Privacy Policy

InBody (hereinafter, “the Company”) complies with personal information protection regulations; and does its best to protect user rights by establishing privacy policies for its body composition analysis system, InBody, and its website LookinBody Web, web-site* and InBody Mobile Application (collectively, “Web Services”).

*web-site : www.inbody.com, www.inbodyusa.com, https://nl.inbody.com, www.inbodyasia.com, www.inbody.com/jp, http://www.inbody.com/cn, http://www.inbody.in

It is not mandatory for users to provide their personal information and the user has the right to withhold their consent to the collection of their personal information. However, by opting not to provide personal information, certain features may not be available to users, the user’s experience may be negatively affected, and users may not be able to receive support services from the Company.

* Malaysia : For the purpose of the this Privacy Policy, the terms “personal data”, “sensitive personal data”, and “process” shall have the meaning ascribed to it in the Personal Data Protection Act 2010 of Malaysia.

InBody’s Privacy Policy covers the following matters:

1. Types of Personal Information Collected and Methods of Collection
2. Collection of Personal Information and Purpose of Use
3. Sharing and Provision of Personal Information
4. Consigned Handling of Personal Information
5. Retention and Usage Periods of Personal Information
6. Procedure and Methods of Destruction of Personal Information
7. Rights of Users and Legal Attorneys and Methods of Exercising the Rights
8. Matters Concerning Installation/Operation of Automatic Personal Information Collecting Mechanism and Refusal Thereof
9. Technical/Administrative Measures for Protection of Personal Information 10. Personal Information Manager and Officers
11. Duty of Notification

1. Types of Personal Information Collected and Methods of Collection

A. Types of Personal Information Collected Firstly, the Company collects the following personal information through ‘Input mobile no.’, ‘Input ID’, ‘Input height’, ‘Input Gender’ or ‘Input age’ during body composition analysis using InBody, or

the initial ‘Sign Up’ in LookinBody Web. This facilitates provision of various services such as member sign-up and efficient customer care. <All InBody Models>

– Required : Height, Weight, Body composition analysis results

– Optional : Mobile number, Age, Gender

<LookinBody Web>

– Required : Gender, Date of birth, Height

– Optional : Name, Body composition analysis results, Address, E-mail address, Medical history, Mobile number

Secondly, during use of LookinBody Web services or during operation of the business, the following types of information may be generated and collected automatically.

– IP address, cookie, date visited, service usage log, error log

Thirdly, information may be collected only from users of additional services, customized services, or services to which the users have given consent to additional personal information collection during the process of participating in promotional events. <InBody Touch>

– Required : email adress

* Malaysia :

(1) LookinBody Web

With regards to LookinBody Web, the Company processes the following personal information of users:

– Personal Information :

Name, Email address, Address and zip code, Mobile number, Company name, Height, Weight, Age, Gender, Date of birth and other forms of personal data while rendering additional or customized services to users, which users have consented to providing to the Company.

– Sensitive Personal Information

The Company also processes sensitive personal data of users, as set out below : Body composition analysis results, Medical history

Users provide their explicit consent to the processing of their sensitive personal data, with the understanding that the provision of the above sensitive personal data is necessary for the Company to provide the body composition analysis service.

(2) inbodyasia.com

With regards to inbodyasia.com, the Company processes the following personal information of users:

– Personal Information : Name, Email address, Phone number, and any other personal information disclosed by users in the “Contact Us” page of inbodyasia.com.

(3) InBody Mobile Application

With regards to the InBody Mobile Application, the Company processes the following personal information of users:

– Personal Information : Name, Email address, Mobile number, Height, Weight, Age, Gender and other forms of personal data while rendering additional or customized services to users, which users have consented to providing to the Company.

– Non-personally identifiable information

The Company processes the non-personally identifiable data through the Web Services below : IP address;, Cookie, Date visited, Service usage log and Error log.

B. Methods of Collecting Personal Information The Company collects personal information using the following methods. <All InBody Models>

– Personal information is collected using ‘Input mobile no.’, ‘Input ID’, ‘Input height’, ‘Input Gender’ or ‘Input age’ during InBody test.

