Webpage Privacy Policy

This Webpage Privacy Policy (“Policy”) describes the privacy practices of InBody BWA, Inc., (“InBody BWA”, “we” or “our”) as utilized at https://inbodybwa.com. For our privacy policy pertaining to our products and services, please see the Products & Services Privacy Policy below.

This Web Policy states how we use and protect information that you provide when using this site. It should be read in its entirety before using the site. We are dedicated to safeguarding and protecting your privacy, and any information you provide is always used in accordance with the information outlined in this Web Policy. We reserve the right to change or amend any part of this Web Policy at any time and without prior notice. However, details of these updates are made available on this webpage at the earliest opportunity. We advise checking this webpage from time to time to make sure that you agree with any changes or amendments.

If you are a California resident, please also review our  California Privacy Act Addition, which is how our privacy policies pertain specifically to California residents and businesses.

If you are a New York state resident, please also review our New York Privacy Act Addition, which is how our privacy policies pertain specifically to New York state residents and businesses.

1) Data Collection

1. What we collect

In order to provide a better customer experience, we collect the following user information via our website and services:

  • Your full name;
  • Your organization’s name (if applicable);
  • Your phone number;
  • Your email;
  • Your zip code; and
  • The state/region from which you are connecting to us.

1. Internal record keeping

  • We may use the information to improve our existing range of products and services and to develop fresh and new products and services.
  • We may periodically send promotional emails about new products, special offers or other information, which we think you may find interesting using the email address which you have provided.
  • From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may also use the information to customize the website according to your interests.

1. Cookies

You understand that InBody BWA reserves the right to track your access to our website, inbodybwa.com (“Site”), by using cookies. A browser cookie is a small piece of data that is stored on your device to help websites and mobile apps remember things about you. Other technologies, including Web storage and identifiers associated with your device, may be used for similar purposes. When we say “cookies”, we are referring to all these technologies.

Like most online service providers, InBody BWA uses cookies, including third-party cookies, to enhance your experience. You will have the opportunity to opt out of cookies. Additionally, your browser may allow you to refuse some or all cookies, and you can remove cookies from your browser. For more information on managing browser cookies, please follow your browser’s instructions. By continuing to use the Site, you understand and agree that your acceptance of our cookie policy will be deemed valid unless you choose to opt out, as well as the rest of this Web Policy.

Cookie Name 

Domain 

Vendor 

Purpose 

Category 

 AWSELB 

app.hubspot.com 

Amazon 

AWS Elastic Load Balancer 

Performance 

 __utma 

hubspot.com 

Google 

Google Analytics 

Targeting 

 __utmb 

hubspot.com 

Google 

Google Analytics 

Targeting 

 __utmc 

hubspot.com 

Google 

Google Analytics 

Targeting 

 __utmz 

hubspot.com 

Google 

Google Analytics 

Targeting 

 _gauges_unique_hour 

hubspot.com 

Gauges 

Gauges Analytics 

Performance 

 _gauges_unique_day 

hubspot.com 

Gauges 

Gauges Analytics 

Performance 

 _gauges_unique_month 

hubspot.com 

Gauges 

Gauges Analytics 

Performance 

 _gauges_unique_year 

hubspot.com 

Gauges 

Gauges Analytics 

Performance 

 _gauges_unique 

hubspot.com 

Gauges 

Gauges Analytics 

Performance 

 apex__product 

hubspot.com 

Salesforce 

Salesforce Analytics 

Strictly Necessary 

 __hstc 

hubspot.com 

HubSpot 

HubSpot Analytics 

Targeting 

 __hssrc 

hubspot.com 

HubSpot 

HubSpot Analytics 

Targeting 

 __hssc 

hubspot.com 

HubSpot 

HubSpot Analytics 

Targeting 

 hsPagesViewedThisSession 

hubspot.com 

HubSpot 

HubSpot Analytics 

Strictly Necessary 

 hubspotutk 

hubspot.com 

HubSpot 

HubSpot Analytics 

Strictly Necessary 

 hubspot.hub.id 

hubspot.com 

HubSpot 

HubSpot Authentication 

Strictly Necessary 

 hubspotauth 

hubspot.com 

HubSpot 

HubSpot Authentication 

Strictly Necessary 

 hubspotauthcms 

hubspot.com 

HubSpot 

HubSpot Authentication 

Strictly Necessary 

 hubspotauthremember 

hubspot.com 

HubSpot 

HubSpot Authentication 

Functionality 

_hs_opt_out 

hubspot.com 

HubSpot 

Opt out of HubSpot tracking 

Strictly Necessary 

hubspotutktzo 

academy.hubspot.com 

HubSpot 

Time Zone Offset 

Functionality 

__hluid 

hubspot.com 

HubSpot 

In-app usage tracking 

Targeting 

mp_id_mixpanel 

hubspot.com 

Mixpanel 

In-app usage tracking 

Targeting 

You will have the opportunity to opt out of permitting cookies. Additionally, your browser may provide you with the option to refuse some or all browser cookies. You may also be able to remove cookies from your browser. For more information about how to manage browser cookies, please follow the instructions provided by your browser.

You understand and agree that your continued use of the Site shall be deemed as acceptance of our cookie policy, should you choose not to opt-out, as well as the rest of this Web Policy.

2) Changes to this Web Policy

We may amend this Web Policy at any time by posting the amended terms on the Site.

3) Security

We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

4) Controlling your personal information

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

5) Links to other sites

https://inbodybwa.com may provide links to other Internet sites that provide information related to products or services. Once you link to another site, you are subject to the privacy policy of the new site.

6) Questions

If you have any questions about this Web Policy, our information handling practices, or any other aspects of your privacy and the security of information, please send an email to bwainquiries@inbody.com.

Product & Service Privacy Policy

This Product & Service Privacy Policy (“Privacy Policy”) from InBody BWA, Inc., DBA InBody (“InBody” or “InBody BWA”) is regarding, and covers, the Services, as defined below. This Policy states how we collect, use, disclose, and protect the Personal Information that an End User and/or an Analysis Facility provides us using the Service(s).

If you are a California resident, please also review our California Privacy Act Addition, which is how our privacy policies pertain specifically to California residents and businesses.

If you are a New York state resident, please also review our New York Privacy Act Addition, which is how our privacy policies pertain specifically to New York state residents and businesses.

