Breathings (hereinafter referred to as 'Company' or 'Breathings') has established and published the following guidelines for handling personal information in order to protect the personal information of the data subjects and handle the related complaints quickly and smoothly in accordance with the Personal Information Protection Act.
Article 1 Purpose of processing personal information
The company processes personal information for the following purposes. The personal information processed shall not be used for purposes other than the followings, and if the purpose of use changes, we will take necessary measures such as obtaining separate consent subject to Article 18 of the Personal Information Protection Act.
1. Membership registration and management
Personal information will be processed for the purposes of confirming the intention to subscribe as a member, identification and authentication according to the provision of membership services, maintenance and management of membership, prevention of illegal or improper use of services, and various notifications and notices.
2. Service provision
We will process personal information for the purpose of providing services, content, and customer services.
3. Grievance handling
Personal information will be processed for the purpose of confirming the identity of the complainant, confirming the complaints, contacting and notifying for fact-finding, and notifying the results of processing.
4. The fulfillment of the claim-obligation relationship when such relationship remains due to service use and supply of goods, etc.
5. Re-subscription and exclusion of illegal or improper use
6. Restriction to subscription of illegal users and the person who has used the service improper way
Article 2 Processing and retention period of personal information
① The company shall process and retain personal information within the retention period and use of personal information in accordance with laws and regulations or within the period of retention and use of personal information agreed upon when collecting personal information from the data subjects. .
② Each personal information processing and retention period will be as follows.
1. Membership subscription and management, grievance handling: Immediately after membership withdrawal
However, in the case of any of the following reasons, it shall be until the end of the reason
A. If an investigation or investigation in violation of related laws is in progress, it will be until the end of the investigation or examination
B. Until settlement of the claim-obligation relationship related to service use
2. Providing lung capacity measurement, breathing exercise service, recording service, etc.: to be deleted without delay after membership withdrawn
3. Fulfillment and payment for the provision of goods or services: Until the completion of supply of goods and services, payment of fees, and settlement
However, in the events of any of the following reasons or based on relevant laws and regulations;
until the end of the period
A. Records on transactions such as marks, advertisements and contents of the contracts and execution thereof subject to the 「Act On The Consumer Protection in Electronic Commerce, etc.」
-Records related to marks and advertisement: 6 months
-Records related to cancellation of contracts or subscription, payment for and supply of goods, etc: 5 years
-Records related to resolution of consumer complaints or dispute : 3 years
B. Storage of communication confirmation data pursuant to Article 41 of the 「Enforcement
Decree of the Protection of Communication Secrets Act」
-Subscribers’ telecommunication date and time, start/end time, other party's subscriber number, frequency of use, The data on tracing a location of information communications apparatus: 1 year
-Computer communication, Internet log record data, the data on tracing a location of connectors: 3 months
4. Re-subscription verification and exclusion of illegal or improper use: Up to 60 days from the date of
membership withdrawal or disqualification
5. Restriction on subscription of illegal or improper users: 1 year from the date of the cheating ends
Article 3 Provision of personal information to a third party
The company shall process the user's personal information within the scope notified in 'Article 1 Purpose and Items of Personal Information Processing', and will not use it beyond the scope of consent or provide it to a third party, in principle.
However, personal information may be provided to a third party in the following events.
1. In the case of processing and providing in a form that cannot identify a specific individual for
statistical writing, academic research or market research
2. When users agree in advance
3. When there is a request from an investigative agency in accordance with the provisions of laws or
in accordance with the procedures and methods specified in the laws for investigation purposes
Article 4 Consignment processing of personal information
① The company may entrust and process personal information processing to provide improved
services. In the case of consignment , the following information shall be notified to the
② When signing a consignment contract, the Company shall provide a contract with matters related
to liabilities such as prohibition of processing of personal information other than the purpose of
performing consignment purpose in accordance with article 26 of Personal Information Protection Act, technical managerial safeguards, restrictions on re-
consignment, management and supervision of the consignee, compensation for damages, etc.