<LookinBody Web>

– Personal information is collected during the sign-up process in LookinBody Web

* Malaysia :

The Company collects personal information in the following ways:

– When users are asked to input their personal data in the course of using the body composition analysis system;

– When users sign up for the Web Services;

– When users contact the Company, send feedback to the Company, post material on the Web Services, complete customer surveys or participate in competitions.

C. Location of Storage

Personal data collected from the EEA, UK, Switzerland, and Ukraine is primarily stored within the EEA (in the Netherlands). However, in exceptional circumstances where necessary—for example, in connection with a service request, contractual obligation, or explicit consent from the data subject—personal data may be transferred outside the EEA in accordance with Article 49 of the GDPR. In such cases, appropriate safeguards and transparency measures will be applied.

All personal information collected from Malaysia will be stored on servers located in Malaysia and Singapore. Other countries will be stored on a server located in each countries

2. Collection of Personal Information and Purpose of Use

The Company collects personal information from users for the following purposes:

A. Provision of Service Provision of content, provision of specific customized services, delivery of goods or sending of bills, etc., identity authentication, purchasing and payment processing, collection of fees

B. Member Management Identity authentication for use of membership-based services or limited identity authentication programs, personal identification, prevention of unauthorized use or abuse by defective members, confirmation of sign-up intent, restriction of sign-up or sign-up attempts, recordkeeping for dispute

resolution, handling of complaints and delivery of notices

C. Use for Development of New Services and Marketing/Advertisements Development of new services and provision of customized services, provision of services based on statistical characteristics, validation of services, provision of information on promotional events and provision of opportunity to participate, assessing access frequency, statistics on service usage by members

* Malaysia :

D. General Purposes Monitoring and recording communications (such as telephone conversations and e-mail) for the purpose of improving the quality of the Company’s services, to send users newsletters when users have subscribed for the Company’s newsletter, to comply with the Company’s regulatory and corporate governance obligations, gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests, operational reasons such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information, investigating complaints and allegations of criminal offenses, providing customer service, and to give effect to the commercial transactions between the Company and the users.

3. Sharing and Provision of Personal Information The Company uses personal information of users within the scope notified in “2. Collection of Personal Information and Purpose of Use” does not use any personal information beyond the above mentioned scope, or disclose any personal information of users to third parties without prior consent of the user. However, the exceptions apply under the following circumstances: – the user has given prior consent to such disclosure; – there is a request from an investigational agency pursuant to provisions of laws or through procedures and methods stipulated in laws for investigational purposes; or – there is a request for personal information from a government agency for providing various services.

* Malaysia :

– there is a need to disclose personal information of users to the Company’s contracted third-party service providers and vendors. The Company may also disclose personal information of users to:

– other Companies within the InBody group;

– service providers, institutions, or commercial organizations that are collaborating with the Company;

– a third party who acquires the Company or substantially all of the Company’s assets, in which case

the personal data shall be one of the acquired assets; and

– other software providers users may request to give users access to users’ InBody device data.

4. Consigned Handling of Personal Information The Company may consign entry of personal information to personal information processing officers at sites where the program is used. Such officers shall receive adequate training to ensure that the personal information stored is not lost, stolen, leaked, altered, or damaged.

5. Retention and Usage Periods of Personal Information By general rule, personal information of users is destroyed once its purpose of collection and usage is achieved. However, the following information may be retained for the periods stated for given reasons.

A. Reasons for Retention of Information Based on Company’s Internal Policy – Recordkeeping of information abuse * Reason for retention: Prevention of abuse * Period of retention: 1 year

B. Reasons for Retention of Information Pursuant to Relevant Laws

When retention is required by provisions of relevant laws such as the Commercial Act and the Act on the Consumer Protection in Electronic Commerce, etc., the Company retains member information for a specific period, as stipulated in relevant laws. In such a case, the Company uses the information retained only for the purpose of such retention for the following retention periods.

