Privacy policy of Breathings company

Breathings (hereinafter referred to as 'Company' or 'Breathings') has established and published the following guidelines for handling personal information in order to protect the personal information of the data subjects and handle the related complaints quickly and smoothly in accordance with the Personal Information Protection Act.


Article 1 Purpose of processing personal information

The company processes personal information for the following purposes. The personal information processed shall not be used for purposes other than the followings, and if the purpose of use changes, we will take necessary measures such as obtaining separate consent subject to Article 18 of the Personal Information Protection Act.

1. Membership registration and management

Personal information will be processed for the purposes of confirming the intention to subscribe as a member, identification and authentication according to the provision of membership services, maintenance and management of membership, prevention of illegal or improper use of services, and various notifications and notices.

2. Service provision

 We will process personal information for the purpose of providing services, content, and customer services.

3. Grievance handling

 Personal information will be processed for the purpose of confirming the identity of the complainant, confirming the complaints, contacting and notifying for fact-finding, and notifying the results of processing.

4. The fulfillment of the claim-obligation relationship when such relationship remains due to service use and supply of goods, etc.

5. Re-subscription and exclusion of illegal or improper use

6. Restriction to subscription of illegal users and the person who has used the service improper way


Article 2 Processing and retention period of personal information

The company shall process and retain personal information within the retention period and use of personal information in accordance with laws and regulations or within the period of retention and use of personal information agreed upon when collecting personal information from the data subjects. .

Each personal information processing and retention period will be as follows.

   1. Membership subscription and management, grievance handling: Immediately after membership       withdrawal

     However, in the case of any of the following reasons, it shall be until the end of the reason

     A. If an investigation or investigation in violation of related laws is in progress, it will be until the        end of the investigation or examination

     B. Until settlement of the claim-obligation relationship related to service use

2. Providing lung capacity measurement, breathing exercise service, recording service, etc.: to be deleted without delay after membership withdrawn

3. Fulfillment and payment for the provision of goods or services: Until the completion of supply of goods and services, payment of fees, and settlement

    However, in the events of any of the following reasons or based on relevant laws and regulations;

    until the end of the period

     A. Records on transactions such as marks, advertisements and contents of the contracts and execution thereof subject to the Act On The Consumer Protection in Electronic Commerce, etc.

        -Records related to marks and advertisement: 6 months

        -Records related to cancellation of contracts or subscription, payment for and supply of goods, etc: 5 years

        -Records related to resolution of consumer complaints or dispute : 3 years

     B. Storage of communication confirmation data pursuant to Article 41 of the Enforcement

       Decree of the Protection of Communication Secrets Act

       -Subscribers’ telecommunication date and time, start/end time, other party's subscriber number, frequency of use, The data on tracing a location of information communications apparatus: 1 year

       -Computer communication, Internet log record data, the data on tracing a location of connectors: 3 months

4. Re-subscription verification and exclusion of illegal or improper use: Up to 60 days from the date of

   membership withdrawal or disqualification

5. Restriction on subscription of illegal or improper users: 1 year from the date of the cheating ends


Article 3 Provision of personal information to a third party

The company shall process the user's personal information within the scope notified in 'Article 1 Purpose and Items of Personal Information Processing', and will not use it beyond the scope of consent or provide it to a third party, in principle.

However, personal information may be provided to a third party in the following events.

1. In the case of processing and providing in a form that cannot identify a specific individual for

  statistical writing, academic research or market research

2. When users agree in advance

3. When there is a request from an investigative agency in accordance with the provisions of laws or

   in accordance with the procedures and methods specified in the laws for investigation purposes


Article 4 Consignment processing of personal information

The company may entrust and process personal information processing to provide improved

   services. In the case of consignment , the following information shall be notified to the


When signing a consignment contract, the Company shall provide a contract with matters related

   to liabilities such as prohibition of processing of personal information other than the purpose of

   performing consignment purpose in accordance with article 26 of Personal Information Protection Act, technical managerial safeguards, restrictions on re-

   consignment, management and supervision of the consignee, compensation for damages, etc.

