InBody Privacy Policy
InBody Co., Ltd. (hereinafter, “the company”) upholds privacy regulations and is doing its best to protect the interest of its users by establishing a privacy policy for the body composition analyzer InBody and the website MyInBody in accordance with relevant laws and regulations. The user has the right to withhold their consent to collection of personal information and, when such consent is withheld, they shall be denied access to any additional service except for the first instance of body composition analysis. InBody’s privacy policy includes the following contents.
A. Types of Personal Information Collected
First, for sign-up, efficient customer care and provision of various services, the following types of personal information are collected when the ‘Save Results’, ‘Enter Mobile’ or ‘Send Results to Web’ options are selected for the first time when performing body composition analysis on InBody (hereinafter, “the InBody test”) or when the ‘Sign-up’ option is selected for the first time on MyInBody.
i. All InBody models
a. Required information: Mobile, height, body composition analysis results
b. Optional information: Age, gender
ii. MyInBody
a. Required information: Mobile, gender, date of birth, password
Second, during the use of the service on MyInBody or during operation of the business, the following types of information may be generated and collected automatically.
IP address, cookie, date visited, service usage log, error log
Third, information may be collected while using additional services and customized services or while applying for promotional events only from those users of such services who have given consent to collection of the additional personal information.
B. Methods of Collection
The company collects personal information using the following methods.
i. All InBody models
Personal information is collected using the ‘Save Results’, ‘Enter Mobile’, ‘Enter Member ID’ or ‘Send Results to Web’ options during InBody test.
ii. MyInBody
Personal information is collected at sign-up on MyInBody.
A. Provision of Service
Provision of content, provision of customized services, delivery of goods and invoices, personal authentication, purchase and payment, collection of fees
B. Member Management
Personal verification for usage of subscription services and for limited personal verification, personal identification, prevention of unauthorized use by delinquent members and prevention of unauthorized use, confirmation of intention to sign up, limiting sign-up and number of sign-ups, record keeping for dispute resolution, complaints handling, communication of notices
C. Use in Development of New Services
Development of new services and provision of customized services, provision of services based on statistical properties, validation of services, provision of information on promotional events and offering opportunities to participate in such events, analysis of login frequency, statistics on service usage of members
The company uses users’ personal information within the scope stated in “2. Collection of Personal Information and Purpose of Use”, does not use the information outside of the said scope without prior consent of the users, and does not disclose the users’ personal information to third parties by principle, unless:
- the users have given prior consent to such disclosure;
- when required by provisions of relevant laws or when requested by investigational agencies for investigation purposes according to procedures and methods stipulated by relevant laws; or
- the personal information is demanded by public organizations for provision of various services.
The company may entrust the personal information officers of the organization using this program to enter personal information on its behalf. Such officers are given adequate training to keep the stored personal information safe from loss, theft, leakage, alteration or damage.
By principle, the users’ personal information is destroyed without delay once the purpose of collection and use of the personal information is fulfilled. However, the following types of information are retained for the periods specified for the reasons stated.
A. Retention of Information Required by Internal Company Regulations
- Records of unauthorized use
• Reason of retention: Prevention of unauthorized use
• Retention period: 1 year
B. Retention of Information Required by Relevant Laws
When required by provision of relevant laws such as the Commercial Act and the Act on the Consumer Protection in the Electronic Commerce Transactions, etc., the company retains the member information for the periods stipulated by the relevant laws. Under such circumstances, the company uses the information concerned only for the purpose of retention and retains the information for the following periods.
- Records of website visits
• Reason of retention: Protection of Communications Secrets Act
• Retention period: 3 months
- Records concerning personal verification
• Reason of retention: Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.
• Retention period: 6 months
- Records concerning consumer complaints and dispute resolution
• Reason of retention: Act on the Consumer Protection in the Electronic Commerce Transactions, etc.
• Retention period: 3 years
By principle, the users’ personal information is destroyed without delay once the purpose of collection and use of the personal information is fulfilled.
The company uses the following procedure and methods to destroy the personal information.
A. Procedure of Destruction
- The information entered by the user for sign-up, etc. is related to a separate database (to a separate file cabinet for paper documents) after its purpose is fulfilled, stored for a period required for the reasons of information protection as required by internal regulations and other relevant laws (see Retention and Usage Periods), after which the information is destroyed.
- The said personal information shall not be used for purposes other than the purpose of retention unless required by law.