– Recordkeeping on website access * Reasons for retention: Protection of Communications Secrets Act * Period of retention: 3 months – Records on identity authentication * Reasons for retention: Act on Promotion of Information and Communications Network Utilization and Information – Protection, etc. * Period of retention: 6 months – Records on consumer complaints and dispute resolution * Reasons for retention: Act on the Consumer Protection in Electronic Commerce, etc. * Period of retention: 3 years * Malaysia :

– Compliance with legal and regulatory obligations * Reasons for retention: To comply with the obligations under law imposed on the Company

* Period of retention: 6 years

6. Procedure and Methods of Destruction of Personal Information By general rule, personal information of users is destroyed once its purpose of collection and usage is achieved. Procedures and methods used by the Company to destroy personal information are as follows. A. Procedure of Destruction

* Once the purpose of the information is achieved, information entered by the user for member sign-up, etc. is moved to a separate database (separate cabinet in case of information on paper), stored for a specific period in accordance with internal policy and reasons for information protection pursuant to other relevant laws, and destroyed. * Such personal information is not used for purposes, other than as stipulated in purpose of retention, unless required by law.

B. Method of Destruction * Personal information printed on paper is destroyed by using a shredder or by incineration. * Personal information stored in electronic file formats is erased beyond recovery using technical means.

7. Rights of Users and Legal Attorneys and Methods of Exercising the Rights The user or their legal attorney may, at any time, view and edit registered personal information of the user or the child concerned under the age of 16* and may request for cancelation of membership. The user may click ‘Edit Personal Information’ (or ‘Edit User Information’, etc.) to view and edit personal information of the user or the child concerned under the age of 16; and may click ‘Cancel Membership’ to cancel membership (withdraw consent). Once the user completes the identity authentication process, they will be able to view and edit the information or cancel membership on their own. * The child who require parental consent from EU membership ;

– under the age of 13 : Belgium, Denmark, Estonia, Finland, Latvia, Malta, Portugal, Sweden,

– under the age of 14 : Austria, Bulgaria, Cyprus, Italy, Lithuania, Spain

– under the age of 15 : Czech, France

– under the age of 16 : Croatia, Germany, Greece, Hungary, Ireland, Luxembourg, Holland, Poland, Romania, Slovakia, Slovenia

* The child who require parental consent from California ;

– under the age of 18

* The child who require parental consent from China ;

– under the age of 14

* The above is as of October 2019 and may change afterwards.

Alternatively, the user may contact the Personal Information Manager in writing, by phone, or email

for immediate action. Once the user has made a request for correction of errors in personal information, such information shall not be used or provided until the corrections are made. Also, if incorrect personal information is already provided to a third party, the Company shall immediately notify the third party of the correction processing results so that the necessary corrections are made. The Company processes personal information of users which has been canceled, deleted by request of the user, or legal attorney in accordance with provisions of “5. Retention and Usage Periods of Personal Information” ensures that the personal information is not viewed or used for other purposes.

* Malaysia : Users have the option of unsubscribing from the Company’s newsletter and from receiving marketing and advertising-related emails from the Company.

8. Matters Concerning Installation/Operation of Automatic Personal Information Collection Mechanism and Refusal Thereof In order to provide personalized and customized services, the Company uses ‘cookies’ to save and frequently load the user’s information. A cookie is a very small text file sent from the server, which is used to run the website, to the user’s web browser. The cookie is stored on the hard disk of the user’s computer.

A. Purpose of Using Cookies * Cookies are used for analyzing the user’s visit and usage patterns, etc. of various services offered on lookinbody.com and other websites, to facilitate the provision of information, optimized for each user.

B. Declination to Installation/Operation of Cookies * The user has the right over the installation of cookies. Therefore, the user can accept all cookies, require prompt each time a cookie is saved, or reject all cookies by setting options on their web browser. * Note, however, that if cookies are not accepted, the user may experience difficulty in using some of the services on nld.lookinbody.com which require signing in. * Configuring cookie installation settings (on Internet Explorer) ① On the [Tools] menu, select [Internet options]. ② Click the [Privacy] tab. ③ Adjust the [Settings].

