InBody Privacy Policy

InBody (hereinafter, “the Company”) complies with personal information protection regulations; and does its best to protect user rights by establishing privacy policies for its body composition analysis system, InBody, and its website LookinBody Web, web-site* and InBody Mobile Application (collectively, “Web Services”).

*web-site : www.inbody.com, www.inbodyusa.com, https://nl.inbody.com, www.inbodyasia.com, www.inbody.com/jp, http://www.inbody.com/cn, http://www.inbody.in

It is not mandatory for users to provide their personal information and the user has the right to withhold their consent to the collection of their personal information. However, by opting not to provide personal information, certain features may not be available to users, the user’s experience may be negatively affected, and users may not be able to receive support services from the Company.

* Malaysia : For the purpose of the this Privacy Policy, the terms “personal data”, “sensitive personal data”, and “process” shall have the meaning ascribed to it in the Personal Data Protection Act 2010 of Malaysia.

  1. Types of Personal Information Collected and Methods of Collection
  2. Collection of Personal Information and Purpose of Use
  3. Sharing and Provision of Personal Information
  4. Consigned Handling of Personal Information
  5. Retention and Usage Periods of Personal Information
  6. Procedure and Methods of Destruction of Personal Information
  7. Rights of Users and Legal Attorneys and Methods of Exercising the Rights
  8. Matters Concerning Installation/Operation of Automatic Personal Information Collecting Mechanism and Refusal Thereof
  9. Technical/Administrative Measures for Protection of Personal Information
  10. Personal Information Manager and Officers
  11. Duty of Notification

1. Types of Personal Information Collected and Methods of Collection

A. Types of Personal Information Collected

Firstly, the Company collects the following personal information through ‘Input mobile no.’, ‘Input ID’, ‘Input height’, ‘Input Gender’ or ‘Input age’ during body composition analysis using InBody, or the initial ‘Sign Up’ in LookinBody Web. This facilitates provision of various services such as member sign-up and efficient customer care.

<All InBody Models>
– Required : Height, Weight, Body composition analysis results
– Optional : Mobile number, Age, Gender
<LookinBody Web>
– Required : Gender, Date of birth, Height
– Optional : Name, Body composition analysis results, Address, E-mail address, Medical history, Mobile number

Secondly, during use of LookinBody Web services or during operation of the business, the following types of information may be generated and collected automatically.

– IP address, cookie, date visited, service usage log, error log

Thirdly, information may be collected only from users of additional services, customized services, or services to which the users have given consent to additional personal information collection during the process of participating in promotional events.

* Malaysia :
(1) LookinBody Web

With regards to LookinBody Web, the Company processes the following personal information of users:

– Personal Information : Name, Email address, Address and zip code, Mobile number, Company name, Height, Weight, Age, Gender, Date of birth and other forms of personal data while rendering additional or customized services to users, which users have consented to providing to the Company.

– Sensitive Personal Information
The Company also processes sensitive personal data of users, as set out below : Body composition analysis results, Medical history

Users provide their explicit consent to the processing of their sensitive personal data, with the understanding that the provision of the above sensitive personal data is necessary for the Company to provide the body composition analysis service.

(2) inbodyasia.com

With regards to inbodyasia.com, the Company processes the following personal information of users:

– Personal Information : Name, Email address, Phone number, and any other personal information disclosed by users in the “Contact Us” page of inbodyasia.com.

(3) InBody Mobile Application

With regards to the InBody Mobile Application, the Company processes the following personal information of users:

– Personal Information : Name, Email address, Mobile number, Height, Weight, Age, Gender and other forms of personal data while rendering additional or customized services to users, which users have consented to providing to the Company.

– Non-personally identifiable information The Company processes the non-personally identifiable data through the Web Services below : IP address;, Cookie, Date visited, Service usage log and Error log.

B. Methods of Collecting Personal Information

The Company collects personal information using the following methods.

<All InBody Models>
– Personal information is collected using ‘Input mobile no.’, ‘Input ID’, ‘Input height’, ‘Input Gender’ or ‘Input age’ during InBody test.
<LookinBody Web>
– Personal information is collected during the sign-up process in LookinBody Web
* Malaysia :

The Company collects personal information in the following ways:

– When users are asked to input their personal data in the course of using the body composition analysis system;

– When users sign up for the Web Services;

– When users contact the Company, send feedback to the Company, post material on the Web Services, complete customer surveys or participate in competitions.

C. Location of Storage

All collected personal information from European Economic Area (EEA), UK, Switzerland, Ukraine only will be stored on a server located in The Netherlands and will not be transported outside of the EEA. All personal information collected from Malaysia will be stored on servers located in Malaysia and Singapore. Other countries will be stored on a server located in each countries.

