Privacy policy of Breathings company

Breathings (hereinafter referred to as 'Company' or 'Breathings') has established and published the following guidelines for handling personal information in order to protect the personal information of the data subjects and handle the related complaints quickly and smoothly in accordance with the Personal Information Protection Act.

Article 1 Purpose of processing personal information

The company processes personal information for the following purposes. The personal information processed shall not be used for purposes other than the followings, and if the purpose of use changes, we will take necessary measures such as obtaining separate consent subject to Article 18 of the Personal Information Protection Act.

1. Membership registration and management

Personal information will be processed for the purposes of confirming the intention to subscribe as a member, identification and authentication according to the provision of membership services, maintenance and management of membership, prevention of illegal or improper use of services, and various notifications and notices.

2. Service provision

We will process personal information for the purpose of providing services, content, and customer services.

3. Grievance handling

Personal information will be processed for the purpose of confirming the identity of the complainant, confirming the complaints, contacting and notifying for fact-finding, and notifying the results of processing.

4. The fulfillment of the claim-obligation relationship when such relationship remains due to service use and supply of goods, etc.

5. Re-subscription and exclusion of illegal or improper use

6. Restriction to subscription of illegal users and the person who has used the service improper way

Article 2 Processing and retention period of personal information

① The company shall process and retain personal information within the retention period and use of personal information in accordance with laws and regulations or within the period of retention and use of personal information agreed upon when collecting personal information from the data subjects. .

② Each personal information processing and retention period will be as follows.

1. Membership subscription and management, grievance handling: Immediately after membership withdrawal

However, in the case of any of the following reasons, it shall be until the end of the reason

A. If an investigation or investigation in violation of related laws is in progress, it will be until the end of the investigation or examination

B. Until settlement of the claim-obligation relationship related to service use

2. Providing lung capacity measurement, breathing exercise service, recording service, etc.: to be deleted without delay after membership withdrawn

3. Fulfillment and payment for the provision of goods or services: Until the completion of supply of goods and services, payment of fees, and settlement

However, in the events of any of the following reasons or based on relevant laws and regulations;

until the end of the period

A. Records on transactions such as marks, advertisements and contents of the contracts and execution thereof subject to the 「Act On The Consumer Protection in Electronic Commerce, etc.」

-Records related to marks and advertisement: 6 months

-Records related to cancellation of contracts or subscription, payment for and supply of goods, etc: 5 years

-Records related to resolution of consumer complaints or dispute : 3 years

B. Storage of communication confirmation data pursuant to Article 41 of the 「Enforcement

Decree of the Protection of Communication Secrets Act」

-Subscribers’ telecommunication date and time, start/end time, other party's subscriber number, frequency of use, The data on tracing a location of information communications apparatus: 1 year

-Computer communication, Internet log record data, the data on tracing a location of connectors: 3 months

4. Re-subscription verification and exclusion of illegal or improper use: Up to 60 days from the date of

membership withdrawal or disqualification

5. Restriction on subscription of illegal or improper users: 1 year from the date of the cheating ends

Article 3 Provision of personal information to a third party

The company shall process the user's personal information within the scope notified in 'Article 1 Purpose and Items of Personal Information Processing', and will not use it beyond the scope of consent or provide it to a third party, in principle.

However, personal information may be provided to a third party in the following events.

1. In the case of processing and providing in a form that cannot identify a specific individual for

statistical writing, academic research or market research

2. When users agree in advance

3. When there is a request from an investigative agency in accordance with the provisions of laws or

in accordance with the procedures and methods specified in the laws for investigation purposes

Article 4 Consignment processing of personal information

① The company may entrust and process personal information processing to provide improved

services. In the case of consignment , the following information shall be notified to the

user.

② When signing a consignment contract, the Company shall provide a contract with matters related

to liabilities such as prohibition of processing of personal information other than the purpose of

performing consignment purpose in accordance with article 26 of Personal Information Protection Act, technical managerial safeguards, restrictions on re-

consignment, management and supervision of the consignee, compensation for damages, etc.

, and supervise whether the consignee prosesses personal information safely.

③ If the contents of the consignment or the consignee change, we will disclose it through

this privacy policy without delay.

Article 5 Overseas transfer of personal information

The Company is transferring personal information to overseas to provide users with the stability of service and the latest technology, and personal information acquired or created from users is to be transferred

to store in the database owned by Google Cloud Platform (hereinafter referred to as 'GCP') and

Amazon Web Service (hereinafter referred to as 'AWS ') (physical storage location: USA).

