General

InBody Oceania Pty Ltd (“InBody”, “we”, “us”, “our”), a company incorporated in the Commonwealth of Australia, and its related entities are committed to protecting your privacy and the security of your personal information. This Privacy Policy outlines how we collect, use, disclose, store, and secure personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”).

This Policy applies to the following:

– Our website: https://au.inbody.com

– Body composition analysis devices (“Products”)

– Associated consulting and health services (“Services”)

InBody Co., Ltd, the manufacturer of InBody Products, is headquartered at InBody Bldg, 625 Eonju-ro, Gangnam-gu, Seoul, 06106 South Korea (hereinafter referred to as “InBody HQ”). InBody HQ collects and processes your personal data in connection with your use of the InBody Digital Platforms, which include our websites aus.lookinbody.com, apiaus.lookinbody.com, apiind.lookinbody.com, and our mobile applications, including the InBody App. (collectively referred to as the “Digital Platforms”). Use of the Digital Platforms is subject to InBody HQ’s own Privacy Policy, which can be accessed directly within the respective Digital Platform interfaces.  

By using our Products and Services, you agree to the terms of this Privacy Policy.

Collection of Personal Information

We only collect personal information with your consent and when it is reasonably necessary for our functions or activities. This may include:

  • Full Name
  • Contact Details (email, phone number, address)
  • Date of Birth
  • Organisation/Employer
  • Login credentials for your account

You can choose not to provide personal information; however, this may limit your ability to access certain Services.

Collection of Sensitive (Health) Information

We may collect sensitive health information with your express consent, including:

  • Height, Weight, Body Composition Data
  • Medical History Relevant to our Services

The only health information collected by us is what has been provided by you voluntarily and where such information is reasonably necessary for us to use the Products and/or Services. You may choose not to provide such information. Note, however, that such information is vital and necessary for us to carry out the use of the Products and/or Services, and that failure to do so by you may result in InBody or Facility Providers being unable to facilitate or provide you with the use of the Products and/or Services. Sensitive information is handled in accordance with APP 3 and APP 6, ensuring a higher standard of protection.

We will only keep your personal information for as long as is necessary for the purpose for which it was collected, subject to satisfying any legal, accounting or reporting requirements. At the end ofa ny retention period, your personal information will either be destroyed or de-identified (for example, by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning).

Cookies and Passive Data Collection

When you visit or use our Website, Services, or Digital Platforms, we may use cookies and similar technologies (e.g. web beacons, tracking pixels, local storage) to collect certain information about your interaction with our Services. This information may include:

  • Device type and browser type
  • IP address and location data
  • Pages visited and time spent on site
  • Search queries and referring pages
  • Preferences and settings

Cookies are small data files stored on your device when you visit a website. They help us:

  • Recognise your browser or device
  • Maintain secure logins
  • Track preferences and interactions
  • Improve functionality and user experience
  • Deliver targeted advertising (where permitted)

Most web browsers are set to accept cookies by default. You can manage or disable cookies via your browser settings. Disabling cookies may affect functionality. You can also opt out of certain cookies via third-party tools like Google Ads Settings, YourAdChoices, and the Network Advertising Initiative.

Use and Disclosure of Personal Information

Your personal information is used for purposes including:

  • Providing and improving our Services
  • Health assessments and recordkeeping
  • Customer support and feedback
  • Marketing (with your consent)
  • Analytics and service improvement
  • Legal compliance and fraud prevention

Health information is protected by stricter privacy requirements under Australian law. We only collect, use, or disclose your health information when it is necessary to provide our Services or when we are legally required to do so.

In order to deliver the Services you require for the purposes set out above, we may disclose your personal information to:

  • InBody’s related entities and affiliates
  • Facility Providers or Health Professionals
  • External IT Service Providers
  • Third parties where required or permitted by law

Your personal information may be disclosed to these organisations only in relation to this Site, and We will take reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of your personal information. We do not sell your personal information to third parties.

Cross-Border Disclosure

Your personal information may be transferred to, or stored in, jurisdictions outside Australia, including Singapore and South Korea, for processing and storage.

We take reasonable steps to ensure overseas recipients handle your information in a manner consistent with the APPs, but you acknowledge and consent that APP 8.1 may not apply to these disclosures.

Health information is subject to greater privacy policy protections under Australian law. If it becomes necessary to disclose your health information across borders in order to provide our Services, we will do so only where the receiving country offers privacy safeguards comparable to those in Australia.

By using our Services, you expressly consent to overseas disclosure as described above.