   , and supervise whether the consignee prosesses personal information safely.

  If the contents of the consignment  or the consignee change, we will disclose it through

    this privacy policy without delay.


Article 5 Overseas transfer of personal information

The Company is transferring personal information to overseas to provide users with the stability of service and the latest technology, and personal information acquired or created from users is to be transferred

to store in the database owned by Google Cloud Platform (hereinafter referred to as 'GCP') and

Amazon Web Service (hereinafter referred to as 'AWS ') (physical storage location: USA).

GCP and AWS only perform physical management of the server and cannot access the user's

personal information.



Items to be transferred

The country to which the personal information is transferred,

Transferring date and method

Retention and usage period

Google Cloud Platform

Records of service use or collected personal information


Transferring via network at the time of service usage

Retention period of personal data concerned

Amazon Web Service

Records of service use or collected personal information


Transferring via network at the time of service usage

Retention period of personal data concerned


Article 6 Rights and duties of users and methods of exercise

The user can exercise the right to the company at any time, such as requesting access to, correction, deletion, and suspension of processing of personal information.

The rights pursuant to Paragraph 1 may be exercised in writing or via e-mail according to the

 relevant laws and regulations, and the company will take actions without delay.

The rights pursuant to Paragraph 1 can be exercised through the agents such as legal

representative of the data subjects or through a person who has been delegated. In this case,

you must submit a power of attorney in accordance with the form of Attachment 11 of the Enforcement

Regulations of the Personal Information Protection Act.

The rights of the data subjects for requests to view and suspend personal information may

be restricted according to related laws (Paragraph 4 of Article 35, Paragraph 2 of Article 37 of Personal

Information Protection Act, etc.)

Requests for correction and deletion of personal information shall not be demanded if the personal

information is specified as the object of collection in accordance with other relevant laws.

The company shall verify whether the person who makes the request for reading, correction and deletion, processing suspension is the person himself or the legal representative.


Article 7 Personal information items to be processed

The company processes the following personal information items.

1. When subscribing as a member

A. Common: Name, date of birth, gender, CI, mobile phone number

B. When signing up for email

  Email, password

C. When signing up with a Google account

Google Linked ID, Google Token

D. When signing up with a Facebook account

Facebook Linked ID, Facebook Token

E. When signing up with an Apple account

Apple ID, Apple Token

F. When signing up with a Kakao account

Kakao Linked ID, Kakao Token

F. When signing up with a Naver account

Naver linked ID, Naver token

G. When signing up with a LINE account

Line Linked ID, Line token

H. When signing up with a WeChat account

WeChat Linked ID, WeChat token

2. When using the service

Records about nationality, gender, date of birth, height, age, weight, and measurement values of lung capacity, pulmonary muscle strength, and pulmonary endurance, etc. records about lung capacity-related exercise

3. Data automatically generated when using the service

Service usage record, OS information, hardware information

4. Settlement and debt collection

Name, date of birth, gender, mobile phone number, credit card information (card number, expiration date, date of birth, first two digits of password, business registration number only for corporate cards)

5. Re-subscription verification and exclusion of illegal use, restrictions on subscription of illegal or improper users


Article 8 (Separated storage of personal information of long-term non-use members)

In accordance with the relevant laws and regulations, the personal information of dormant

members who do not have service use records for more than one year shall be separated and stored

in a separate storage device that cannot be accessed.

The company shall notify to the dormant user that their personal information is to be separately

sorted and stored by 30 days before the dormancy conversion and the dormancy date, by either of

an email or a text message.

Separately stored personal information shall be destroyed at the maturity of one year’s storage

period, and before the elapse of a year period, the member can change the dormant state to the

normal state.


Article 9 Destruction of personal information

    The company shall destroy personal information without delay when unnecessary, such as the expiration of the personal information retention period or achievement of the processing purpose.

