the contact information shown at the top of this policy. You may also exercise these rights through your legal guardian or someone who has been authorized by you to exercise such rights on your behalf. However, in this case, you must submit a power of attorney to us in accordance with the Enforcement Regulations of the PIPA. We will respond to your request within ten (10) calendar days in accordance with the PIPA. If you are the parent or legal guardian of a child, and would like to exercise rights on behalf of your child, please contact us directly.
Security Measures
We currently take the following measures to secure data safety of Personal Information, including the technical and administrative protection measures under the PIPA.
Managerial measures: Establishment and implementation of an internal management plan, regular training on Personal Information protection
Technical measures: Management of access rights to the Personal Information processing system, installation of an access control system, encryption of passwords, installation of security system, etc.
Physical measures: Restrict access to facilities storing Personal Information, such as computer rooms and document storage rooms
Data Destruction
Personal Information whose purpose of collection and use has been achieved and retention period has expired will be destroyed in an irreversible and irrecoverable way. Personal Information stored in electronic files will be deleted safely in an irreversible and irrecoverable way by using technical methods, and printed information will be destroyed by shredding or incinerating such information.
Period of Retention Period of Personal Information
In principle, we will promptly destroy your Personal Information in our possession once we achieve the purposes of collection and use of your Personal Information.
However, if any Personal Information is required to be retained under applicable law, such information will be retained for the period and purpose as prescribed by law and used only for the purposes as prescribed under such law. Examples of such retention period as required by law are the following: In case any item(s) of Personal Information is required to be retained for a period beyond the period of retention and use as prescribed by applicable law, to the extent technically possible, such information item(s) will be stored or maintained separately from
Records regarding labeling, advertisement, and transaction such as contents and performance of contract pursuant to Article 6 of the Enforcement Decree to the E-Commerce Act.
Records regarding labeling and advertisements: six (6) months
Records on execution of contracts, subscription withdrawal, payment and supply of goods, etc.: five (5) years.
Records on the handling of consumer complaints or disputes: three (3) years
Retention of communication records pursuant to Article 41 of the Enforcement Decree to the Protection of Communications Secrets Act - Computer communications, Internet login history and records that can be used to trace a location of information communications apparatus: three (3) months.
For questions, you can reach out to the Domestic Privacy Representative
Pursuant to Article 39-11 of the PIPA and Article 32-5 of the Network Act, our domestic agent is:
Name: General Agent Co., Ltd (Representative: Eun-Mi Kim)
Address: #1216 Platinum building, 28, Saemunan-ro 5ga-gil, Jongno-gu, Seoul
Telephone number: 02-734-3156
E-mail: Roblox@generalagent.co.kr