You agree to the following:

Definitions

 
  1. End User – An individual, patient or a customer who receives or uses the Service(s)
  2. Analysis Facility – A business, an association, an enterprise, or an organization that provides the use of the Service(s) and a facility where the Product or the Site is located
  3. Facility User – An employee, a representative or a member of the Analysis Facility
  4. Facility Administrator (Admin) – The employee or an associate of the Facility who is in charge of the Site’s account and has a higher level of authority than the Staff member
  5. Staff Member – An employee or an associate of the Facility who uses the Site but has limited access
  6. Protected Health Information – According to the Health Insurance Portability and Affordability Act of 1996, Public Law 104-191, as amended, and inclusive of the Privacy Rule, Security Rule, Breach Notification Rule and Enforcement Rule (45 CFR Parts 160 and 164) promulgated by the United States Department of Health and Human Services (“HIPAA”), Protected Health Information is information that is a subset of health information including demographic information collected from an individual that: (1) is created or received by a health care provider, health plan, employer, or health care clearinghouse; (2) relates to an individual’s past, present, or future physical or mental health or condition, the provision of health care to the individual, or the past, present, or future payment for the provision of health care to an individual; (3) identifies the individual or for which there is reasonable basis to believe the information can be used to identify the individual; and (4) is transmitted by electronic media, maintained in electronic media, or transmitted or maintained in any other form or medium.
  7. Personal Information – End User’s non-public information which InBody BWA receives through End User’s use of the Service that can be used, alone or in combination with other information in InBody BWA’s possession, to identify a particular individual. It may include information such as name, email address, telephone number, and other personal information the End User provides InBody BWA and it may include Protected Health Information that an individual provides to the Covered Entity
  8. Covered Entity – The definition of the Covered Entity remains the same as in 45 CFR § 160.103 of HIPAA
  9. Aggregated or De-Identified Information – Information that does not identify you as a specific individual
  10. Custody – When Personal Information or Protected Health Information or other information regarding an End User or Facility User is transmitted to and maintained within our server
  11. Control – When Personal Information or Protected Health Information or other information regarding an End User or Facility User can be viewed, added, edited, deleted, and or transferred by InBody BWA for the purposes described in this Policy
  12. In this Policy, the words “InBody”, “InBody BWA”, “we”, “us” and “our” refers to InBody BWA Inc. DBA InBody
  13. In this Policy, the words “you” and “your” refers to the non-InBody signatory to this Policy

II. Services We Provide

This Policy applies to the following:
  1. InBody’s body composition analysis devices and its accessories (the “Products”);
  2. InBody-provided applications that gives you access to view, add, update, or delete data (collectively, the “App”);
  3. InBody data management website(s) and/or an extension of the website(s), including, but not limited to, https://usa.lookinbody.com and the LookinBody App (collectively the “Site”); and
  4. The data, analyses and other content collected, processed, analyzed, generated or delivered by a Product, the App, or the Site, including without limitation, text, graphs, calculations, copy, audio, video, photographs, illustrations, images, graphics and other visuals (the “InBody Content”) (all collectively, the “Service” or “Services”).

III. Information We Collect

1. Information We Collect from an End User:

  1. App: When you register for the App, we require the following information: your name, email address, telephone number, age, height, weight, and gender
  2. Product: Our Body Composition Analysis Device collects multiple data points from your body and outputs information such as BMI, PBF, Lean Body Mass, Skeletal Muscle Mass, level of Body Water etc. Accessories connected to the InBody Body Composition Analyzer may collect and output many different data points. Results from the device and the accessory are pooled together and associated with your registered ID and/or telephone number. If you wish to be left anonymous and unidentifiable, you may use the Product as a Guest. Height, weight, age, and gender are still required from a Guest user to process the data. The storage of your data on the server allows you to track changes over multiple tests and multiple Service(s). The guest user may not be able to track their results. Also, depending on the model of the Product, additional body composition measurement information may be stored, such as visceral fat level, leg lean mass etc.
  3. Wearable devices: Wearable devices track your sleep, calories, activity, steps, etc. You have the option to use different functions such as your activity time, distance traveled, and calories burned. You may also selectively choose to hide any of the functionalities (except battery, time, and body composition analysis) from the screen of the Wearable device. The Ranking system function, derived from the Wearable device, in the App is available for you to compare your steps and/or scores activity with your friends and family who have this system available and turned on. This optional feature requires you to provide access to the contacts and opt-in to share your results with your contacts through settings. To know more about ranking system and the different functions of the Wearable device, please refer to the “Terms of Service for End User”.
  4. As it pertains to the Personal Information that you share about yourself to InBody BWA using InBody’s Service directly, without an Analysis Facility, you agree that no Protected Health Information is included, and that HIPAA does not apply to such Personal Information.

2. Information We collect from an Analysis Facility:

An Analysis Facility may be asked to provide InBody BWA with Personal Information of Facility Users who may access the Site. Such information can include their full name, telephone number, email address, and date of birth. The Staff member is a sub-tier account to the Admin account with limited access to the Site. Each Analysis Facility may have a different staff structure, and the level of access to the End User’s information, will be determined by InBody BWA at our sole discretion by reference to the Facility User’s responsibility and role at the Analysis Facility. A Facility User’s personal information is used to create account logins for the Site during the creation of an Administrator account and/or Staff member account. The Facility User is responsible for the accuracy of the information, any changes or updates on the account, and the confidentiality of the login credentials for the Site. A Facility User may be asked to provide identifiable information to InBody BWA if they call in for support.

3. Analysis Facility – Covered Entity

In the event when a Covered Entity purchases the LookinBody Web Subscription, InBody becomes its Business Associate and both parties must comply with Privacy and Security Rules of HIPAA. An Analysis Facility that is a Covered Entity hereby represents and warrants to InBody that such Analysis Facility has obtained the necessary Authorization Form, to ensure that such Analysis Facility has consent to disclose each End User’s Personal Information and Personal Health Information which shall comply with HIPAA and other applicable state and federal privacy laws. The Covered Entity that discloses the Personal Health Information to InBody must enter into and comply with terms of a mutually agreeable Business Associate Agreement.

4. Information Collected Automatically

We may automatically collect the following information from your use of the Service(s) through cookies, web beacons, and other technologies: your domain name, browser type, operating system, web pages you view, links you click, your IP address, the length of time you visit our Site and/or use our App, mobile device, mobile number, and the referring URL, the webpage that led you to our Site etc. We may also have access to other data such as location, calls, mobile camera, photo gallery, and contacts, if you allow. Note that this information that is automatically collected does not include Protected Health Information.

5. Cookies and Other Collection Tools

We may use our cookies and other collection tools to track information about your use of our Site and other Services, or to track aggregate and statistical information about User activity. A cookie is a small file containing a string of characters that is sent to your computer when you visit a website; in this case the Site. When you visit the Site again, the cookie allows that site to recognize your browser. Cookies may store user preferences and other information such as a login credential and/or password. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. Other technologies are used for similar purposes as a cookie on other platforms where cookies are not available or applicable. Some cookies allow us to make it easier for you to navigate our Site and other Services, while others are used to enable a faster login process or to allow us to track your activities on our Site. All cookies are allowed, by default, but you can adjust this setting and clear cookie for all sites or for certain pages. You can disable or remove first-party and third-party cookie information and data. If you remove cookies, things like saved preferences on websites might get deleted and some website features or services may not function as well. But if you prefer, you can edit your browser options to block them in the future. The help portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, and/or how to disable cookies altogether.

