Privacy Policy

We are Bodd Technologies Pty Limited ABN 61 609 421 301, an Australian corporation. The purpose of this Privacy Policy is to describe how we collect and use personal information (personal data), in the course of our business and through our website, and to show how we comply with applicable privacy (data protection) laws. If you have any questions regarding the contents of this Policy or how we handle personal information, we invite you to contact our Privacy Office, as below. We may modify or amend this Privacy Policy from time to time. We will display a notice at https://www.bodd.io stating when any such revisions have been made.

INTRODUCTION TO OUR PRIVACY POLICY

We are committed to protecting individuals’ privacy, including by:

ensuring that all personal information that we collect is collected by lawful and fair means, and

by handling personal information in accordance with applicable privacy laws and this Privacy Policy.

We implement processes and technical, operational and legal (including contractual) safeguards and associated assurance controls that have been designed by us to meet the privacy laws that apply to our business. These processes, safeguards and controls address privacy by design, privacy by default, information security, and minimisation of collection, handling and disclosure of personal information of individuals, so that we only handle personal information to the extent reasonably required for conduct of our business.

Our business is providing a body scanning service to Bodd clients. Bodd clients are regulated by privacy laws of various jurisdictions, such as jurisdictions in which they operate Bodd scanners, collect personal information in relation to persons to be scanned, or use or disclose personal information in relation to scanned persons. This Privacy Policy does not address legal and regulatory requirements applying to a Bodd client. If you are a person to be scanned by a Bodd client, or a scanned person, you may wish to also review the Privacy Policy of that Bodd client.

WHAT WE DO AND HOW WE DO IT

Bodd provides a body scanning service that enables Bodd clients to accurately measure physiological features and characteristics of individuals that elect to be scanned.

Bodd provides Bodd full body scanners to Bodd clients who operate the scanners and arrange with individuals who elect to be scanned for the scanning to take place.

Each Bodd client is responsible for arrangements between that Bodd client and individuals to be scanned using Bodd scanners that are operated by the Bodd client. These arrangements include agreement between the Bodd client and each person to be scanned as to the purpose of the scan and permitted uses of scanned data.

Each Bodd scanner as operated by the Bodd client captures raw scan data relating to the scanned person which is then sent from the scanner to Bodd. Bodd analyses that raw scan data and provides the relevant Bodd client with a scan summary report relating to each person scanned using a Bodd scanner as operated by that Bodd client.

A typical use case is a uniform supplier scanning a person for better sizing and fit of a uniform to be worn by that person. A Bodd scanner may be used by a Bodd client to do a ‘top to toe’ body scan, and accordingly may be used for measurement and sizing of most clothing items including suits, shirts, dresses, skirts, trousers, hats and helmets, shoes and boots, gloves, other clothing items, personal sports gear and personal protective equipment such as face masks.

Another typical use case is a health service provider measuring body shape and other physiological features of scanned persons for programs such as weight management programs over time.

Bodd seeks to minimise provision by a Bodd client to Bodd of information that might be capable of identifying a scanned person. Bodd does not need to know the identity of a scanned person to enable Bodd to provide Bodd data analytics services and a scan summary report relating to each scanned person to the Bodd client. Bodd does not require a scanned person’s name, address, mobile phone number, email address or any other personal identifiers. Bodd is not supplied with these personal identifiers unless expressly agreed between Bodd client, the person being scanned and Bodd.

A typical implementation is that a Bodd client dealing with a person to be scanned will collect such personal identifiers (such as name, address, mobile phone number or email address) as that Bodd client requires in order to deal with that person and as consistent with the agreement between the Bodd client and that person as to the purpose of the scan and permitted uses of scanned data. That Bodd client may allocate a unique transactor code or key, such as a QR code, to that person. This unique transactor code or key is then used in data exchanges between the Bodd client and Bodd. Accordingly, raw scan data, scan summary reports, and data as handled by Bodd, are tracked using this unique transactor code or key, and not personal identifiers relating to a scanned person. The scan summary report produced by Bodd in relation to a scanned person is created and provided by Bodd to the Bodd client using that same transactor code or key as was created by the Bodd client and provided by Bodd. The Bodd client may then use that transactor code or key to reassociate the transactor code or key with such direct or indirect identifiers (i.e., name. address, mobile phone number, email address) of a scanned person as the Bodd client and that scanned person have agreed to be collected and used, for use by Bodd client in accordance with the agreed purpose of the scan and agreed permitted uses of scanned data.

Bodd may also further deidentify data relating to scanned persons by:

aggregating scan data so it only relates to multiple persons and no longer relates to a single scanned person,

removing links of raw scanned data and scan summary reports to particular transactor codes or keys,

removing links of raw scanned data and scan summary reports to particular Bodd clients or Bodd scanners.