    Notwithstanding the retention period of personal information agreed by the user has elapsed or the purpose of processing has been achieved, if personal information must be kept in accordance with other laws and regulations, it may be transferred to a separate database (DB) or the storage location to store may be changed.

    The procedure and method of destroying personal information are as follows.

1. Destruction procedure

The company selects the personal information for which the reason to destroy has occurred, and destroys the personal information with the approval of the company's personal information protection manager.

2. Destruction method

The company will use a technical method that cannot reproduce the recorded personal information in the form of electronic files. Personal information recorded and stored in paper documents will be shredded to destroy.

Article 10 Measures to ensure the safety of personal information

The company takes the following technical, administrative, and physical measures to ensure safety so that personal information is not lost, stolen, divulged, , altered or damaged in processing user's personal information..


Methods to take actions

managerial methods

-       Establishment and implementation of internal management plans of personal information

-       Minimization and education of designated staff in charge of personal information

-       Management of new and resigned  employees

Technical methods

-       Limited access to personal information

-       Password encryption

-       Storing of connection records and prevention of forgery and alteration

-       Countermeasures to cope with hacking

The company is not responsible for any errors caused by users' personal mistakes or basic Internet risks. Individual members must properly manage their ID and password and take responsibility for this in order to protect their personal information.


Article 11 Personal Information Protection Officer

The company designates the officer and a handling staff who are generally responsible for personal information protection and for handling users’ complaints and damage remedy related to personal information processing.

Personal Information Officer

Name: Lee, In-pyo

Position: CEO

Phone: 02-6085-1105



Personal information Handling Staff

Name: Song, Chang-ho

Affiliation: Product development

Position: Director


Users can inquire the person in charge of personal information protection and the department in charge about all kinds of inquiries, complaint handling, damage relief related to personal information protection etc. that occurred while using the company's services. The company will respond to  process users' inquiries without delay.


Article 12 Review request of personal information

The company shall protect and value ​​users' personal information, and users have the rights to receive faithful answers as always. The company operates a customer center for smooth communication with users, and the contact information is as below.

-Customer Center: 02-6085-1105

-E. mail:


Article 13 Remedy for infringement on rights and interests

If the rights and interests of personal information are infringed on, you can contact the Personal Information Infringement Report Center, Supreme Prosecutors' Office Cyber ​​Investigation Division, and National Police Agency Cyber ​​Security Bureau, etc.

-Personal Information Infringement Report Center / / 118 without prefix

-Supreme Prosecutors' Office Cyber ​​Investigation Division / / 1301 without prefix

-Cyber ​​Security Bureau of the National Police Agency / / 182 without prefix


Article 14 Compliance with GDPR

The company complies with the European Union General Data Protection Regulation and the laws of each member state. When providing services to users in the European Union, the followings may be applied.

1. The company shall use the collected personal information only for the purposes stipulated in Article 1, and inform the user in advance and seek for consent. In addition, in accordance with applicable laws such as GDPR, the company may process users' personal information corresponding to any of the following cases.

A. data subject's consent

B. For the conclusion and execution of a contract with the data subject

C. For compliance with legal obligations

D. When processing is necessary for the material interest of the data subject

E. In pursuit of legitimate interests of the company (except when the interests, rights, or freedoms of the data subject are more important than those of the company)

The company carefully protects the personal information of users. In accordance with applicable laws such as the GDPR, users may request that their personal information be transferred to another manager, and may request refusal to process their data. In addition, users have the right to file a complaint with the privacy authority.

The company may use personal information to provide marketing such as events and advertisements, and seeks for user’s consent in advance. Users can withdraw their consent at any time if they do not want to.

If you contact us in writing, phone or e-mail through the customer center, we will take actions without delay.

If you request correction of errors in personal information, we will not use or provide the personal information concerned to others until the correction is completed.


Article 15 Matters concerning changes to the Privacy Policy

This Privacy Policy shall be applied from 2021. 02. 26.

Previous Privacy Policy can be found below.

     -2020. 09. 01. ~ 2021. 02. 25.. Applied (click)