6. Integrated Technology Collection

InBody has integrated certain Services, including the App and wearable devices, with a number of third-party providers. Please see below a list of such providers and the information collected via their integrated technology:

  • Google Fit – Body composition: height, weight, body fat percentage – Step: Number of steps, distance, heat consumption – Blood pressure: systolic, diastolic
  • Apple Health – Body measurement: Weight, height, body fat, body fat percentage, body mass index – Activity: Number of steps
  • Samsung Health – Weight – Height – BMR – Body fat mass (BFM) – Fat free mass (FFM) – Skeletal muscle mass(SMM) – Body Fat(PBF)

7. Misc

The application of this Privacy Policy is subject to the required equipment(s) and application(s) to upload and/or download the data to and from our server and is subject to the requirements or provisions of any applicable federal and state legislation, federal and state regulations, agreements or the ruling of any court or other lawful authority. All Analysis Facility Users, and InBody employees and contractors, with access to End User’s Personal Information are required to comply with this Privacy Policy.

IV. Use of Information

1. Use of End User’s Information: by Analysis Facility

  1. To track user’s performance at that Analysis Facility such as total amount of body fat lost, total amount of lean body mass gained, etc.
  2. To track total users and the Facility’s performance such as total tests, existing users, new users, etc. This allows Facility Administrator to track how well their Analysis Facility is doing
  3. To serve you:
    1. To provide you with your Personal Information such as your BMI, PBF (Percent Body Fat), Lean Body Mass, Body Water, BMR, Systolic and Diastolic Blood Pressure measurements etc.
    2. To help achieve your goal, your Analysis Facility may assign a Facility User(s) to chat with you. This additional feature is provided to help you stay connected with your advisor. Any changes or updates to the assigned advisor should be discussed with the Analysis Facility
  4. We collect information such as phone number, ID, name, or medical history to categorize the data for the Analysis Facility and to allow you to track your progress easily when you participate in different challenges.

2. Collection of End User’s Information: for the End User

Your Personal Information is stored on the server for your convenience, so you can access your data from App.

    1. We may have access to some of your data generated by your mobile phone, with your consent, to allow you to take full advantage of the App and the Product. This may include accessing and using:
      1. Location – To allow your wearable device and phone to pair and report fitness level(s)
      2. Camera – To allow you to take pictures and share with the Facility User
      3. Call – To make calls to a Facility User and to allow call notifications to be sent to your wearable Product
      4. Gallery – To allow you to share your images with the Facility User
      5. Contacts – To allow you to track and rank your family and friends who use the App and the Product
    2. Your email address is used to send you a temporary password if and when you forget your credentials for the App; it may also be used for other services related to your password to confirm your identity. You have to manually confirm the usage of your email for any of these services
    3. We may send you an electronic message through email or SMS where we take your consent in accordance with the applicable law.

3. Use of End User’s Information: by InBody BWA

  1. To serve you:
    1. To provide support to inquiries made by you or the Analysis Facility regarding the Service(s); In the case of an inquiry, name and/or ID will be used by us for identification purposes
  2. To give access to third parties to process that Personal Information:
    1. Third parties that are affiliated with us may have access to your Personal Information to process information and/or to provide you services
    2. When the information is entered on the Product (that is connected to the internet), App or the Site, it automatically gets uploaded on the Server. Access to the Server is open to InBody BWA and its contracted affiliates for the same purposes as InBody BWA
    3. When we share your Personal Information with any such third party we make sure they have appropriate safeguards in place for the protection of your Personal Information and Personal Health Information so that the subcontractors and/or business associate are in compliance with HIPAA and other applicable state and federal privacy laws.

4. Other Uses of Personal Information

  1. Other uses and disclosures of Personal Information not covered by this Policy and permitted by the applicable laws that apply to us may be made with your consent, your written authorization or that of your legal representative, or where permitted or required by applicable law. If we are authorized to use or disclose Personal Information about you, you or your legal representative may revoke that authorization in writing at any time with the Analysis Facility, except to the extent that we have taken action relying on the authorization or if the authorization was obtained as a condition of obtaining your account, or if we are legally required to make a particular use or disclosure of your information. You should understand that we will not be able to take back any disclosures we have already made with your authorization.

V. Disclosure of Information

We may share your Personal Information, with the following entities for the purpose described below provided that our sharing of your Personal Information and their use of your Personal Information complies with HIPAA and other applicable state and federal privacy laws.

1. Business transfers:

We may disclose Personal Information in connection with the sale, merger, sale of assets or reorganization of InBody BWA or its affiliates. In such an event, your information will transfer to the acquiring company. Notice of such a transfer will be provided by posting to the Site or via another form of communication.

2. Third Parties:

We have a relationship with third-party service providers including, but not limited to, InBody BWA, Inc. They help us provide services to you, administer our business, and design, maintain, improve our Service(s), systems, procedures, protocols, and security.

When we allow our contracted third-party service provider to have access to your Personal Information, they are permitted to use it only for purposes that are consistent with this Policy. We ensure, through agreements in place, that these third parties have an equivalent level of protection established in their organizations for sturdy protection of your information. If a substantial change in our or our associates’ business model occurs, that impacts the use of your information, an updated privacy policy will be provided. Below is the list of some of the third parties that may use your Personal Information:

  • Use of Personal Information: by  InBody BWA, Inc.
    1. InBody BWA, Inc. may share or sell aggregated, de-identified, data that does not identify you, with partners and the public in various ways, such as by providing research or reports about health and fitness or in connection with contests, challenges or another event. When they provide this information, they perform appropriate procedures so that the data does not identify you.
    2. To administer and maintain the Server, thus the Personal Information contained therein
    3. To provide the highest level of support, if needed, to understand and solve any issue that may arise from you or the Analysis Facility.
    4. To help create, develop, operate, deliver, and improve Services.
    5. To track and respond to safety concerns and to further develop and improve Services
    6. To aggregate data for trend analysis and broad demographic information and other business purposes including Service development and improvement activities

3. With Service Providers and Business Partners:

We may collaborate with other companies and individuals to perform services on our behalf. Any such subcontractor will be treated with and under the compliance of 45 CFR § 164.502(b). Examples of providers include data analysis firms, credit card processing companies, customer service and support providers, email and SMS vendors, web hosting and development companies and fulfillment companies. Companies may also include our

co-promote partners for Services that we jointly develop and/or market with. These third parties may be provided with access to the Personal Information needed to perform functions for us, but the use will be subject to contracts and agreements in place that protect the confidentiality of the information. Third party integration with our Services, such as Site, may require access to the Personal Information in a non-traditional manner which will be subject to different set of Terms.

4. Law enforcement:

We may disclose and report to law enforcement agencies information related to activities that we reasonably believe to be unlawful, or that we reasonably believe may aid a law enforcement investigation into unlawful activity. In addition, we reserve the right to release your information to law enforcement agencies if we determine, in our sole judgment, that the release of your information may help protect the safety or property of any person or entity.

5. Required or Permitted by law:

We may disclose your information to others as required or permitted by law. This may include disclosing your information to governmental entities, or pursuant to court orders, subpoenas, warrant, summons or similar process.

6. Protection for Us and Others:

We may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any individuals, violations of our Terms or this Policy, or as evidence in litigation in which we are involved.

7. Data That You May Direct us to Share

You can direct us to share your data with other parties or users. For example, you may authorize us to share your data with other End Users through the mobile App, with your employer as part of a wellness program or with other End Users or Analysis Facilities in connection with your participation in contests, challenges or other events. You may also direct us to share your Personal Information with any other third-party app or website which will be subject to different set of terms and conditions.