9. Technical/Administrative Measures for Protection of Personal Information In handling personal information of users, the Company employs the following technical/administrative measures to secure safety of personal information against displacement, theft, leaks, unwanted alterations or damage.

A. Encryption of Personal Information The user’s password, stored and managed in encrypted forms, is only known to the user. Therefore, the password of a user can only be viewed and changed by the user who knows the password. Additionally, mobile numbers, dates of birth, etc. are encrypted to prevent information leaks and amendments to personal information.

B. Measures against Hacking, etc. The Company does its best to prevent leaks and damage of personal information of the user via hackers, computer virus, etc. The Company regularly backs up the data to minimize damage of personal information, uses latest anti-virus software to prevent leaks and damage of personal information and data of users; and uses encrypted communications, etc. for safe transmission of personal information on networks. The Company also uses an intrusion prevention system to limit unauthorized access from outsiders and makes an effort to employ all possible technical mechanisms to ensure security of the system.

C. Persons Handling Personal Information The Company limits handling of personal information to persons, specifically assigned to the task, who are assigned with separate passwords that are regularly updated for such purpose. Frequent training is provided to persons handling personal information to emphasize the importance of compliance with the Privacy Policy, at all times. D. Operation of Dedicated Organization for Personal Information Protection The Company employs a dedicated organization for personal information protection, etc. to monitor implementation of the Privacy Policy; compliance of persons in charge; and to immediately correct and rectify any issues identified.

However, the Company shall not be liable for any issues caused by personal information leaks such as mobile numbers and passwords due to the user’s negligence or other Internet-related problems.

10. Data Protection Manager and Officers You may report all privacy complaints that arise while using the Company’s services to the Data Protection Manager or Data Protection Officer of the Company. The Company shall respond to the user’s reports promptly and adequately.

* InBody Headquarters [South Korea]

Address: 06106 625, Eonju-ro, Gangnam-gu, Seoul, Republic of Korea Website : www.inbody.com E-mail : inbody@inbody.com, privacy2@inbody.com

TEL : +82-2-501-3939 / FAX : +82-2-501-3978

Personal Information Officer: Dong-bok Yeom

* InBody EUROPE [NETHERLANDS]

Address: Gyroscoopweg 122, 1042 AZ Amsterdam Website: https://nl.inbody.com E-mail: info.eu@inbody.com, privacy.eu@inbody.com

TEL: +31-20-238-6080

Personal Information Manager: Billy Nam

Personal Information Officer: Billy Nam

* InBody USA Address: 13850 Cerritos Corporate Dr., Unit C, Cerritos, CA 90703, USA Website: www.inbodyusa.com E-mail : Info@inbody.com

TEL : +1-323-932-6503 / FAX : +1-323-952-5009

* InBody JAPAN Address: Tani Bldg., 1-28-6, Kameido, Koto-ku, Tokyo 136-0071 JAPAN Website: http://www.inbody.com/jp E-mail : inbody@inbody.co.jp

TEL: +81-3-5875-5780 / FAX: +81-3-5875-5781

Personal Information Officer: Shibata Yasuo

* InBody CHINA Address: 904, Xing Di Plaza, No. 1698 Yishan Road, Shanghai, 201103, CHINA Website: http://www.inbody.com/cn E-mail : info@inbodychina.com

TEL : +86-21-6443-9738, 9739, 9705 / FAX : +86-21-64439706

Personal Information Officer:

* InBody INDIA Address: Unit No. G-B 10, Ground Floor, Art Guild House, Phoenix Market City, L.B.S. Marg, Kurla

(West), Mumbai 400070, India. Website: http://www.inbody.in E-mail : inbodyindia@inbody.com

Personal Information Officer: Ken Cha

* InBody ASIA [MALAYSIA & SINGAPORE] Address: Unit 3A-11, Oval Damansara, No.685 Jalan Damansara, 60000 Kuala Lumpur, Malaysia Website: http://www.inbodyasia.com E-mail : info@inbodyasia.com

TEL : +60-3-7732-0790 Personal Information Officer: Choi Hyungwook

11. Duty of notification

If ever a legal attorney requests insight into, alteration or removal of the personal data of the subject as mentioned under “7. Rights of Users and Legal Attorneys and Methods of Exercising the Rights”, the Company shall notify the subject in writing before complying to this request.