B. Methods of Destruction
- Any personal information printed on paper is destroyed by shredding with shredders or by incineration.
- Any personal information stored in electronic file formats is deleted using technical methods that prevent recovery of the records.
- The user or the legal attorney can retrieve or edit the registered personal information of their own or the respective child aged below 14 years of age, or request for termination of membership at any time.
- The personal information of a user or a child aged below 14 years of age can be retrieved or edited by clicking ‘Change Personal Information’ (or ‘Edit Member Information’) or the membership can be terminated (withdrawal of consent) by clicking ‘Terminate Membership’ and then completing the personal verification procedure.
- Alternatively, the user can contact the personal information manager in writing, by phone or by email, and the requests shall be processed immediately.
- When the user requests for correction of errors in their personal information, the personal information concerned shall not be used or provided until the corrections are made. Also, if any incorrect personal information has already been provided to a third party, the correction processing results shall be notified to the third party without delay so that the necessary corrections are made.
- The company processes any personal information terminated or deleted by request of the user or the legal attorney according to provisions of “5. Retention and Usage Periods of Personal Information” and ensures that such information is not retrieved or used for other purposes.
In order to provide personalized and customized services, the company uses cookies which save and load the users’ personal information on a regular basis. A cookie is a very small text file which is sent from the server used in running the website to the user’s web browser, and is saved on the hard disk of the user’s computer.
A. Purpose of Using Cookies
Cookies are used to identify and analyze the users’ patterns of using and visiting various services and webpage on MyInBody.com in order to provide optimized information to the users.
B. Installation/Operation of Cookies and Refusal Thereof
The user has the choice to allow installation of the cookie. Therefore, the user can configure the options on the web browser to allow all cookies, to force all cookies to be confirmed before saving, or to refuse saving of all cookies. However, if the user refuses saving of the cookie, some of the services on MyInBody.com which require login may not be available in full functionality.
- Allowing cookie installation (on Internet Explorer)
① In the [Tools] menu, select [Internet options].
② Click the [Privacy] tab.
③ Change the [Settings].
In handling the users’ personal information, the company employs the following technical and administrative measures to ensure safety and prevent loss, theft, leakage, alteration or damage of the personal information.
A. Encryption of Personal Information
Each member’s password is saved and managed in an encrypted form and is only known to the member. The personal information can be retrieved and changed only by the member who knows the password. Also, mobile numbers, date of birth, etc. are all encrypted to prevent leakage and alteration of the personal information.
B. Measures against Hacking, etc.
The company is doing its best to prevent leakage or damage of the members’ personal information due to hacking, computer virus, etc. The company backs up the data on a regular basis as a precaution against damage of the personal information, uses the latest antivirus software to prevent leakage or damage of the users’ personal information or data, and uses encrypted communications, etc. to transfer the personal information safely over the network. In addition, the company uses an intrusion blocking system to restrict unauthorized access from the outside, and is making conscious efforts to implement all other possible technical mechanisms to ensure the security of the system.
C. Minimization and Training of Employees Handing Personal Information
The company ensures that handling of the personal information is done only by the personal information officers and, even when such officers enter the personal information, frequent training is provided to such officers to emphasize the importance of compliance with the privacy policy.
D. Operation of Dedicated Organization for Protection of Personal Information
The company uses a dedicated organization, etc. for protection of personal information to monitor the enforcement of the privacy policy and the compliance by the officers and makes efforts to correct any problems found immediately.
However, the company shall not be held liable for any problems caused by leakage of the personal information such as the mobile number and password due to the user’s negligence or other problems on the Internet.
The user may report all privacy-related issues arising while using the company’s services to the personal information manager or any of the relevant departments.
The company shall respond to all user complaints in a timely and adequate manner.
Personal Information Manager
Personal Information Officer
For any additional complaints or advice concerning privacy, please contact the following organizations.
- Privacy Report Center (www.118.or.kr / 118)
- Information Protection Certification Commission (www.eprivacy.or.kr / 02-580-0533~4)
- High-Tech Crime Investigation Division, Supreme Prosecutors’ Office (www.spo.go.kr / 02-3480-2000)
- Cyber Bureau, National Police Agency (www.ctrc.go.kr / 02-392-0330)
Any addition, deletion or modification made to the current privacy policy shall be announced in the ‘Notice’ section of the website at least 7 days prior to the amendment.
- Date of notice: February 27, 2013
- Date of enforcement: February 27, 2013