VI. Consent

  1. Unless we determine that we require an additional consent for specific Service(s) or any other new purpose, you agree and consent that we may collect, use, share, or otherwise process your Personal Information in accordance with this Policy.
  2. Your consent denotes that you have read the Policy in its entirety and understand the collection, use and disclosure of your Personal Information in our organization.
  3. In most cases, you have the ability to withdraw your consent. However, because of regulatory requirements imposed upon us, or contractual obligations you have with us, there are certain limited circumstances where you may not withdraw your consent to the collection, use or sharing of your Personal Information. If you choose not to provide us with certain Personal Information, or where you have withdrawn your consent, we may not be able to offer you the Services or information that you requested or that could be offered to you. For example, if you withdraw your consent to use Personal Information such as weight, height, or gender, it will be impossible for the InBody Body Composition Analysis Device to test your composition. Personal Information will not be disclosed without the consent of the individual, except to the extent permitted by applicable law in following cases:
    1. Contact relating to Service inquiries or repairs
    2. Requests for disclosure for legitimate legal reasons
    3. When necessary to protect life, health, property or other vital interests of the End User
    4. When a transfer of Personal Information is judged necessary to continue service in the event of changes to the service provider for example: a company merger
    5. Other disclosures required or permitted by applicable law.

VII. Data Retention and Deletion

We and our affiliates actively retain Personal Information for ten years for our relationship for the purposes described above or as permitted or required by federal law. Aggregation of data will take place after ten years of your inactivity. Your Personal Information is aggregated when you are inactive on the App AND have not used the Product for ten years. When your information is aggregated, your Protected Health Information, name, ID, phone number, and email address, is deleted permanently. Only the de-identifiable information is kept for development, improvement, and/or marketing purposes. Inactivity is defined by two requirements:
  1. When you are inactive (have not logged in) on the App
  2. When you have not used the Product at the Facility
Inactivity or cancellation of the subscription by the Analysis Facility from the Product or the Service does not impact your access to previous test results or the test results produced by InBody wearable products. If you are continuously using the Product, your information will be retained until you become inactive for ten years or delete the information by making a request to the Facility. Data can be deleted (i) if an Administrator of the Site deletes the data or account on the Site; or (ii) if you manually delete the test results on the App (which does not mean that data has been deleted on the Facility’s Site). To delete your Personal Information permanently, you must talk to your Administrator or Staff Member to delete your information. Analysis Facility has Custody and Control over data that was acquired at their Facility. However, if you do not have a Facility and you use personal or home use device(s) independently, you may delete your test results or withdraw your account to permanently delete your account and information therein. Deleting records and Personal Information is permanent; however, please note that in some cases we may be required to retain certain information where permitted or required by law, including without limitation if such information is the subject of a legal dispute. InBody BWA, Inc. may wait for a certain time before permanently deleting your records or Personal Information in order to help avoid accidental or malicious removal of your information.
  1. Backups: A Backup is defined as data stored that matches the data on the Analysis Facility’s Product(s). The Backup will be maintained for the duration of the End User account or LookinBody Web active account until data is permanently deleted from the account. Data may be stored in the Backup even after someone deletes an End User account or information to avoid accidental or malicious deletion of your information. After a reasonable time period has passed, the data will be deleted permanently or restored if requested. After the data is deleted permanently, the Backup will be deleted, subject to any legal requirements.

VIII. Data Accuracy

InBody BWA intends to ensure that the information within its Custody and Control is accurate. Nevertheless, the End User should be vigilant of the accuracy of their own Personal Information. The method for updating Personal Information depends on the information source. Personal Information comes from one of the following:
  1. Entered by you on the App or the Product
  2. Entered by the Analysis Facility on the Site or the Product
Information you delete, update, or add on the App is stored only on your phone, viewable to you, and will impact your manually inputted test results, Personal Use device, and Wearable device results. It is in our Custody but Controlled by you. If you wish to update your Personal Information on any other device you should consult your Analysis Facility or update it yourself on the device. To update your personal information on the Site, make a request to the Facility User. Understand that any change to your Personal Information will not impact your previous tests. Any factors of the Personal Information that are dynamic (changes frequently) for example Weight, Age or Phone Number, should be updated by you or the Analysis Facility accordingly. As the Analysis Facility and you have full authority to change or update any part of the Personal Information, InBody BWA and its affiliates do not take responsibility for test results and/or decisions made, based on the inaccurate Personal Information.

IX. Accessing and Correcting Personal Information

You and the Analysis Facility have full authority to add, update, or delete any part of your Personal Information. Yet you may request access or correction of your Personal Information to us. To access or request correction of your Personal Information, please contact us at bwainquiries@inbody.com. We may require you to verify your identity before allowing you to access your Personal Information. We may decline your access because of security or legal reasons but you can submit a written request to us and we will try to address the issues as soon as possible.

X. Children’s Privacy

We are mindful that the Services will be attractive and of benefit to potential users under the age of 18 or local age of majority and it is our policy, regardless of the country in which the Analysis Facility is located, to ensure that parents or legal guardians can monitor data collected in respect of such users. Our Service(s) is available to End Users who are below the age of 18 or local age of majority. The parent or legal guardian of any End User aged below 18 years of age is required to consent to the collection and use of his/her child’s Personal Information and Personal Health Information at the time of registering and use of our Services. When you consent to this Policy, if applicable, you consent to the collection, use, and disclosure of Personal Information and Personal Health Information of your child. A parent or legal guardian of any child who has not attained 18 years of age or local age of majority can review his/her child’s Personal Information and Personal Health Information, ask to have it deleted, and refuse to allow any further collection or use of the child’s information from the Analysis Facility.

XI. Safeguards

We take reasonable and appropriate measures to protect the data you submit, including physical, organizational, and technological security measures. Furthermore, we may not sell your Personal Information. Please be aware, however, that the Internet is a global communications vehicle open to threats, viruses, and intrusions from others. By accepting this Policy, the End User and Analysis Facility each acknowledge that unintentional data loss may occur despite the efforts made in good faith by InBody BWA, its third-party affiliates, or an Analysis Facility.

The purpose of access and process by the third-party affiliates in different countries will remain consistent with this Policy. Processing and access may be possible from other countries whose data protection laws may differ from the jurisdiction in which you live. As a result, this information may be subject to access requests from governments, courts, or law enforcement in those jurisdictions according to laws in those jurisdictions. If you are an Analysis Facility or a Facility User, you represent and warrant to InBody BWA that you attained all necessary consent and provided all necessary notices as required by applicable laws for the purposes of this Policy.

  1. Technical Safeguards
  2. We use a variety of security measures, including encryption and authentication tools to help protect your information. Third parties, including, but not limited to, InBody Co., Ltd. utilize extended levels of security to protect the electronic data.

  3. Physical Safeguards
  4. We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to our office. Third Parties such as InBody Co., Ltd .restrict their offices to authorized personnel only, also other forms of restriction are applied to enter the department with access to the server.