2. Collection of Personal Information and Purpose of Use

The Company collects personal information from users for the following purposes:

A. Provision of Service

Provision of content, provision of specific customized services, delivery of goods or sending of bills, etc., identity authentication, purchasing and payment processing, collection of fees

B. Member Management

Identity authentication for use of membership-based services or limited identity authentication programs, personal identification, prevention of unauthorized use or abuse by defective members, confirmation of sign-up intent, restriction of sign-up or sign-up attempts, recordkeeping for dispute resolution, handling of complaints and delivery of notices

C. Use for Development of New Services and Marketing/Advertisements

Development of new services and provision of customized services, provision of services based on statistical characteristics, validation of services, provision of information on promotional events and provision of opportunity to participate, assessing access frequency, statistics on service usage by members

* Malaysia :
D. General Purposes

Monitoring and recording communications (such as telephone conversations and e-mail) for the purpose of improving the quality of the Company’s services, to send users newsletters when users have subscribed for the Company’s newsletter, to comply with the Company’s regulatory and corporate governance obligations, gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests, operational reasons such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information, investigating complaints and allegations of criminal offenses, providing customer service, and to give effect to the commercial transactions between the Company and the users.

3. Sharing and Provision of Personal Information

The Company uses personal information of users within the scope notified in “2. Collection of Personal Information and Purpose of Use” does not use any personal information beyond the above mentioned scope, or disclose any personal information of users to third parties without prior consent of the user. However, the exceptions apply under the following circumstances:

– the user has given prior consent to such disclosure;

– there is a request from an investigational agency pursuant to provisions of laws or through procedures and methods stipulated in laws for investigational purposes; or

– there is a request for personal information from a government agency for providing various services.

* Malaysia :

– there is a need to disclose personal information of users to the Company’s contracted third-party service providers and vendors.

The Company may also disclose personal information of users to:

– other Companies within the InBody group;

– service providers, institutions, or commercial organizations that are collaborating with the Company;

– a third party who acquires the Company or substantially all of the Company’s assets, in which case the personal data shall be one of the acquired assets; and

– other software providers users may request to give users access to users’ InBody device data.

4. Consigned Handling of Personal Information

The Company may consign entry of personal information to personal information processing officers at sites where the program is used. Such officers shall receive adequate training to ensure that the personal information stored is not lost, stolen, leaked, altered, or damaged.

5. Retention and Usage Periods of Personal Information

By general rule, personal information of users is destroyed once its purpose of collection and usage is achieved. However, the following information may be retained for the periods stated for given reasons.

A. Reasons for Retention of Information Based on Company’s Internal Policy

– Recordkeeping of information abuse

* Reason for retention: Prevention of abuse

* Period of retention: 1 year

B. Reasons for Retention of Information Pursuant to Relevant Laws

When retention is required by provisions of relevant laws such as the Commercial Act and the Act on the Consumer Protection in Electronic Commerce, etc., the Company retains member information for a specific period, as stipulated in relevant laws. In such a case, the Company uses the information retained only for the purpose of such retention for the following retention periods.

– Recordkeeping on website access

* Reasons for retention: Protection of Communications Secrets Act

* Period of retention: 3 months

– Records on identity authentication

* Reasons for retention: Act on Promotion of Information and Communications Network Utilization and Information

– Protection, etc.

* Period of retention: 6 months

– Records on consumer complaints and dispute resolution

* Reasons for retention: Act on the Consumer Protection in Electronic Commerce, etc.

* Period of retention: 3 years

* Malaysia :

– Compliance with legal and regulatory obligations

* Reasons for retention: To comply with the obligations under law imposed on the Company

* Period of retention: 6 years

6. Procedure and Methods of Destruction of Personal Information

By general rule, personal information of users is destroyed once its purpose of collection and usage is achieved. Procedures and methods used by the Company to destroy personal information are as follows.

A. Procedure of Destruction

* Once the purpose of the information is achieved, information entered by the user for member sign-up, etc. is moved to a separate database (separate cabinet in case of information on paper), stored for a specific period in accordance with internal policy and reasons for information protection pursuant to other relevant laws, and destroyed.

* Such personal information is not used for purposes, other than as stipulated in purpose of retention, unless required by law.

B. Method of Destruction

* Personal information printed on paper is destroyed by using a shredder or by incineration.

* Personal information stored in electronic file formats is erased beyond recovery using technical means.

7. Rights of Users and Legal Attorneys and Methods of Exercising the Rights

The user or their legal attorney may, at any time, view and edit registered personal information of the user or the child concerned under the age of 16* and may request for cancelation of membership.

The user may click ‘Edit Personal Information’ (or ‘Edit User Information’, etc.) to view and edit personal information of the user or the child concerned under the age of 16; and may click ‘Cancel Membership’ to cancel membership (withdraw consent). Once the user completes the identity authentication process, they will be able to view and edit the information or cancel membership on their own.

* The child who require parental consent from EU membership ;

– under the age of 13 : Belgium, Denmark, Estonia, Finland, Latvia, Malta, Portugal, Sweden,

– under the age of 14 : Austria, Bulgaria, Cyprus, Italy, Lithuania, Spain

– under the age of 15 : Czech, France

– under the age of 16 : Croatia, Germany, Greece, Hungary, Ireland, Luxembourg, Holland, Poland, Romania, Slovakia, Slovenia

* The child who require parental consent from California ;
– under the age of 18

* The child who require parental consent from China ;
– under the age of 14

* The above is as of October 2019 and may change afterwards.