Bodd may use this further deidentified (effectively anonymised) data to improve Bodd data analytics services and for research. Bodd ensures that data is deidentified (effectively anonymised) and handled in accordance with guidance of the Office of the Australian Information Commissioner as to deidentification of personal information and handling of deidentified information.

In summary:
1. Bodd will only collect direct identifiers relating to persons to be scanned with prior express consent of those persons.

2. Bodd will only use raw scanned data or scan summary reports:

in the way described above, or

as Bodd, Bodd client and a scanned person may expressly agree, and then only for those agreed permitted uses.

3. Except to the extent that Bodd, a particular Bodd client and a particular scanned person expressly agree otherwise, Bodd will use raw scanned data or scan summary reports relating to scanned persons only:

in the way described above, and

as a data processor acting at the direction of Bodd client as data controller.

Outside of provision of Bodd scanning analytics services and in the course of conduct of Bodd’s business, Bodd may also collect other personal information relating to individuals, as described below in this Privacy Policy.

OUR PRIVACY COMMITMENTS

The Privacy Act 1988 (Commonwealth of Australia), including the Australian Privacy Principles (APPs) (which form part of that Act), as administered by the Office of the Australian Information Commissioner (www.oaic.gov.au), legally requires Bodd as an Australian corporation to comply with requirements of that Act wherever Bodd does business around the globe, in relation to Bodd’s collection, handling and any disclosure of personal information about or relating to individuals, regardless of where those individuals reside, or where Bodd clients are, or Bodd scanners are used.

Most other jurisdictions also have their own data privacy laws, which laws may also apply to Bodd in relation to provision by Bodd of Bodd scanning analytics services.

Bodd commits to comply with this Privacy Policy and requirements of the Privacy Act 1988 (C’th of Australia), and all other data protection and privacy laws which apply to Bodd in relation to provision by Bodd of Bodd scanning analytics services.

In the following sections of this Privacy Policy, we use terms as follows:

Personal information is information or an opinion about or relating to an individual who is identified or is reasonably identifiable.

Sensitive (personal) information is information or an opinion about or relating to an individual who is identified or is reasonably identifiable, which is also information or an opinion about an individual’s health, race or ethnicity, membership of a professional association, trade association or a trade union, sexual orientation and sex life, and certain biometric data. This Privacy Policy does not apply to Bodd clients or other third parties. Each Bodd client is responsible for providing and complying with its own privacy policy and complying with privacy and data protection laws applicable to them.

THE PURPOSES FOR WHICH WE COLLECT PERSONAL INFORMATION

We collect and handle personal information as follows:

If you are a person to be scanned or a scanned person

See the description above under the heading WHAT WE DO AND HOW WE DO IT.

If you are a Bodd client (or you work for a Bodd client)

We may collect your individual contact and related information to enable us to communicate with you in relation to the provision of services by us (for example, in relation to the management and administration of the provision of the relevant services) and other personal information relating to you to in the course of providing the services concerned (for example, personal description, business bank account or other financial details, and other information relating to you that is included in any communications between us and you or anyone you work with in the course of provision of the services).

If you provide products or services (or you work for, or are agent for, someone who supplies products or services) to Bodd or to any Bodd client

We may collect your contact information to enable us, our clients or other suppliers of ours or our clients to communicate with you in relation to the provision of products or services by you or the person that you work for (for example, in relation to the management and administration of the provision of the relevant products or services) and other personal information relating to you to in the course of provision of the relevant products or services.

If we are assessing your suitability or ability to provide products or services to us or to any Bodd client

We may collect relevant personal information relating to you to the extent necessary to enable that assessment to take place – for example, if we need to assess or confirm your age, your right to work in the jurisdiction, your skills and previous experience, your qualifications, or whether there is anything (for example, relating to your past history, your health or your conduct or reputation) that would adversely affect your suitability or ability to provide the products or services concerned. This will be explained to you in more detail at the time we collect the personal information and, where appropriate, will be subject to your prior consent.

If you are invited to, or attend, an event organised or managed by us

We may collect your individual contact and related information (as well as that of anyone who is attending the event with you) as necessary to enable you and any other relevant individuals to be invited to, and to attend, the event and to facilitate your attendance (for example, dietary or special access requirements).

If we have to provide or arrange any facilities, resources, travel, accommodation or anything else necessary to enable or assist you to provide products or services to us or any Bodd client

We may collect relevant personal information relating to you in order to enable us to do so (for example, your passport details if we have to arrange travel or accommodation for you).

If we have to arrange insurance relating to you

We may collect relevant personal information relating to you to the extent necessary to enable that insurance to be obtained (for example, information relating to your current state of health if that is necessary in relation to the insurance concerned).