  5. Administrative Safeguards
  6. We restrict access to Personal Information and Personal Health Information to InBody BWA employees, contractors, and agents who need to know Personal Information or Personal Health Information in order to process something for us. They are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations. Third parties are also required to limit the access to our server(s), to authorized personnel only, who use the information for the purposes indicated in this Policy.

XII. Incident Management

InBody BWA and its third-party affiliates have developed a comprehensive incident readiness and response plan designed to identify the cause, extent and nature of an incident involving Personal Information and Personal Health Information and to allow timely reporting in accordance with our contractual terms or legal obligations.

XIII. Anti-Discrimination

We may not retaliate or discriminate against anyone exercising consumer rights under the California Consumer Protection Act or any other applicable consumer protection regulation, and we reserve the right to adjust our pricing based on services offered.

XIV. Terms and Conditions

Your continued use of our Services, and any disputes arising from them, is subject to this Policy as well as our Terms. Please visit our Terms, which explain other terms governing the use of our Services.

XV. Links

The Site may provide links to other sites that provide information related to our Services. Once you link to another site, you are subject to the privacy policy of the new site. You can also find a list of Services at our website www.inbodybwa.com.

XVI. Update

We reserve the right to change and amend any part of the Policy at any time and without prior notice. Details of these updates will be made available on the Site. We advise you check the Site from time to time to make sure that you agree with any changes and amendments. Your continued use of our Services constitutes your acceptance to this Policy and any updates. This Policy is incorporated into the Terms of Service for End User (if you are an End User) and the Terms of Service for Analysis Facility (if you are a Facility User).

XVII. Contact Information

If you have any questions or comments regarding this Policy, our information handling practices, or any other aspects of your privacy and the security of information, please send an email to bwainquiries@inbody.com or contact us at

InBody BWA, Inc.
Attn: Product Support
bwainquiries@inbody.com
2550 Eisenhower Avenue, Suite C-209
Audubon, PA 19403

You agree and acknowledge that you have read this Policy in its entirety. By registering, subscribing, and/or using our Service, you agree to this Policy.

CALIFORNIA CONSUMER PRIVACY POLICY

 

This California Consumer Privacy Policy (“Policy”) is applicable only to California residents and supplements other privacy policy concerns, terms, and conditions that exist regarding services provided by Biospace, Inc., DBA InBody (“InBody”). As required in the California Privacy Rights Act (“CPRA”), this Policy describes the rights available to California consumers of InBody products and regarding their personal information and InBody’s practices regarding the collection, use, disclosure, and sale of personal information, as defined in the CPRA. In reviewing this Policy, you are further encouraged to review our other terms and conditions for further information regarding our overall privacy practices, as well as other rights you have under federal law. You agree to the following:

I. Your Rights:

 

    1. The Right to Know: This is your right to know what categories of personal information we collect about you, how we use your personal information, whether we share, disclose, and/or sell your personal information to third parties, and what other rights you may have under the CPRA with respect to your personal information.
    2. The Right to Delete: This is your right to request that we delete the personal information we have collected from you and maintain in our systems, subject to certain exceptions that permit us to keep your personal information for specific purposes.
    3. The Right to Access: This is your right to request access to the personal information we have collected about you.
    4. The Right to Opt-Out of Sale: This is your right allowing you to opt-out of the sale of your personal information to third parties, if any.
    5. The Right to Equal Service: This is your right to not be retaliated against by InBody BWA in any manner for exercising any of your rights under the CPRA or other privacy policy agreements between you and InBody BWA.
    6. The Right to Correct: This is your right to request InBody BWA to correct inaccurate personal information which you have provided to InBody BWA and which you can reasonably prove is inaccurate.
    7. The Right to Limit Use: This is your right to restrict InBody BWA’s use of your personal information, to the extent such restriction/limitation does not conflict with InBody BWA’s rights and obligations under the law.
    8. The Right to Action: This is your right to initiate a private legal action against InBody BWA for InBody BWA’s violations of the CPRA.

II. The Categories of Personal Information InBody BWA Collects Under the CPRA

In the last twelve months, InBody BWA may have collected the following categories of personal information, as defined under the CPRA, about California consumers (for more information on our collection practices, please review our Terms of Service):

  1. Personal Identifiers: real name, alias, postal address, a unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers, including those personal information categories listed in the California Customer Records statute, which also includes signature, physical characteristics or description, address, telephone number, insurance policy number, education, employment, employment history, bank account number, credit and debit card numbers, any other financial information, medical information, or insurance information.
  2. Protected classification characteristics under California or federal law: age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex, gender, gender identity, gender expression, pregnancy status, childbirth and related medical conditions, sexual orientation, veteran or military status, genetic information.
  3. Commercial Information: records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  4. Biometric Information: genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health or exercise data.
  5. Internet or other similar network activity: browsing history, search history, information on a consumer’s interaction with a website, application or advertisement.
  6. Geolocation Data: physical location or movements.
  7. Inferences drawn from other personal information: profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

III. Sources of the Information We Collect Under the CPRA

InBody BWA collects certain personal information about you from a variety of sources in order to provide you with our services, communicate with you and your service facilitator, and provide you with the support you need to use our services. These sources may include:

  1. Information provided by you to InBody BWA directly, such as when you contact or communicate with us, or when you establish a user account.
  2. Information we collect automatically and through your use of InBody BWA’s services and products, including our websites and applications.
  3. Information obtained by third parties, such as your service facilitator.
  4. Information publicly available about you.

IV. How InBody Uses Your Information

For information on how InBody BWA uses the information we obtain from you, please review our Terms of Service.


V. Disclosure of Your Information

As mentioned in the InBody BWA Terms of Services, InBody BWA does not sell your personal information to third parties for monetary consideration for any purpose, including advertising. However, InBody BWA may share your personal information, with the following entities for the purpose described below:

 

A. Business transfers:

InBody BWA may disclose personal information in connection with the sale, merger, sale of assets or reorganization of InBody BWA or its affiliates. In such an event, your information will transfer to the acquiring company. Notice of such a transfer will be provided to you.

 


B. Third Parties:

InBody BWA has a relationship with third-party service providers including, but not limited to, LookinBody Company and InBody Co., Ltd. They help InBody BWA provide services to you, administer InBody BWA’s business, and design, maintain, and improve InBody BWA’s service(s), systems, procedures, protocols, and security.

When we allow our contracted third-party service provider to have access to your personal information, they are permitted to use it only for purposes that are consistent with this Policy. We ensure, through agreements in place, that these third parties have an equivalent level of protection established in their organizations for sturdy protection of your information. If a substantial change in our or our associates’ business model occurs, that impacts the use of your information, an updated privacy policy will be provided. Below is the list of some of the third parties that may use your personal information:

    1. Use of Personal Information: By LookinBody Company
      1. To administer and maintain InBody’s servers.
      2. To provide the highest level of support, if needed.
      3. Improve InBody BWA’s content

        1. The collection of personal information also helps create, develop, operate, deliver, and improve services that are provided to you.
        2. To track and respond to safety concerns and to further develop and improve services
      1. LookinBody Company may use the aggregated data, so they can administer and improve our services and websites, analyze trends and gather broad demographic information
        1. The LookinBody Company may also use the aggregated data for various business purposes including research and development.