The company shall report to the supervisory authority within 72 hours from the time it becomes aware of the infringement of personal information in the event of an infringement that may pose a risk to the rights and freedoms of individuals. The data subject must be notified of the infringement without under delay.

However, if there is a low possibility that the infringement of personal information poses a risk to the individual’s freedom and rights, the notification may not be made.

If the report to the supervisory body is not made within 72 hours, the reason for the delay must be reported together.

This Privacy Policy was last updated 01 September 2025.

* Malaysia :

We reserve the right to update and make amendments to this Privacy Policy from time to time. In the event we update or amend this Privacy Policy, we will inform users by posting the updated Privacy Policy on the Web Services. In the event we update or amend this Privacy Policy, the updated or amended terms will only apply to personal data that is collected from the date of this Privacy Policy is updated or amended.

To comply with Section 7(3) of the Personal Data Protection Act 2010 of Malaysia, a simplified Personal Data Notice based on this Privacy Policy is made available to users in Bahasa Malaysia. In the event of any inconsistencies between the Personal Data Notice and this Privacy Policy, the terms of this Privacy Policy shall prevail.

This Privacy Policy was last updated 31, May 2021.

NOTIS DATA PERIBADI INBODY

Notis data peribadi (“Notis Data Peribadi”) mengenai penggunaan data peribadi diterbitkan oleh InBody (“Syarikat” atau “Kami”) kepada pengguna-pengguna sistem analisis komposisi badan, LookinBody Web, inbodyasia.com, dan aplikasi telefon Inbody (secara kolektif, “Web Services”), selaras dengan keperluan Akta Perlindungan Data Peribadi 2010 (“PDPA”). Sepanjang penggunaan Web Services kami, kami akan mengumpul data peribadi termasuk, tetapi tidak terhad kepada:

– nama anda;

– alamat e-mel anda;

– alamat dan poskod anda;

– nama syarikat anda;

– ketinggian anda

– berat badan anda;

– umur anda;

– jantina anda;

– hari lahir anda; dan

– data peribadi lain yang dibekalkan oleh anda dengan persetujuan anda sepanjang penggunaan Web Services kami.

Kami juga akan mengumpul data peribadi sensitif yang berikut:

– komposisi badan anda; dan

– sejarah perubatan anda.

Anda memberikan persetujuan secara nyata mengenai pemprosesan data peribadi sensitif di atas, dan memahami bahawa data peribadi sensitif di atas diperlukan untuk mengguna perkhidmatan analisis komposisi badan kami.

Data peribadi anda dikumpulkan:

– apabila anda menggunakan perkhidmata analisis komposisi badan;

– apabila anda mendaftar sebagai ahli Web Services Kami; dan

– apabila anda menghubungi kami, memberi maklum balas kepada kami, membuat post dalam Web Services, melengkapkan tinjauan pengguna-pengguna, atau menyertai pertandingan-pertandingan yang dianjurkan oleh kami.

Kami akan mengumpul dan memproses data peribadi anda untuk tujuan berikut:

– untuk memberi perkhidmatan kepada anda (termasuk untuk membekalkan perkhidmatan mengikut tempahan, untuk mengesahkan identiti anda, untuk memproses bayaran anda, dan untuk pembayaran fi kami);

– untuk pengurusan ahli-ahli Web Services (termasuk untuk mengesahkan identiti anda, untuk membendung penyalahgunaan Web Services, untuk mengesahkan pendaftaran pengguna, untuk penyimpanan rekod bagi tujuan penyelesaian pertikaian, untuk mengendalikan aduan-aduan, dan untuk penghantaran notis);

– untuk mengembangkan perkhidmatan kami;

– untuk tujuan pengiklanan dan pemarasan;

– untuk berkomunikasi dengan anda;

– untuk menghantar bulletin kepada anda;

– untuk mematuhi tanggungjawab kontraktual kami;

– untuk mematuhi undang-undang dan peraturan-peraturan yang berkenaan; dan

– untuk tujuan-tujuan lain yang berkaitan.