If you are a respondent to any survey, research, interview or other enquiry carried out by us

We may collect personal information from you as part of surveys or other research carried out by us, in which case we will provide you at the time with information on how we propose to process and use the personal information concerned.

If you are a public official, otherwise act in official capacity, work for a public body, are a journalist or otherwise involved in the media and we need to contact you in the course of providing public relations or related services for our clients

We will collect your contact details to enable us to communicate with you on behalf of or in relation to our clients.

If you browse any of our websites

We may collect information on your visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive. We may keep a record of the content on our website that you have clicked on and use that information to target advertising on this website to you that is relevant to your interests and which we have identified based on content you have looked at.

If we wish to send you advertising, marketing or promotional material

We may collect your contact details in order to send you direct marketing material in order to advertise, market or promote our services (either to you or the person that you work for, as appropriate). We may combine this with other information we obtain about the things you are interested in and that are relevant to the services provided by us (for example, when you browse our website and view particular content), in order to help us ensure that marketing material that we send you is relevant to what you are interested in.

If you apply for a position with us

We may collect personal information in relation to you in connection with any application by you for a position with us. In that case, we will explain in more detail at the time how and for what purposes we intend to process the relevant personal information.

If you are a customer or other contact of any of our clients

If requested to do so by a client, we may collect your contact information or other information relevant to your dealings with, or of other relevance to, our clients (for example, products or services that you have obtained from our client or relevant social media interaction relevant to our client) for the purpose of contacting you on our client's behalf. In doing this, we will normally be acting as a data processor on behalf of the relevant client, and any processing of personal information by us will be solely in accordance with our client's instructions and under our client's control.

WHERE WE HANDLE AND HOLD PERSONAL INFORMATION

Where necessary to provide our services (for example, when providing services in relation to an international campaign), we may share relevant personal information with service providers to us, or clients, that are located outside Australia, but only to the extent necessary in order to provide the services concerned. Where personal information that is protected by data protection and privacy laws is transferred or otherwise handled on our behalf outside Australia, we will take such steps as are reasonable in the circumstances to ensure that the entity receiving and handling that personal information complies with the Privacy Act 1988 (C’th of Australia), including the Australian Privacy Principles.

SECURITY OF PERSONAL INFORMATION

We will take such steps as are reasonable in the circumstances to protect personal information from misuse, interference or loss, and from unauthorised access, modification or disclosure. We take appropriate industry recognised steps to protect personal information that we hold, including use of technologies and processes such as access control procedures, network firewalls, encryption and physical security. Any payment transactions administered by us will be encrypted using appropriate technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or systems, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect personal information, we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorised access.

SHARING OF PERSONAL INFORMATION

We may, where and to the extent reasonable and fair, share personal information with:

any of our related corporations (i.e., our subsidiaries).

appropriate third parties including:

our business partners, customers, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you or the person that you work for;
the media, where you are participating in advertising or other marketing or promotion that is intended to be publicly disseminated;
our auditors, legal advisors and other professional advisors or service providers;
credit or other similar reference agencies for the purpose of assessing your suitability or ability where this is in the context of us entering (or proposing to enter) into a contract with you or the person that you work for.

(in relation to information obtained via our website):

our advertisers and advertising networks that require the data to select and serve relevant advertisements to you and others. We do not disclose information about identifiable individuals to our advertisers, but we will provide them with aggregate information about our users. We may also use such aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal information we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience;
analytics and search engine providers that assist us in the improvement and optimisation of our site.

However, in relation to raw scanned data and scan summary reports created in the course of provision of Bodd scanning analytics services, Bodd will only share personal information as described above under the heading WHAT WE DO AND HOW WE DO IT.

USE OF OUR INTERNET SITE

When visiting our website, the site server makes a record of the visit and logs the following information for statistical and administrative purposes:

the user’s server address – to consider the users who use the site regularly and tailor the site to their interests and requirements;

the date and time of the visit to the site – this is important for identifying the website’s busy times and ensuring maintenance on the site is conducted outside these periods;

pages accessed and documents downloaded – this indicates to Bodd which pages or documents are most important to users and also helps identify important information that may be difficult to find;

duration of the visit – this indicates to us how interesting and informative our site is to visitors to the suite;

the type of browser used – this is important for browser specific coding;

in order to optimize our website and better understand its usage, we collect the visiting domain name or IP address, computer operating system, browser type and screen resolution.

