InBody Privacy Policy

InBody (hereinafter, “the Company”) complies with personal information protection regulations; and does its best to protect the rights of users by establishing privacy policies for its body composition analysis system, InBody, and its websites LookinBody Web, inbodyasia.com and InBody Mobile Application (collectively, “Web Services”). 

It is not mandatory for users to provide their personal information and the user has the right to withhold their consent to the collection of their personal information. However, by opting not to provide personal information, certain features may not be available to users, the user’s experience may be negatively affected, and users may not be able to receive support services from the Company. 

For the purpose of the this Privacy Policy,  the terms “personal data”, “sensitive personal data”, and “process” shall have the meaning ascribed to it in the Personal Data Protection Act 2010 of Malaysia.

InBody’s Privacy Policy covers the following matters: 

  1. Types of Personal Information Collected and Methods of Collection
  2. Collection of Personal Information and Purpose of Use
  3. Sharing and Provision of Personal Information
  4. Consigned Handling of Personal Information
  5. Retention and Usage Periods of Personal Information
  6. Procedure and Methods of Destruction of Personal Information
  7. Rights of Users and Legal Attorneys and Methods of Exercising the Rights
  8. Matters Concerning Installation/Operation of Automatic Personal Information Collecting Mechanism and Refusal Thereof
  9. Technical/Administrative Measures for Protection of Personal Information
  10. Personal Information Manager and Officers
  11.  Duty of Notification 

1. Types of Personal Information Collected and Methods of Collection

A. Types of Personal Information Collected
(I) LookinBody Web

With regards to LookinBody Web, the Company processes the following personal information of users:
Personal Information

  • Name;
  • Email address; 
  • Address and zip code; 
  • Mobile number;
  • Company name; 
  • Height;
  • Weight;
  • Age;
  • Gender; 
  • Date of birth; and
  • Other forms of personal data while rendering additional or customized services to users, which users have consented to providing to the Company.  

Sensitive Personal Information

The Company also processes sensitive personal data of users, as set out below:  

  • Body composition analysis results
  • Medical history

Users provide their explicit consent to the processing of their sensitive personal data, with the understanding that the provision of the above sensitive personal data is necessary for the Company to provide the body composition analysis service.

(II) inbodyasia.com

With regards to inbodyasia.com, the Company processes the following personal information of users:

Personal Information

  • Name;
  • Email address; 
  • Phone number; and
  • Any other personal information disclosed by users in the “Contact Us” page of inbodyasia.com.  

(III) InBody Mobile Application

With regards to the InBody Mobile Application, the Company processes the following personal information of users:

Personal Information

  • [Name;
  • Email address; 
  • Mobile number;
  • Height;
  • Weight;
  • Age;
  • Gender; and
  • Other forms of personal data while rendering additional or customized services to users, which users have consented to providing to the Company.]

Non-personally identifiable information
The Company processes the non-personally identifiable data through the Web Services below:

  • IP address;
  • Cookie;
  • Date visited;
  • Service usage log; and
  • Error log. 

B. Methods of Collecting Personal Information 

The Company collects personal information in the following ways: 

  • When users are asked to input their personal data in the course of using the body composition analysis system;
  • When users sign up for the Web Services;
  • When users contact the Company, send feedback to the Company, post material on the Web Services, complete customer surveys or participate in competitions.

C. Location of Storage

All collected personal information from European Economic Area (EEA), UK, Switzerland, Ukraine only will be stored on a server located in The Netherlands and will not be transported outside of the EEA. All personal information collected from Malaysia will be stored on servers located in Malaysia and Singapore.  

2. Collection of Personal Information and Purpose of Use 
The Company collects personal information from users for the following purposes:

A. Provision of Service
Provision of content, provision of specific customized services, delivery of goods or sending of bills, etc., identity authentication, purchasing and payment processing, collection of fees 
B. Member Management 

Identity authentication for use of membership-based services or limited identity authentication programs, personal identification, prevention of unauthorized use or abuse by members, confirmation of sign-up intent, restriction of sign-up or sign-up attempts, recordkeeping for dispute resolution, handling of complaints and delivery of notices
C. Use for Development of New Services and Marketing/Advertisements
Development of new services and provision of customized services, to communicate with users about the Company and/or products which may be of interest to users, provision of services based on user behaviours, preferences, or statistical characteristics, validation of services, provision of information on promotional events and provision of opportunity to participate, assessing access frequency, statistics on service usage by members, improvement of the Company’s services, and other marketing or advertising related purposes.

