InBody Oceania Pty Ltd (“InBody”, “we”, “us”, “our”), a company incorporated in the Commonwealth of Australia, and its related entities are committed to protecting your privacy and the security of your personal information. This Privacy Policy outlines how we collect, use, disclose, store, and secure personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”).
This Policy applies to the following:
InBody Co., Ltd, the manufacturer of InBody Products, is headquartered at InBody Bldg, 625 Eonju-ro, Gangnam-gu, Seoul, 06106 South Korea (hereinafter referred to as “InBody HQ”). InBody HQ collects and processes your personal data in connection with your use of the InBody Digital Platforms, which include our websites aus.lookinbody.com, apiaus.lookinbody.com, apiind.lookinbody.com, and our mobile applications, including the InBody App. (collectively referred to as the “Digital Plaforms”). Use of the Digital Platforms is subject to the Privacy Policy accessible directly within the respective Digital Platform interfaces.
By using our Products and Services, you agree to the terms of this Privacy Policy.
We only collect personal information with your consent and when it is reasonably necessary for our functions or activities. This may include:
You can choose not to provide personal information; however, this may limit your ability to access certain Services.
We may collect sensitive health information with your express consent, including:
The only health information collected by us is what has been provided by you voluntarily and where such information is reasonably necessary for us to use the Products and/or Services. You may choose not to provide such information. Note, however, that such information is vital and necessary for us to carry out the use of the Products and/or Services, and that failure to do so by you may result in InBody or Facility Providers being unable to facilitate or provide you with the use of the Products and/or Services. Sensitive information is handled in accordance with APP 3 and APP 6, ensuring a higher standard of protection.
We will only keep your personal information for as long as is necessary for the purpose for which it was collected, subject to satisfying any legal, accounting or reporting requirements. At the end of any retention period, your personal information will either be destroyed or de-identified (for example, by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning).
When you visit or use our Website or Services, we may use cookies and similar technologies (e.g. web beacons, tracking pixels, local storage) to collect certain information about your interaction with our Services. This information may include:
Cookies are small data files stored on your device when you visit a website. They help us:
Most web browsers are set to accept cookies by default. You can manage or disable cookies via your browser settings. Disabling cookies may affect functionality. You can also opt out of certain cookies via third-party tools like Google Ads Settings, YourAdChoices, and the Network Advertising Initiative.
Your personal information is used for purposes including:
Health information is protected by stricter privacy requirements under Australian law. We only collect, use, or disclose your health information when it is necessary to provide our Services or when we are legally required to do so.
In order to deliver the Services you require for the purposes set out above, we may disclose your personal information to:
Your personal information may be disclosed to these organisations only in relation to this Site, and We will take reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of your personal information. We do not sell your personal information to third parties.
Your personal information may be transferred to, or stored in, jurisdictions outside Australia, including Singapore and South Korea, for processing and storage.
We take reasonable steps to ensure overseas recipients handle your information in a manner consistent with the APPs, but you acknowledge and consent that APP 8.1 may not apply to these disclosures.
Health information is subject to greater privacy policy protections under Australian law. If it becomes necessary to disclose your health information across borders in order to provide our Services, we will do so only where the receiving country offers privacy safeguards comparable to those in Australia.
By using our Services, you expressly consent to overseas disclosure as described above.
We will only send you marketing communications where you have given consent or where legally permitted. You may opt out at any time by:
You have the right to access and request correction of your personal information. To make a request, email us at privacy2@inbody.com.
We will respond within a reasonable timeframe and may charge a fee for providing access (not for making a request).
Where lawful and practical, you may remain anonymous or use a pseudonym when dealing with us. However, this may affect our ability to provide the Services.
We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. The information is stored on secure servers that are protected in the facilities contracted with us. Employees of InBody or Facility Providers and data processors are obliged to respect the confidentiality of any personal information held by us. We take all reasonable measures to ensure the security of your personal and health information and prevent any unauthorised use or disclosure. In our business, personal information may be stored both electronically (on our computer systems and with our website hosting provider) and in hard-copy form. Firewalls, anti-virus software and email filters, as well as passwords, protect all of our electronic information. Likewise, we take all reasonable measures to ensure the security of hard-copy information. However, internet-based communications carry inherent risks, and we cannot guarantee absolute security.
From 2024, we are required to implement both technical and organizational measures, such as encrypting data, securing system and premises access, and providing staff training, in roder to comply with evolving security standards.
If you are located in the European Union (EU) or United Kingdom (UK), the General Data Protection Regulation (EU) 2016/679 (GDPR) or UK GDPR applies to the processing of your personal data. InBody is committed to complying with these regulations when applicable.
We only process your personal data when we have a lawful basis under the GDPR, such as:
You may withdraw your consent at any time by contacting us at privacy2@inbody.com.
To exercise your rights, email privacy2@inbody.com. We will respond within one month.
If we transfer your personal data outside the EU/UK (e.g. to servers in Singapore or South Korea), we ensure appropriate safeguards are in place, such as adequacy decisions, Standard Contractual Clauses (SCCs), or other mechanisms.
If you are under 18, we require both your consent and that of a parent or guardian to collect, use or disclose your personal information.
Parents or guardians can:
Contact us at privacy2@inbody.com for such requests.
Our Services may contain links to third-party websites or applications. We are not responsible for their privacy practices, and you should review their policies separately.
A data breach occurs when there is unauthorised access or disclosure of personal information held by the Branch, or when personal information is lost. Data breaches can occur due to malicious action (e.g., hackers), human error, or a failure in information handling or security systems.
In the event of a data breach, we will take all reasonable steps to reduce the risk of harm to affected individuals. These steps may include recovering or securing the information and notifying those affected.
If a data breach is likely to result in serious harm, we will notify affected individuals in accordance with the Notifiable Data Breaches (NDB) scheme under Australian privacy law.
If, despite remedial actions, the Privacy Officer has reasonable grounds to believe there is an eligible data breach, we will notify the affected individuals and the Office of the Australian Information Commissioner. A notification must contain our contact details, a description of the breach, the information concerned and recommended steps for individuals. If it is impractical to contact the affected individuals, we will take all reasonable steps to publicise a statement about the data breach.
If you have concerns about how we handle your personal information, contact us at: Email: privacy2@inbody.com
We take complaints about health information seriously. Complaints relating to your health information will be acknowledged within 5 business days and resolved within 10 business days from the date of acknowledgement, wherever reasonably possible.
Office of the Australian Information Commissioner (OAIC)
GPO Box 5218, Sydney NSW 2001
Phone: 1300 363 992
Website: www.oaic.gov.au
Privacy Officer – InBody Oceania Pty Ltd
Tel: +61 07 5681 1900
Email: privacy2@inbody.com
Unit 2 82/86 Minnie St,
Southport QLD 4215