    1. Use of Personal Information: By InBody Co., Ltd.
      1. InBody Co., Ltd. may share or sell aggregated, de-identified, data that does not identify you, with partners and the public in various ways, such as by providing research or reports about health and fitness or in connection with contests, challenges or another event. When they provide this information, they perform appropriate procedures so that the data does not identify you.

 

C. With Service Providers and Business Partners:

InBody BWA works with other companies and individuals to perform services on InBody BWA’s behalf. Any such subcontractor will be under the compliance of 45 CFR § 164.502(b). Examples of providers include data analysis firms, credit card processing companies, customer service and support providers, email and SMS vendors, web hosting and development companies and fulfillment companies. These third parties may be provided with access to your personal information as required to perform functions for InBody BWA, but the use will be subject to contracts and agreements in place that protect the confidentiality of the information.

 

D. Law enforcement:

InBody BWA may disclose and report to law enforcement agencies information related to activities that InBody BWA reasonably believes to be unlawful, or that InBody BWA reasonably believes may aid a law enforcement investigation into unlawful activity. In addition, InBody BWA reserves the right to release your information to law enforcement agencies if InBody BWA determines, in its sole judgment, that the release of your information may help protect the safety or property of any person or entity.

 

E. Required or Permitted by law:

InBody BWA may disclose your information to others as required or permitted by law. This may include disclosing your information to governmental entities, or pursuant to court orders, subpoenas, warrant, summons or similar process.

 

F. Protection for InBody and Others:

InBody BWA may disclose the information obtained from you when InBody BWA believes it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any individuals, violations of our Terms of Service or this Policy, or as evidence in litigation in which InBody BWA is involved.

VI. Unrestricted Use

The CPRA does not restrict InBody BWA’s ability to disclose the personal information identified above to third parties for the purposes previously stated and for the following purposes, which include:

  1. Compliance with federal, state, or local laws.
  2. Compliance with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities.
  3. Cooperation with law enforcement agencies concerning conduct or activity that InBody BWA, a service provider, or third party reasonably and in good faith believes may violate federal, state, or local law.
  4. Exercise or defense of legal claims.
  5. Collection, use, retention, sale, or disclosure of consumer information that is deidentified or aggregated consumer information.
  6. Collection or sale of consumers’ personal information if every aspect of that commercial conduct takes place wholly outside of California.

VII. Your Right to Know the Personal Information Obtained About You

The CPRA requires that, upon request, InBody BWA must provide you the following information:

  1. The categories of personal information obtained from you.
  2. The categories of sources from which the personal information is obtained.
  3. The business and/or commercial purpose for collecting, disclosing, or selling, if applicable, the personal information.
  4. The categories of third parties with whom InBody BWA has shared your personal information.
  5. The specific pieces of personal information obtained from you.

This is known as your “right to know” under the CPRA.

VIII. Your Right to Request Access to the Personal Information Obtained About You

The CPRA requires InBody BWA to provide you with access to the actual personal information collected about you during the course of the preceding twelve months; this is known as your “right to access” under the CPRA.

TThe CPRA requires InBody BWA to comply with up to two access requests during a single twelve-month period, which are subject to limitations for manifestly unfounded or excessive requests.

In addition, there are certain categories of personal information that InBody BWA may not return to you in response to your access request due to the inherently sensitive nature of such information which could create a substantial, articulable, and unreasonable risk to the security of that personal information. This includes your Social Security number, driver’s license number, or other government-issued identification number, financial account number, health insurance or medical identification number, account password, or security questions and answers.

 

IX. Your Right to Request Deletion of Personal Information Obtained About You

If you wish to request InBody BWA to delete the personal information obtained about you, subject to a verifiable consumer request, InBody BWA will delete your personal information from InBody BWA’s systems, barring exceptions. Service providers and third parties with whom InBody has shared your personal information will be notified.

However, in addition to certain applicable terms and conditions pertaining to deletion of information as found in the InBody BWA Terms of Service, your deletion request is subject to certain exceptions which InBody BWA may rely on where it is necessary for the company to retain personal information in order to:

  1. Complete the transaction for which the personal information was collected, provide a product or service requested by you, or reasonably anticipated, within the context of InBody BWA’s ongoing business relationship with you, or otherwise perform an agreement between InBody BWA and yourself.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for that activity.
  3. Identify and repair errors that impair existing intended service functionalities.
  4. Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act, as applicable.
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws when such deletion of information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent.
  7. To enable solely internal uses that are reasonably aligned with the expectations of the consumer, as based upon the consumer’s existing relationship to InBody BWA.
  8. Comply with a legal obligation.
  9. Otherwise use the personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

Should any of these exceptions apply, InBody BWA is not required to delete your personal information. In the event that your request is denied based on any of these exceptions, InBody BWA will inform you, in writing, of the reason.

X. Submitting a Request

Given the sensitive nature of the information under the CPRA and as proscribed by the law itself, it is essential that InBody BWA verify your identity in order to process your request, whether it is for access or deletion of your personal information. While the identity verification process involves the processing of personal information relevant to you as the requestor, InBody BWA does not collect or retain the information that you provide as part of the request process, provided that InBody BWA will retain contact information provided for the purpose of fulfilling your request or otherwise communicating with you in connection with your request. If InBody BWA cannot verify your identity, your request will be denied.

To exercise any of your CPRA rights, please contact us at bwainquiries@inbody.com

 

XI. Your Right to Opt Out of Personal Information Sales

The CPRA adds a new right for California consumers to opt-out of the sale of their personal information to third-parties. InBody BWA will provide you with the ability to manage your privacy preferences. To choose the opt-out selection on your preferences settings, which is available on our websites and applications. If you exercise your right to opt-out of the sale of your personal information to third-parties, InBody BWA shall not ask you to change your decision and you will experience no effect in how InBody BWA provides its services to you or charge you additionally for your decision to restrict InBody BWA’s ability to sell your personal information.

XII. Your Right to Equal Service

The CPRA prohibits businesses from discriminating against California consumers for exercising any of their rights under the CPRA. This means that if you exercise any of your rights under the CPRA as provided under this Policy, InBody BWA shall not:

  1. Deny your goods or services;
  2. Charge you different prices for goods and services than you would have received otherwise; or
  3. Provide different levels of quality of goods or services to you;

XIII. Other Information:

For information regarding InBody BWA’s general privacy practices, some of which may or may not be applicable to you, please visit Inbody BWA’s Privacy Policy page.

XIV. Update

We reserve the right to change and amend any part of the Policy at any time and without prior notice. Details of these updates will be made available to you via InBody BWA’s website(s). InBody BWA advises that you check our websites from time to time to make sure that you agree with any changes and amendments. Your continued use of our Services constitutes your acceptance to this Policy and any updates. This Policy is incorporated into the Terms of Service for End User (if you are an End User) and the Terms of Service for Analysis Facility (if you are a Facility User), along with our standard Privacy Policy for those subjects and topics not covered hereunder.