D. General Purposes
Monitoring and recording communications (such as telephone conversations and e-mail) for the purpose of improving the quality of the Company’s services, to send users newsletters when users have subscribed for the Company’s newsletter, to comply with the Company’s regulatory and corporate governance obligations, gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests, operational reasons such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information, investigating complaints and allegations of criminal offenses, providing customer service, and to give effect to the commercial transactions between the Company and the users. 

3. Sharing and Provision of Personal Information
The Company uses personal information of users within the scope notified in “2. Collection of Personal Information and Purpose of Use” does not use any personal information beyond the above-mentioned scope, or disclose any personal information of users to third parties without prior consent of the user. However, the exceptions apply under the following circumstances:

  • – the user has given prior consent to such disclosure;
  • – there is a request from an investigational agency pursuant to provisions of laws or through procedures and methods stipulated in laws for investigational purposes; 
  • – there is a request for personal information from a government; or
  • – there is a need to disclose personal information of users to the Company’s contracted third-party service providers and vendors.

The Company may also disclose personal information of users to:

  • – other Companies within the InBody group; 
  • – service providers, institutions, or commercial organizations that are collaborating with the Company; 
  • – a third party who acquires the Company or substantially all of the Company’s assets, in which case the personal data shall be one of the acquired assets; and
  • – other software providers users may request to give users access to users’ InBody device data.

4. Consigned Handling of Personal Information 
The Company may consign entry of personal information to personal information processing officers at sites where the program is used. Such officers shall receive adequate training to ensure that the personal information stored is not lost, stolen, leaked, altered, or damaged.

5. Retention and Usage Periods of Personal Information
As a general rule, personal information of users is destroyed once its purpose of collection and usage is achieved. However, the following information may be retained for the periods stated for given reasons.

A. Reasons for Retention of Information Based on Company’s Internal Policy 

Recordkeeping of information about abuse
* Reason for retention: Prevention of abuse
* Period of retention: 1 year

B. Reasons for Retention of Information Pursuant to Relevant Laws
When retention is required by provisions of relevant laws, the Company retains personal data of users for a specific period stipulated under such laws. In such a case, the Company uses the information retained only for the purpose of such retention for the following retention periods.

  • – Compliance with legal and regulatory obligations
    * Reasons for retention: To comply with the obligations under law imposed on the Company

 

  • * Period of retention: 6 years

 

6. Procedure and Methods of Destruction of Personal Information 
By general rule, personal information of users is destroyed once its purpose of collection and usage is achieved. Procedures and methods used by the Company to destroy personal information are as follows.

A. Procedure of Destruction

* Once the purpose of the information is achieved, information entered or inputted by the user for member sign-up, etc. is moved to a separate database (separate cabinet in case of information on paper), stored for a specific period in accordance with internal policy and reasons for information protection pursuant to other relevant laws, and destroyed. * Such personal information is not used for purposes, other than as stipulated in purpose of retention, unless required by law.

B. Method of Destruction 

* Personal information printed on paper is destroyed by using a shredder or by incineration.
* Personal information stored in electronic file formats is erased beyond recovery using technical means.

7. Rights of Users and Legal Attorneys and Methods of Exercising the Rights
The user or their legal attorney may, at any time, view, correct and edit registered personal information of the user or the a child concerned under the age of 18* and may request for cancellation of membership.

The user may click ‘Edit Personal Information’ (or ‘Edit User Information’, etc.) to view and edit personal information of the user or the child concerned under the age of 18; and may click ‘Cancel Membership’ to cancel membership (withdraw consent). Once the user completes the identity authentication process, they will be able to view and edit the information or cancel membership on their own. 

Alternatively, the user may contact the Personal Information Manager in writing, by phone, or email for immediate action. 
Once the user has made a request for correction of errors in personal information, such information shall not be used or provided until the corrections are made. Also, if incorrect personal information is already provided to a third party, the Company shall immediately notify the third party of the correction processing results so that the necessary corrections are made. 

The Company processes personal information of users which has been canceled, deleted by request of the user, or legal attorney in accordance with provisions of “5. Retention and Usage Periods of Personal Information” ensures that the personal information is not viewed or used for other purposes. 

Users have the option of unsubscribing from the Company’s newsletter and from receiving marketing and advertising-related emails from the Company. 