GCP and AWS only perform physical management of the server and cannot access the user's

personal information.

Consignee	Items to be transferred	The country to which the personal information is transferred,	Transferring date and method	Retention and usage period
Google Cloud Platform	Records of service use or collected personal information	U.S.	Transferring via network at the time of service usage	Retention period of personal data concerned
Amazon Web Service	Records of service use or collected personal information	U.S.	Transferring via network at the time of service usage	Retention period of personal data concerned

Article 6 Rights and duties of users and methods of exercise

① The user can exercise the right to the company at any time, such as requesting access to, correction, deletion, and suspension of processing of personal information.

② The rights pursuant to Paragraph 1 may be exercised in writing or via e-mail according to the

relevant laws and regulations, and the company will take actions without delay.

③ The rights pursuant to Paragraph 1 can be exercised through the agents such as legal

representative of the data subjects or through a person who has been delegated. In this case,

you must submit a power of attorney in accordance with the form of Attachment 11 of the Enforcement

Regulations of the Personal Information Protection Act.

④ The rights of the data subjects for requests to view and suspend personal information may

be restricted according to related laws (Paragraph 4 of Article 35, Paragraph 2 of Article 37 of Personal

Information Protection Act, etc.)

⑤ Requests for correction and deletion of personal information shall not be demanded if the personal

information is specified as the object of collection in accordance with other relevant laws.

⑥ The company shall verify whether the person who makes the request for reading, correction and deletion, processing suspension is the person himself or the legal representative.

Article 7 Personal information items to be processed

The company processes the following personal information items.

1. When subscribing as a member

A. Common: Name, date of birth, gender, CI, mobile phone number

B. When signing up for email

Email, password

C. When signing up with a Google account

Google Linked ID, Google Token

D. When signing up with a Facebook account

Facebook Linked ID, Facebook Token

E. When signing up with an Apple account

Apple ID, Apple Token

F. When signing up with a Kakao account

Kakao Linked ID, Kakao Token

F. When signing up with a Naver account

Naver linked ID, Naver token

G. When signing up with a LINE account

Line Linked ID, Line token

H. When signing up with a WeChat account

WeChat Linked ID, WeChat token

2. When using the service

Records about nationality, gender, date of birth, height, age, weight, and measurement values of lung capacity, pulmonary muscle strength, and pulmonary endurance, etc. records about lung capacity-related exercise

3. Data automatically generated when using the service

Service usage record, OS information, hardware information

4. Settlement and debt collection

Name, date of birth, gender, mobile phone number, credit card information (card number, expiration date, date of birth, first two digits of password, business registration number only for corporate cards)

5. Re-subscription verification and exclusion of illegal use, restrictions on subscription of illegal or improper users

Article 8 (Separated storage of personal information of long-term non-use members)

① In accordance with the relevant laws and regulations, the personal information of dormant

members who do not have service use records for more than one year shall be separated and stored

in a separate storage device that cannot be accessed.

② The company shall notify to the dormant user that their personal information is to be separately

sorted and stored by 30 days before the dormancy conversion and the dormancy date, by either of

an email or a text message.

③ Separately stored personal information shall be destroyed at the maturity of one year’s storage

period, and before the elapse of a year period, the member can change the dormant state to the

normal state.

Article 9 Destruction of personal information

① The company shall destroy personal information without delay when unnecessary, such as the expiration of the personal information retention period or achievement of the processing purpose.

② Notwithstanding the retention period of personal information agreed by the user has elapsed or the purpose of processing has been achieved, if personal information must be kept in accordance with other laws and regulations, it may be transferred to a separate database (DB) or the storage location to store may be changed.

③ The procedure and method of destroying personal information are as follows.

1. Destruction procedure

The company selects the personal information for which the reason to destroy has occurred, and destroys the personal information with the approval of the company's personal information protection manager.

2. Destruction method

The company will use a technical method that cannot reproduce the recorded personal information in the form of electronic files. Personal information recorded and stored in paper documents will be shredded to destroy.

Article 10 Measures to ensure the safety of personal information

① The company takes the following technical, administrative, and physical measures to ensure safety so that personal information is not lost, stolen, divulged, , altered or damaged in processing user's personal information..