, and supervise whether the consignee prosesses personal information safely.
③ If the contents of the consignment or the consignee change, we will disclose it through
Article 5 Overseas transfer of personal information
The Company is transferring personal information to overseas to provide users with the stability of service and the latest technology, and personal information acquired or created from users is to be transferred
to store in the database owned by Google Cloud Platform (hereinafter referred to as 'GCP') and
Amazon Web Service (hereinafter referred to as 'AWS ') (physical storage location: USA).
GCP and AWS only perform physical management of the server and cannot access the user's
Items to be transferred
The country to which the personal information is transferred,
Transferring date and method
Retention and usage period
Google Cloud Platform
Records of service use or collected personal information
Transferring via network at the time of service usage
Retention period of personal data concerned
Amazon Web Service
Records of service use or collected personal information
Transferring via network at the time of service usage
Retention period of personal data concerned
Article 6 Rights and duties of users and methods of exercise
① The user can exercise the right to the company at any time, such as requesting access to, correction, deletion, and suspension of processing of personal information.
② The rights pursuant to Paragraph 1 may be exercised in writing or via e-mail according to the
relevant laws and regulations, and the company will take actions without delay.
③ The rights pursuant to Paragraph 1 can be exercised through the agents such as legal
representative of the data subjects or through a person who has been delegated. In this case,
you must submit a power of attorney in accordance with the form of Attachment 11 of the Enforcement
Regulations of the Personal Information Protection Act.
④ The rights of the data subjects for requests to view and suspend personal information may
be restricted according to related laws (Paragraph 4 of Article 35, Paragraph 2 of Article 37 of Personal
Information Protection Act, etc.)
⑤ Requests for correction and deletion of personal information shall not be demanded if the personal
information is specified as the object of collection in accordance with other relevant laws.
⑥ The company shall verify whether the person who makes the request for reading, correction and deletion, processing suspension is the person himself or the legal representative.
Article 7 Personal information items to be processed
The company processes the following personal information items.
1. When subscribing as a member
A. Common: Name, date of birth, gender, CI, mobile phone number
B. When signing up for email
C. When signing up with a Google account
Google Linked ID, Google Token
D. When signing up with a Facebook account
Facebook Linked ID, Facebook Token
E. When signing up with an Apple account
Apple ID, Apple Token
F. When signing up with a Kakao account
Kakao Linked ID, Kakao Token
F. When signing up with a Naver account
Naver linked ID, Naver token
G. When signing up with a LINE account
Line Linked ID, Line token
H. When signing up with a WeChat account
WeChat Linked ID, WeChat token
2. When using the service
Records about nationality, gender, date of birth, height, age, weight, and measurement values of lung capacity, pulmonary muscle strength, and pulmonary endurance, etc. records about lung capacity-related exercise
3. Data automatically generated when using the service
Service usage record, OS information, hardware information
4. Settlement and debt collection
Name, date of birth, gender, mobile phone number, credit card information (card number, expiration date, date of birth, first two digits of password, business registration number only for corporate cards)
5. Re-subscription verification and exclusion of illegal use, restrictions on subscription of illegal or improper users
Article 8 (Separated storage of personal information of long-term non-use members)
① In accordance with the relevant laws and regulations, the personal information of dormant
members who do not have service use records for more than one year shall be separated and stored
in a separate storage device that cannot be accessed.
② The company shall notify to the dormant user that their personal information is to be separately
sorted and stored by 30 days before the dormancy conversion and the dormancy date, by either of
an email or a text message.
③ Separately stored personal information shall be destroyed at the maturity of one year’s storage
period, and before the elapse of a year period, the member can change the dormant state to the
Article 9 Destruction of personal information
① The company shall destroy personal information without delay when unnecessary, such as the expiration of the personal information retention period or achievement of the processing purpose.