8. Matters Concerning Installation/Operation of Automatic Personal Information Collection
The Company uses ‘cookies’ to save and frequently load the user’s information. A cookie is a very small text file sent from the server, which is used to run the website, to the user’s web browser. The cookie is stored on the hard disk of the user’s computer.

A. Purpose of Using Cookies 

* Cookies are used for analyzing the user’s visit and usage patterns, etc. of various services offered on lookinbody.com and other websites, to facilitate the provision of information, optimized for each user. 

B. Declination to Installation/Operation of Cookies 
* The user has the right over the installation of cookies. Therefore, the user can accept all cookies, require prompt each time a cookie is saved, or reject all cookies by setting options on their web browser.* Note, however, that if cookies are not accepted, the user may experience difficulty in using some of the services on lbwebind2020.azurewebsites.net/ which require signing in.
* Configuring cookie installation settings (on Internet Explorer)
① On the [Tools] menu, select [Internet options].
② Click the [Privacy] tab.
③ Adjust the [Settings].

9. Technical/Administrative Measures for Protection of Personal Information 
In handling personal information of users, the Company employs the following technical/administrative measures to secure safety of personal information against displacement, theft, leaks, unwanted alterations or damage. 
A. Encryption of Personal Information

The user’s password, stored and managed in encrypted forms, is only known to the user. Therefore, the password of a user can only be viewed and changed by the user who knows the password. Additionally, mobile numbers, dates of birth, etc. are encrypted to prevent information leaks and amendments to personal information.
B. Measures against Hacking, etc. 

The Company does its best to prevent leaks and damage of personal information of the user via hackers, computer virus, etc. The Company regularly backs up the data to minimize damage of personal information, uses latest anti-virus software to prevent leaks and damage of personal information and data of users, and uses encrypted communications, etc. for safe transmission of personal information on networks. The Company also uses an intrusion prevention system to limit unauthorized access from outsiders and makes an effort to employ all possible technical mechanisms to ensure security of the system.

C. Persons Handling Personal Information
The Company limits handling of personal information to persons, specifically assigned to the task, who are assigned with separate passwords that are regularly updated for such purpose. Frequent training is provided to persons handling personal information to emphasize the importance of compliance with the Privacy Policy, at all times.
D. Operation of Dedicated Organization for Personal Information Protection

The Company employs a dedicated organizations and teams for personal information protection, etc. to monitor implementation of the Privacy Policy; compliance of persons in charge; and to immediately correct and rectify any issues identified.

However, the Company shall not be liable for any issues caused by personal information leaks such as mobile numbers and passwords due to the user’s negligence or other Internet-related problems. 

10. Data Protection Manager and Officers
If users have any requests, inquiries, or complaints regarding the processing of the user’s personal information, users may report all privacy complaints that arise while using the Company’s services to the Data Protection Manager or Data Protection Officer of the Company.
The Company shall respond to the user’s reports promptly and adequately.

* InBody Headquarters [South Korea]
Address: 06106
625, Eonju-ro, Gangnam-gu, Seoul, Republic of Korea
Website : www.inbody.com
E-mail : inbody@inbody.com, privacy2@inbody.com
TEL : +82-2-501-3939 / FAX : +82-2-501-3978 
Personal Information Officer: Woo-sung Bang

* InBody EUROPE[NETHERLANDS]
Address: Gyroscoopweg 122, 1042 AZ Amsterdam
Website: https://nl.inbody.com/
E-mail: info.eu@inbody.com, privacy.eu@inbody.com
TEL: +31-20-238-6080
Personal Information Manager: Billy Nam 
Personal Information Officer: Michiel Manshande

* InBody USA
Address: 13850 Cerritos Corporate Dr., Unit C, Cerritos, CA 90703, USA
Website: https://inbodyusa.com
E-mail : info.us@inbody.com
TEL : +1-323-932-6503 / FAX : +1-323-952-5009

* InBody JAPAN
Address: Tani Bldg., 1-28-6, Kameido, Koto-ku, Tokyo 136-0071 JAPAN
Website: https://www.inbody.com/jp
E-mail : inbody@inbody.co.jp
TEL: +81-3-5875-5780 / FAX: +81-3-5875-5781
Personal Information Officer: 柴田 泰生

* InBody CHINA
Address: 904, Xing Di Plaza, No. 1698 Yishan Road, Shanghai, 201103, CHINA
Website: https://www.inbody.com/cn
E-mail : info@inbodychina.com, inbody_privacy@inbodychina.com
TEL : +86-21-6443-9738, 9739, 9705 / FAX : +86-21-64439706
Personal Information Officer: 宣宝榄