XV. Contact Information

If you have any questions or comments regarding this Policy, our information handling practices, or any other aspects of your privacy and the security of information, please send an email to bwainquiries@inbody.com or contact us at

 

InBody BWA

Attn: Product Support

bwainquiries@inbody.com
2550 Eisenhower Avenue, Suite C-209
Audubon, PA 194036503

 

You agree and acknowledge that you have read this Policy in its entirety and expressly consent to our collection, use, and disclosure, before accessing or using the Service(s), of your Personal Information in accordance with and subject to the limitations of this Policy.

If you are not of legal age of consent in your jurisdiction, you may not agree to this Policy; only your parent or legal guardian may agree and they further agree and acknowledge to obtain, execute, and deliver to the Analysis Facility the appropriate parental consent and release forms.

NEW YORK CONSUMER PRIVACY POLICY

This New York Consumer Privacy Policy (“Policy”) is applicable only to New York state residents and supplements other privacy policy concerns, terms, and conditions that exist regarding services provided by InBody BWA, Inc., (“InBody BWA”). This Policy covers a variety of New York state privacy laws that have been enacted, including the Stop Hacks and Improve Electronic Security Act (“SHIELD”), the Identity Theft Protection and Mitigation Services Act, and the New York Privacy Act (“NYPA”)(all together, the “Acts”) and describes the rights available to New York consumers of InBody BWA products and regarding their personal information and InBody BWA’s practices regarding the collection, use, disclosure, and sale of personal information, as defined in the Acts. In reviewing this Policy, you are further encouraged to review our other terms and conditions for further information regarding our overall privacy practices, as well as other rights you have under federal law. You agree and understand the following:


I. Your Rights:
  1. The Right to Know: This is your right to know what categories of personal information we collect about you, how we use your personal information, whether we share, disclose, and/or sell your personal information to third parties, and what other rights you may have under the Acts with respect to your personal information.
  2. The Right to Delete: This is your right to request that we delete the personal information we have collected from you and maintain in our systems, subject to certain exceptions that permit us to keep your personal information for specific purposes.
  3. The Right to Access: This is your right to request access to the personal information we have collected about you.
  4. The Right to Opt-Out of Sale: This is your allowing you to opt-out of the sale of your personal information to third parties, if any.
  5. The Right to Equal Service: This is your right to not be retaliated against by InBody BWA in any manner for exercising any of your rights under the Acts or other privacy policy agreements between you and InBody BWA.
  II. The Categories of Personal Information InBody BWA Collects Under the Acts

In the last twelve months, InBody BWA may have collected the following categories of personal information, as defined under the Acts, about New York consumers (for more information on our collection practices, please review our Terms of Service):

  1. Personal Identifiers: real name, alias, postal address, a unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers, including those personal information categories listed in the Acts, which also includes signature, physical characteristics or description, address, telephone number, insurance policy number, education, employment, employment history, bank account number, credit and debit card numbers, any other financial information, medical information, or insurance information.
  2. Protected classification characteristics under New York or federal law: age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex, gender, gender identity, gender expression, pregnancy status, childbirth and related medical conditions, sexual orientation, veteran or military status, genetic information.
  3. Commercial Information: records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  4. Biometric Information: genetic, physiological, behavioral, and biological characteristics, or activity patters used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health or exercise data.
  5. Internet or other similar network activity: browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
  6. Geolocation Data: physical location or movements.
  7. Inferences drawn from other personal information: profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
  III. Sources of the Information We Collect Under the Acts

InBody BWA collects certain personal information about you from a variety of sources in order to provide you with our services, communicate with you and your service facilitator, and provide you with the support you need to use our services. These sources may include:

  1. Information provided by you to InBody BWA directly, such as when you contact or communicate with us, or when you establish a user account.
  2. Information we collect automatically and through your use of InBody BWA’s services and products, including our websites and applications.
  3. Information obtained by third parties, such as your service facilitator.
  4. Information publicly available about you.
  IV. How InBody BWA Uses Your Information

Under the NYPA, InBody BWA is required to act as a data fiduciary to you, exercising the duty of care, loyalty, and confidentiality expected of a fiduciary with respect to your personal information. As such, InBody BWA shall, and shall cause third-party service providers to, act in your best interests in a manner that may be reasonably expected by a reasonable InBody BWA customer under similar circumstances. For information on how InBody BWA uses the information we obtain from you, please review our Terms of Service.

V. Disclosure of Your Information

As mentioned in the InBody BWA Terms of Services, InBody BWA does not sell your personal information to third parties for monetary consideration for any purpose, including advertising. However, InBody BWA may share your personal information, with the following entities for the purpose described below:

  1. Business transfers: InBody BWA may disclose personal information in connection with the sale, merger, sale of assets or reorganization of InBody BWA or its affiliates. In such an event, your information will transfer to the acquiring company. Notice of such a transfer will be provided to you.
  2. Third Parties: InBody BWA has a relationship with third-party service providers including, but not limited to, LookinBody Company and InBody Co., Ltd. They help InBody BWA provide services to you, administer InBody BWA’s business, and design, maintain, improve InBody BWA’s service(s), systems, procedures, protocols, and security.

When we allow our contracted third-party service provider to have access to your personal information, they are permitted to use it only for purposes that are consistent with this Policy. We ensure, through agreements in place, that these third parties have equivalent level of protection established in their organizations for sturdy protection of your information. If a substantial change in our or our associates’ business model occurs, that impacts the use of your information, an updated privacy policy will be provided. Below is the list of some of the third parties that may use your personal information:

  1. Use of Personal Information: By LookinBody Company
    1. To administer and maintain InBody’s servers.
    2. To provide the highest level of support, if needed.
    3. Improve InBody BWA’s content
      1. The collection of personal information also helps create, develop, operate, deliver, and improve services that are provided to you.
      2. To track and respond to safety concerns and to further develop and improve services
    4. LookinBody Company may use the aggregated data, so they can administer and improve our services and websites, analyze trends and gather broad demographic information
      1. The LookinBody Company may also use the aggregated data for various business purposes including research and development.
  2. Use of Personal Information: By InBody Co., Ltd.
    1. InBody Co., Ltd. may share or sell aggregated, de-identified, data that does not identify you, with partners and the public in various of ways, such as by providing research or reports about health and fitness or in connection with contests, challenges or another event. When they provide this information, they perform appropriate procedures so that the data does not identify you.
  3. With Service Providers and Business Partners: InBody BWA works with other companies and individuals to perform services on InBody BWA’s behalf. Any such subcontractor will be under the compliance of 45 CFR § 164.502(b). Examples of providers include data analysis firms, credit card processing companies, customer service and support providers, email and SMS vendors, web hosting and development companies and fulfillment companies. These third parties may be provided with access to your personal information as required to perform functions for InBody BWA, but the use will be subject to contracts and agreements in place that protect the confidentiality of the information.
  4. Law enforcement: InBody BWA may disclose and report to law enforcement agencies information related to activities that InBody BWA reasonably believes to be unlawful, or that InBody BWA reasonably believes may aid a law enforcement investigation into unlawful activity. In addition, InBody BWA reserves the right to release your information to law enforcement agencies if InBody BWA determines, in its sole judgment, that the release of your information may help protect the safety or property of any person or entity.
  5. Required or Permitted by law: InBody BWA may disclose your information to others as required or permitted by law. This may include disclosing your information to governmental entities, including the New York Attorney General, New York Department of State, and the New York Division of State Police, or pursuant to court orders, subpoenas, warrant, summons or similar process.
  6. Protection for InBody BWA and Others: InBody BWA may disclose the information obtained from you when InBody believes it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any individuals, violations of our Terms of Service or this Policy, or as evidence in litigation in which InBody BWA is involved.
  7. To You: Under the Acts, InBody BWA is required to inform you should your personal information be acquired by a third party without your authorization. Should such an acquisition occur, InBody BWA shall inform you within three (3) business days following determination and/or notice of such unauthorized acquisition.