Direct Marketing

We will only send you marketing communications where you have given consent or where legally permitted. You may opt out at any time by:

  • Clicking the unsubscribe link in any electronic message
  • Emailing us at privacy2@inbody.com

Access and Correction

You have the right to access and request correction of your personal information. To make a request, email us at privacy2@inbody.com.

We will respond within a reasonable timeframe and may charge a fee for providing access (not for making a request).

Anonymity and Pseudonymity

Where lawful and practical, you may remain anonymous or use a pseudonym when dealing with us. However, this may affect our ability to provide the Services.

Security

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. The information is stored on secure servers that are protected in the facilities contracted with us. Employees of InBody or Facility Providers and data processors are obliged to respect the confidentiality of any personal information held by us. We take all reasonable measures to ensure the security of your personal and health information and prevent any unauthorised use or disclosure. In our business, personal information may be stored both electronically (on our computer systems and with our website hosting provider) and in hard-copy form. Firewalls, anti-virus software and email filters, as well as passwords, protect all of our electronic information. Likewise, we take all reasonable measures to ensure teh security of hard-copy information. However, internet-based communications carry inherent risks, and we cannot guarantee absolute security.

From 2024, we are required to implement both technical and organisational measures, such as encrypting data, securing system and premises access, and providing staff training, in order to comply with evolving security standards.

Additional Information for EU and UK Users (GDPR Compliance)

If you are located in the European Union (EU) or United Kingdom (UK), the General Data Protection Regulation (EU) 2016/679 (GDPR) or UK GDPR applies to the processing of your personal data. InBody is committed to complying with these regulations when applicable.

Legal Basis for Processing:

We only process you personal data when we have a lawful basis under the GDPR, such as:

  • Your consent (e.g. marketing communications, use of health data)
  • Performance of a contract (e.g. to provide Services)
  • Compliance with legal obligation
  • Legitimate interests (e.g. to improve Services, security)
  • Vital interests (e.g. for health or safety)

You may withdraw your consent at any time by contacting us at privacy2@inbody.com.

Your Rights Under GDPR:

  • Right to access
  • Right to rectification
  • Right to erasure (right to be forgotten)
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right now to be subject to automated decision-making

To exercise your rights, email privacy2@inbody.com. We will respond within one month.

International Data Transfers:

If we transfer your personal data outside the EU/UK (e.g. to servers in Singapore or South Korea), we ensure appropriate safeguards are in place, such as adequacy decisions, Standard Contractual Clauses (SCCs), or other mechanisms.

Children and Parental Consent

If you are under 18, we require both your consent and that of a parent or guardian to collect, use or disclose your personal information.

Parents or guardians can:

  • Review their child’s personal information
  • Request deletion or restriction of further use

Contact us at privacy2@inbody.com for such requests.

Third-Party Links

Our Services may contain links to third-party websites or applications. We are not responsible for their privacy practices, and you should review their policies separately.

Data Breaches

A data breach occurs when there is unauthorised access disclosure of personal information held by the Branch, or when personal information is lost. Data breaches can occur due to malicious action (e.g. hackers), human error, or a failure information handling or security systems.

In the event of a data breach, we will take all reasonable steps to reduce the risk of harm to affected individuals. These steps may include recovering or securing the information and notifying those affected.

If a data breach is likely to result in serious harm, we will notify affected individuals in accordance with the Notifiable Data Breaches (NDB) scheme under Australian privacy law.

Notifications

If, despite remedial actions, the Privacy Officer has reasonable grounds to believe there is an eligible data breach, we will notify the affected individuals and the Office of the Australian Information Commissioner. A notification must contain our contact details, a description of the breach, the information concerned and recommended steps for individuals. If it is impractical to contact the affected individuals, we will take all reasonable steps to publicise a statement about the data breach.

Complaints and Enquiries

If you have concerns about how we handle your personal information, contact us at:

Email: privacy2@inbody.com

We take complaints about health information seriously. Complaints relating to your health information will be acknowledged within 5 business days and resolved within 10 business days from the date of acknowledgement, wherever reasonably possible.

Office of the Australian Information Commissioner (OAIC)

GPO Box 5218, Sydney NSW 2001

Phone: 1300 363 992

Website: www.oaic.gov.au

Contact Details

Privacy Officer – InBody Oceania Pty Ltd

Tel: +61 07 5681 1900

Email: privacy2@inbody.com

Unit 2/82-86 Minnie Street

Southport, Queensland 4215