* InBody INDIA
Address: Unit No. G-B 10, Ground Floor, Art Guild House, Phoenix Market City, L.B.S. Marg, Kurla (West), Mumbai 400070, India.
Website: https://www.inbody.in
E-mail : inbodyindia@inbody.com
Personal Information Officer: Kenneth Cha

* InBody ASIA[MALAYSIA & SINGAPORE]
Address: Unit 3A-11, Oval Damansara, No.685 Jalan Damansara, 60000 Kuala Lumpur, Malaysia
Website: https://inbodyasia.com
E-mail : info@inbodyasia.com
TEL : +60-3-7732-0790
Personal Information Officer: Kim Sungeun

11. Duty of notification
If ever a legal attorney requests insight into, alteration or removal of the personal information of the subject as mentioned under “7. Rights of Users and Legal Attorneys and Methods of Exercising the Rights”, the Company shall notify the users in writing before complying to this request.

The Company shall report to the supervisory authority within 72 hours from the time it becomes aware of the infringement of personal information in the event of an infringement that may pose a risk to the rights and freedoms of individuals. The data subject must be notified of the infringement without under delay.

However, if there is a low possibility that the infringement of personal information poses a risk to the individual’s freedom and rights, the notification may not be made.

If the report to the supervisory body is not made within 72 hours, the reason for the delay shall be reported.

We reserve the right to update and make amendments to this Privacy Policy from time to time. In the event we update or amend this Privacy Policy, we will inform users by posting the updated Privacy Policy on the Web Services. In the event we update or amend this Privacy Policy, the updated or amended terms will only apply to personal data that is collected from the date of this Privacy Policy is updated or amended. 

To comply with Section 7(3) of the Personal Data Protection Act 2010 of Malaysia, a simplified Personal Data Notice based on this Privacy Policy is made available to users in Bahasa Malaysia. In the event of any inconsistencies between the Personal Data Notice and this Privacy Policy, the terms of this Privacy Policy shall prevail.   

This Privacy Policy was last updated 29, January 2021.

NOTIS DATA PERIBADI INBODY

Notis data peribadi (“Notis Data Peribadi”) mengenai penggunaan data peribadi diterbitkan oleh InBody (“Syarikat” atau “Kami”) kepada pengguna-pengguna sistem analisis komposisi badan, LookinBody Web, inbodyasia.com, dan  aplikasi telefon Inbody (secara kolektif, “Web  Services”), selaras dengan keperluan Akta Perlindungan Data Peribadi 2010 (“PDPA”). Sepanjang penggunaan Web Services kami, kami akan mengumpul data peribadi termasuk, tetapi tidak terhad kepada:  

  • nama anda;
  • alamat e-mel anda;
  • alamat dan poskod anda;
  • nama syarikat anda; 
  • ketinggian anda
  • berat badan anda;
  • umur anda;
  • jantina anda;
  • hari lahir anda; dan
  • data peribadi lain yang dibekalkan oleh anda dengan persetujuan anda sepanjang penggunaan Web Services kami.  

Kami juga akan mengumpul data peribadi sensitif yang berikut:

  • komposisi badan anda; dan
  • sejarah perubatan anda.  

Anda memberikan persetujuan secara nyata mengenai pemprosesan data peribadi sensitif di atas, dan memahami bahawa data peribadi sensitif di atas diperlukan untuk mengguna perkhidmatan analisis komposisi badan kami. 

Data peribadi anda dikumpulkan:

  • apabila anda menggunakan perkhidmata analisis komposisi badan;  
  • apabila anda mendaftar sebagai ahli Web Services Kami; dan
  • apabila anda menghubungi kami, memberi maklum balas kepada kami, membuat post dalam Web Services, melengkapkan tinjauan pengguna-pengguna, atau menyertai pertandingan-pertandingan yang dianjurkan oleh kami. 