(secara kolektif, “Tujuan-tujuan”).

Semua data peribadi dari Malaysia akan disimpan di dalam pelayan-pelayan web di Malaysia dan Singapore.

Kami tidak akan mendedahkan data peribadi anda kepada mana-mana pihak ketiga kecuali dalam keadaan berikut:

– anda telah memberi persetujuan;

– kami diminta untuk mendedahkan data peribadi anda oleh agensi penyiasatan menurut keperluan undang-undangl

– kami diminta untuk mendedahkan data peribadi anda oleh kerajaan;

– wujudnya keperluan untuk mendedahkan data peribadi anda kepada pembekal-pembekal kami.

Kami juga mungkin akan mendedahkan data peribadi anda kepada:

– syarikat gabungan kami;

– pembekal perkhidmatan, institusi-institusi, atau pertubuhan perdagangan yang berkolaborasi dengan kami;

– pihak ketiga yang telah memperolehi Syarikat atau aset-aset Syarikat; dan

– pembekal perisian komputer yang diberi akses kepada data perintian Inbody menurut permintaan anda.

Jika anda tidak memberikan data peribadi anda kepada kami, atau tidak setuju dengan Notis Data Peribadi ini, anda mungkin tidak dapat mengakses ciri-ciri Web Services yang tertentu, pengalaman pengguna anda mungkin akan terjejas, dan anda mungkin tidak boleh menerima perkhidmatan sokongan daripada kami.

Kami akan memastikan bahawa data peribadi anda dilindungi dan akan disimpan dengan selamat. Anda berhak (seperti di bawah) untuk meminta akses kepada data peribadi anda, atau meminta salinan data peribadi anda, atau meminta bahawa data peribadi anda dikemaskini atau dibetulkan.

Anda berhak untuk meminta bahawa kami mengehadkan pemprosesan data peribadi anda, tertakluk kepada apa-apa pengecualian undang-undang yang membolehkan kami untuk mengumpul, menggunakan, dan mendedahkan data peribadi anda.

Kami berhak untuk mengemaskini dan membuat pindaan kepada Notis Data Peribadi ini dari semasa ke semasa. Kami akan memaklumkan kepada anda tentang pindaan yang dibuat kepada Notis Data Peribadi ini melalui pengumuman di Web Services. Jika kami membuat pindaan kepada Notis Data Peribadi, pindaan yang dibuat akan diguna pakai untuk data peribadi yang dikumpulkan selepas tarikh pemindaan Notis Data Peribadi ini sahaja.

Selaras dengan Seksyen 7(3) PDPA, Notis Data Peribadi ini disediakan dalam Bahasa Malaysia dan Privacy Policy kami disediakan dalam Bahasa Inggeris. Sekiranya wujud sebarang percanggahan antara Notis Data Peribadi ini dan Privacy Policy kami, Privacy Policy kami akan diguna pakai.

Jika anda ingin mengakses atau perlu mengemaskini data peribadi anda, sila berbuat demikian di akaun Web Services anda.

Jika anda mempunyai sebarang permintaan untuk mengehadkan pemprosesan data peribadi anda, pertanyaan, aduan, atau jika anda ingin menarik balik persetujuan anda kepada kami untuk mengumpul dan memproses data peribadi anda, sila hubungi wakil kami dengan merujuk kepada maklumat yang tertera dibawah:-

* InBody ASIA

Alamat: Unit 3A-11, Oval Damansara, No.685 Jalan Damansara, 60000 Kuala Lumpur, Malaysia

Laman Web: http://www.inbodyasia.com

E-mail : info@inbodyasia.com

No. Telefon : +60-3-7732-0790

Pegawai Data Peribadi: Choi Hyungwook

Last update: 10 July 2024