  VI. Unrestricted Use

The Acts does not restrict InBody BWA’s ability to disclose the personal information identified above to third parties for the purposes previously stated and for the following purposes, which include:

  1. Compliance with federal, state, or local laws.
  2. Compliance with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities.
  3. Cooperation with law enforcement agencies concerning conduct or activity that InBody BWA, a service provider, or third party reasonably and in good faith believes may violate federal, state, or local law.
  4. Exercise or defense of legal claims.
  5. Collection, use, retention, sale, or disclosure of consumer information that is deidentified or aggregated consumer information.
  6. Collection or sale of consumers’ personal information if every aspect of that commercial conduct takes place wholly outside of New York.

  VII. Protecting Your Personal Information

Under the Acts, InBody BWA is required to implement certain security measures when processing and/or storing your personal information and maintain reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of your personal information, including:

  1. Designation of an IT Security Coordinator;
  2. Identifying or causing the identification of reasonably foreseeable internal and external data security risks;
  3. Regular and routine assessments of the sufficiency of InBody BWA’s data security safeguards, network and software design, information processing, transmission, storage and disposal;
  4. Regular and routine employee training and management regarding security program practices and procedures;
  5. Contracting with and managing service providers capable of maintaining appropriate safeguards to InBody BWA’s data security, and auditing the same;
  6. Ensure that InBody BWA’s policies and procedures remain flexible and able to change to shifting circumstances in the law or otherwise;
  7. Ensure that InBody BWA is capable of detecting, preventing, and responding to system failures and third-party threat actors, intrusions, and other unauthorized access attempts; and
  8. Dispose of your personal information within a reasonable amount of time following your request or after it is no longer needed for our business purposes.

  VIII. Your Right to Know the Personal Information Obtained About You

The Acts requires that, upon request, InBody BWA must provide you the following information:

  1. The categories of personal information obtained from you.
  2. The categories of sources from which the personal information is obtained.
  3. The business and/or commercial purpose for collecting, disclosing, or selling, if applicable, the personal information.
  4. The categories of third parties with whom InBody BWA has shared your personal information.
  5. The specific pieces of personal information obtained from you.

This is known as your “right to know” under the Acts.

  IX. Your Right to Request Access to the Personal Information Obtained About You

The Acts requires InBody BWA to provide you with access to the actual personal information collected about you during the course of the preceding twelve months; this is known as your “right to access” under the Acts.

The Acts requires InBody BWA to comply with up to two access requests during a single twelve-month period, which are subject to limitations for manifestly unfounded or excessive requests.

In addition, there are certain categories of personal information that InBody BWA may not return to you in response to your access request due to the inherently sensitive nature of such information which could create a substantial, articulable, and unreasonable risk to the security of that personal information. This includes your Social Security number, driver’s license number, or other government-issues identification number, financial account number, health insurance or medical identification number, account password, or security questions and answers.

  X. Your Right to Request Deletion of Personal Information Obtained About You

If you wish to request InBody BWA to delete the personal information obtained about you, subject to a verifiable consumer request, InBody BWA will delete your personal information from InBody BWA’s systems, barring exception. Service providers and third parties with whom InBody BWA has shared your personal information will be notified.

However, in addition to certain applicable terms and conditions pertaining to deletion of information as found in the InBody BWA Terms of Service, your deletion request is subject to certain exceptions which InBody BWA may rely on where it is necessary for the company to retain personal information in order to:

  1. Complete the transaction for which the personal information was collected, provide a product or service requested by you, or reasonably anticipated, within the context of InBody BWA’s ongoing business relationship with you, or other wise perform an agreement between InBody BWA and yourself.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for that activity.
  3. Identify and repair errors that impair existing intended service functionalities.
  4. Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
  5. Comply with the Acts, as applicable.
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws when such deletion of information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent.
  7. To enable solely internal uses that are reasonably aligned with the expectations of the consumer, as based upon the consumer’s existing relationship to InBody BWA.
  8. Comply with a legal obligation.
  9. Otherwise use the personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

Should any of these exceptions apply, InBody BWA is not required to delete your personal information. In the event that your request is denied based on any of these exceptions, InBody BWA will inform you, in writing, of the reason.

  XI. Submitting a Request

Given the sensitive nature of the information under the Acts and as proscribed by the law itself, it is essentially that InBody BWA verify your identity in order to process your request, whether it is for access or deletion of your personal information. While the identity verification process involves the processing of personal information relevant to you as the requestor, InBody BWA does not collect or retain the information that you provide as part of the request process, provided that InBody BWA will retain contact information provided for the purpose of fulfilling your request or otherwise communicating with you in connection with your request. If InBody BWA cannot verify your identity, your request will be denied.

To exercise any of your Acts rights, please contact us at info.us@inbody.com.

XII. Your Right to Opt Out of Personal Information Sales

The Acts adds a new right for New York consumers to opt-out of the sale of their personal information to third-parties. InBody BWA will provide you with the ability to manage your privacy preferences. To choose the opt-out selection on your preferences settings, which is available on our websites and applications. If you exercise your right to opt-out of the sale of your personal information to third-parties, InBody BWA shall not ask you to change your decision and you will experience no effect in how InBody BWA provides its services to you or charge you additionally for your decision to restrict InBody BWA’s ability to sell your personal information.

  XIII. Your Right to Equal Service

The Acts prohibits businesses from discriminating against New York consumers for exercising any of their rights under the Acts. This means that if you exercise any of your rights under the Acts as provided under this Policy, InBody BWA shall not:

  1. Deny you goods or services;
  2. Charge you different prices for goods and services than you would have received otherwise; or
  3. Provide different levels of quality of goods or services to you;

XIV. Other Information:

For information regarding InBody BWA’s general privacy practices, some of which may or may not be applicable to you, please visit Inbody BWA’s Privacy Policy page.

  XV. Update

We reserve the right to change and amend any part of the Policy at any time and without prior notice. Details of these updates will be made available to you via InBody BWA’s website(s). InBody BWA advises that you check our websites from time to time to make sure that you agree with any changes and amendments. Your continued use of our Services constitutes your acceptance to this Policy and any updates. This Policy is incorporated into the Terms of Service for End User (if you are an End User) and the Terms of Service for Analysis Facility (if you are a Facility User), along with our standard Privacy Policy for those subjects and topics not covered hereunder.