② Notwithstanding the retention period of personal information agreed by the user has elapsed or the purpose of processing has been achieved, if personal information must be kept in accordance with other laws and regulations, it may be transferred to a separate database (DB) or the storage location to store may be changed.
③ The procedure and method of destroying personal information are as follows.
1. Destruction procedure
The company selects the personal information for which the reason to destroy has occurred, and destroys the personal information with the approval of the company's personal information protection manager.
2. Destruction method
The company will use a technical method that cannot reproduce the recorded personal information in the form of electronic files. Personal information recorded and stored in paper documents will be shredded to destroy.
Article 10 Measures to ensure the safety of personal information
① The company takes the following technical, administrative, and physical measures to ensure safety so that personal information is not lost, stolen, divulged, , altered or damaged in processing user's personal information..
Methods to take actions
- Establishment and implementation of internal management plans of personal information
- Minimization and education of designated staff in charge of personal information
- Management of new and resigned employees
- Limited access to personal information
- Password encryption
- Storing of connection records and prevention of forgery and alteration
- Countermeasures to cope with hacking
② The company is not responsible for any errors caused by users' personal mistakes or basic Internet risks. Individual members must properly manage their ID and password and take responsibility for this in order to protect their personal information.
Article 11 Personal Information Protection Officer
① The company designates the officer and a handling staff who are generally responsible for personal information protection and for handling users’ complaints and damage remedy related to personal information processing.
Personal Information Officer
Name: Lee, In-pyo
Personal information Handling Staff
Name: Song, Chang-ho
Affiliation: Product development
② Users can inquire the person in charge of personal information protection and the department in charge about all kinds of inquiries, complaint handling, damage relief related to personal information protection etc. that occurred while using the company's services. The company will respond to process users' inquiries without delay.
Article 12 Review request of personal information
The company shall protect and value users' personal information, and users have the rights to receive faithful answers as always. The company operates a customer center for smooth communication with users, and the contact information is as below.
-Customer Center: 02-6085-1105
-E. mail: firstname.lastname@example.org
Article 13 Remedy for infringement on rights and interests
If the rights and interests of personal information are infringed on, you can contact the Personal Information Infringement Report Center, Supreme Prosecutors' Office Cyber Investigation Division, and National Police Agency Cyber Security Bureau, etc.
-Personal Information Infringement Report Center / privacy.kisa.or.kr / 118 without prefix
-Supreme Prosecutors' Office Cyber Investigation Division / www.spo.go.kr / 1301 without prefix
-Cyber Security Bureau of the National Police Agency / police.go.kr / 182 without prefix
Article 14 Compliance with GDPR
① The company complies with the European Union General Data Protection Regulation and the laws of each member state. When providing services to users in the European Union, the followings may be applied.
1. The company shall use the collected personal information only for the purposes stipulated in Article 1, and inform the user in advance and seek for consent. In addition, in accordance with applicable laws such as GDPR, the company may process users' personal information corresponding to any of the following cases.
A. data subject's consent
B. For the conclusion and execution of a contract with the data subject
C. For compliance with legal obligations
D. When processing is necessary for the material interest of the data subject
E. In pursuit of legitimate interests of the company (except when the interests, rights, or freedoms of the data subject are more important than those of the company)
② The company carefully protects the personal information of users. In accordance with applicable laws such as the GDPR, users may request that their personal information be transferred to another manager, and may request refusal to process their data. In addition, users have the right to file a complaint with the privacy authority.
③ The company may use personal information to provide marketing such as events and advertisements, and seeks for user’s consent in advance. Users can withdraw their consent at any time if they do not want to.
④ If you contact us in writing, phone or e-mail through the customer center, we will take actions without delay.
⑤ If you request correction of errors in personal information, we will not use or provide the personal information concerned to others until the correction is completed.
-2020. 09. 01. ~ 2021. 02. 25.. Applied (click)