Kami akan mengumpul dan memproses data peribadi anda untuk tujuan berikut: 

  • untuk memberi perkhidmatan kepada anda (termasuk untuk membekalkan perkhidmatan mengikut tempahan, untuk mengesahkan identiti anda, untuk memproses bayaran anda, dan untuk pembayaran fi kami);
  • untuk pengurusan ahli-ahli Web Services (termasuk untuk mengesahkan identiti anda, untuk membendung penyalahgunaan Web Services, untuk mengesahkan pendaftaran pengguna, untuk penyimpanan rekod bagi tujuan penyelesaian pertikaian, untuk mengendalikan aduan-aduan, dan untuk penghantaran notis);
  • untuk mengembangkan perkhidmatan kami; 
  • untuk tujuan pengiklanan dan pemarasan; 
  • untuk berkomunikasi dengan anda; 
  • untuk menghantar bulletin kepada anda;
  • untuk mematuhi tanggungjawab kontraktual kami; 
  • untuk mematuhi undang-undang dan peraturan-peraturan yang berkenaan; dan
  • untuk tujuan-tujuan lain yang berkaitan. 

(secara kolektif, “Tujuan-tujuan”).   

Semua data peribadi dari Malaysia akan disimpan  di dalam pelayan-pelayan web di Malaysia dan Singapore. 

Kami tidak akan mendedahkan data peribadi anda kepada mana-mana pihak ketiga kecuali dalam keadaan berikut:

  • anda telah memberi persetujuan;
  • kami diminta untuk mendedahkan data peribadi anda oleh agensi penyiasatan menurut keperluan undang-undangl
  • kami diminta untuk mendedahkan data peribadi anda oleh kerajaan;
  • wujudnya keperluan untuk mendedahkan data peribadi anda kepada pembekal-pembekal kami. 

Kami juga mungkin akan mendedahkan data peribadi anda kepada:

  • syarikat gabungan kami;
  • pembekal perkhidmatan, institusi-institusi, atau pertubuhan perdagangan yang berkolaborasi dengan kami; 
  • pihak ketiga yang telah memperolehi Syarikat atau aset-aset Syarikat; dan
  • pembekal perisian komputer yang diberi akses kepada data perintian Inbody menurut permintaan anda.  

Jika anda tidak memberikan data peribadi anda kepada kami, atau tidak setuju dengan Notis Data Peribadi ini, anda mungkin tidak dapat mengakses ciri-ciri Web Services yang tertentu, pengalaman pengguna anda mungkin akan terjejas, dan anda mungkin tidak boleh menerima perkhidmatan sokongan daripada kami.  

Kami akan memastikan bahawa data peribadi anda dilindungi dan akan disimpan dengan selamat. Anda berhak (seperti di bawah) untuk meminta akses kepada data peribadi anda, atau meminta salinan data peribadi anda, atau meminta bahawa data peribadi anda dikemaskini atau dibetulkan. 

Anda berhak untuk meminta bahawa kami mengehadkan pemprosesan data peribadi anda, tertakluk kepada apa-apa pengecualian undang-undang yang membolehkan kami untuk mengumpul, menggunakan, dan mendedahkan data peribadi anda. 

Kami berhak untuk mengemaskini dan membuat pindaan kepada Notis Data Peribadi ini dari semasa ke semasa. Kami akan memaklumkan kepada anda tentang pindaan yang dibuat kepada Notis Data Peribadi ini melalui pengumuman di Web Services. Jika kami membuat pindaan kepada Notis Data Peribadi, pindaan yang dibuat akan diguna pakai untuk data peribadi yang dikumpulkan selepas tarikh pemindaan Notis Data Peribadi ini sahaja. 

Selaras dengan Seksyen 7(3) PDPA, Notis Data Peribadi ini disediakan dalam Bahasa Malaysia dan Privacy Policy kami disediakan dalam Bahasa Inggeris. Sekiranya wujud sebarang percanggahan antara Notis Data Peribadi ini dan Privacy Policy kami, Privacy Policy kami akan diguna pakai. 

Jika anda ingin mengakses atau perlu mengemaskini data peribadi anda, sila berbuat demikian di akaun Web Services anda.

Jika anda mempunyai sebarang permintaan untuk mengehadkan pemprosesan data peribadi anda, pertanyaan, aduan, atau jika anda ingin menarik balik persetujuan anda kepada kami untuk mengumpul dan memproses data peribadi anda, sila hubungi wakil kami dengan merujuk kepada maklumat yang tertera dibawah:-

* InBody ASIA 
Alamat: Unit 3A-11, Oval Damansara, No.685 Jalan Damansara, 60000 Kuala Lumpur, Malaysia
Laman Web: https://inbodyasia.com
E-mail : info@inbodyasia.com
No. Telefon : +60-3-7732-0790
Pegawai Data Peribadi: Kim Sungeun

Last update: 29 January 2021