Alternatively, the user may contact the Personal Information Manager in writing, by phone, or email for immediate action. Once the user has made a request for correction of errors in personal information, such information shall not be used or provided until the corrections are made. Also, if incorrect personal information is already provided to a third party, the Company shall immediately notify the third party of the correction processing results so that the necessary corrections are made. The Company processes personal information of users which has been canceled, deleted by request of the user, or legal attorney in accordance with provisions of “5. Retention and Usage Periods of Personal Information” ensures that the personal information is not viewed or used for other purposes.

* Malaysia : Users have the option of unsubscribing from the Company’s newsletter and from receiving marketing and advertising-related emails from the Company.

8. Matters Concerning Installation/Operation of Automatic Personal Information Collection

Mechanism and Refusal Thereof In order to provide personalized and customized services, the Company uses ‘cookies’ to save and frequently load the user’s information. A cookie is a very small text file sent from the server, which is used to run the website, to the user’s web browser. The cookie is stored on the hard disk of the user’s computer.

A. Purpose of Using Cookies

* Cookies are used for analyzing the user’s visit and usage patterns, etc. of various services offered on lookinbody.com and other websites, to facilitate the provision of information, optimized for each user.

B. Declination to Installation/Operation of Cookies

* The user has the right over the installation of cookies. Therefore, the user can accept all cookies, require prompt each time a cookie is saved, or reject all cookies by setting options on their web browser.

* Note, however, that if cookies are not accepted, the user may experience difficulty in using some of the services on nld.lookinbody.com which require signing in.

* Configuring cookie installation settings (on Internet Explorer)

  • ① On the [Tools] menu, select [Internet options].
  • ② Click the [Privacy] tab.
  • ③ Adjust the [Settings].

9. Technical/Administrative Measures for Protection of Personal Information

In handling personal information of users, the Company employs the following technical/administrative measures to secure safety of personal information against displacement, theft, leaks, unwanted alterations or damage.

A. Encryption of Personal Information

The user’s password, stored and managed in encrypted forms, is only known to the user. Therefore, the password of a user can only be viewed and changed by the user who knows the password. Additionally, mobile numbers, dates of birth, etc. are encrypted to prevent information leaks and amendments to personal information.

B. Measures against Hacking, etc.

The Company does its best to prevent leaks and damage of personal information of the user via hackers, computer virus, etc. The Company regularly backs up the data to minimize damage of personal information, uses latest anti-virus software to prevent leaks and damage of personal information and data of users; and uses encrypted communications, etc. for safe transmission of personal information on networks. The Company also uses an intrusion prevention system to limit unauthorized access from outsiders and makes an effort to employ all possible technical mechanisms to ensure security of the system.

C. Persons Handling Personal Information

The Company limits handling of personal information to persons, specifically assigned to the task, who are assigned with separate passwords that are regularly updated for such purpose. Frequent training is provided to persons handling personal information to emphasize the importance of compliance with the Privacy Policy, at all times.

D. Operation of Dedicated Organization for Personal Information Protection

The Company employs a dedicated organization for personal information protection, etc. to monitor implementation of the Privacy Policy; compliance of persons in charge; and to immediately correct and rectify any issues identified.

However, the Company shall not be liable for any issues caused by personal information leaks such as mobile numbers and passwords due to the user’s negligence or other Internet-related problems.

11. Duty of notification

If ever a legal attorney requests insight into, alteration or removal of the personal data of the subject as mentioned under “7. Rights of Users and Legal Attorneys and Methods of Exercising the Rights”, the Company shall notify the subject in writing before complying to this request. The company shall report to the supervisory authority within 72 hours from the time it becomes aware of the infringement of personal information in the event of an infringement that may pose a risk to the rights and freedoms of individuals. The data subject must be notified of the infringement without under delay.

However, if there is a low possibility that the infringement of personal information poses a risk to the individual’s freedom and rights, the notification may not be made. If the report to the supervisory body is not made within 72 hours, the reason for the delay must be reported together.

This Privacy Policy was last updated 29 May 2021.

* Malaysia :

We reserve the right to update and make amendments to this Privacy Policy from time to time. In the event we update or amend this Privacy Policy, we will inform users by posting the updated Privacy Policy on the Web Services. In the event we update or amend this Privacy Policy, the updated or amended terms will only apply to personal data that is collected from the date of this Privacy Policy is updated or amended.

To comply with Section 7(3) of the Personal Data Protection Act 2010 of Malaysia, a simplified Personal Data Notice based on this Privacy Policy is made available to users in Bahasa Malaysia. In the event of any inconsistencies between the Personal Data Notice and this Privacy Policy, the terms of this Privacy Policy shall prevail.

This Privacy Policy was last updated 31, May 2021.