A cookie is a piece of information that an Internet website sends to your browser when you access information at that site. Cookies are either stored in memory (session cookies) or placed on your hard disk (persistent cookies). Our website does not use persistent cookies. Upon closing your browser, the session cookie set by this website is destroyed and no personal information is maintained which might identify you should you visit our website at a later date. We may also receive tracking code data, device identifiers, log information and other information, from ad serving services or advertising networks and relating to use by other persons of third-party internet sites serviced by those ad serving services or advertising networks. We also use this received tracking code to provide a better user experience for users when using our internet site and to improve our internet site. We do not use tracking code to identify a person using a browser or device. Our internet site uses technologies of third-party partners to help us recognize your browser device and understand how you use our internet site so that we can improve our services to reflect your interests and serve you advertisements about the products and/or services that are likely to be of more interest to you. Specifically, these partners collect information about your activity on our internet site to enable us to:

measure and analyse traffic and browsing activity on our site(s),

show advertisements for our products and/or services to you on third-party sites, and

measure and analyse the performance of our advertising campaigns.

We may share data, such as hashed email derived from emails or other online identifiers collected on our internet site with our advertising partners. This allows our partners to recognize and deliver you ads across devices and browsers. Our partners may use non-cookie technologies that may not be impacted by browser settings that block cookies. Your browser may not permit you to block such technologies. For this reason, you may, if you wish, use the following third party tools to decline the collection and use of information for the purpose of serving you interest based advertising:

the NAI’s opt-out platform: https://optout.networkadvertising.org/

the DAA’s opt-out platform: https://optout.aboutads.info/

Sometimes our internet site contains links to other internet sites. When you access an internet site other than our internet site, we are not responsible for the privacy practices of that site. We recommend that you review the privacy policies of each internet site you visit.

OTHER DISCLOSURES WE MAY MAKE

We may disclose personal information to third parties:

In the event that we sell or buy any business or assets, we may disclose personal information to the prospective seller or buyer of such business or assets subject to the terms of this privacy policy.

If we are under a duty to disclose or share personal information in order to comply with any legal obligation, or in order to enforce or apply our terms of supply and other agreements with you or the person that you work for; or to protect the rights, property, or safety of our business, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of child protection, fraud protection, or credit risk reduction.

LEGAL BASIS

Where Privacy Laws require us to obtain your prior consent to collect and handle personal information about you, we will obtain and rely on your consent as required. See below for how to withdraw your consent.

Otherwise, we will collect and handle personal information about you:

as stated in this Privacy Policy;

where the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract;

for compliance with a legal obligation upon us.

We will collect personal information about you only from you unless it is unreasonable or impracticable for us to do so.

DIRECT MARKETING

There are several ways you can stop receiving direct marketing communications from us. Click the ‘unsubscribe’ or ‘opt-out’ link in any email communication that we send you, or contact us via the details as set out at the end of this policy. We will then stop any further marketing related emails. Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated. In relation to any third-party marketing, we will get your express opt-in consent before we share personal information with any third party for any marketing purpose.

ACCESS TO AND CORRECTION OF PERSONAL INFORMATION

Where we collect personal information from an individual directly, we take steps to ensure that the personal information we collect, use and disclose is accurate, up to date and complete. These steps include maintaining and updating any personal information when we are advised by an individual that their information has changed.

Where we collect personal information about an individual from a third party, we rely on that third party to ensure that information it collects is accurate, up to date and complete. An individual may request access to personal information about that individual that is held by us. Subject to any permitted exception under the Privacy Laws, will give that individual access to that personal information.

If an individual notifies us that personal information about that individual as held by us is not accurate, we will take reasonable steps to correct that information. To the extent that we have received any personal information indirectly (for example, from a business for which we act as sub-contractor), we may notify that business that it has received a request from an individual to access or correct the personal information it has provided to us.

If you require access to your personal information, please contact privacy@bodd.io. Before we provide you with access to your personal information, we will require some proof of identity.

For most requests, your information will be provided free of charge. However, we may charge a reasonable fee if your request requires a substantial effort on our part. If we refuse to provide you with access to the information, we will provide you with reasons for the refusal and inform you of any exceptions relied upon under the APPs (unless it would be unreasonable to do so).

We take reasonable steps to ensure that your personal information is accurate, complete, and up-to-date whenever we collect or use it. If the personal information we hold about you is inaccurate, incomplete, irrelevant or out-of-date, please contact us and we will take reasonable steps to either correct this information, or if necessary, discuss alternative action with you.

RETENTION OF PERSONAL INFORMATION

We retain personal information after we have used the personal information for the purposes for which we collected or received it.
If we retain such personal information, it will only be used for the following purposes:

as required by or under Australian law, or a court / tribunal order;

as required for professional indemnity insurance; and

in accordance with our back-up archive policy.

When no longer required, Bodd uses its best endeavours to ensure that all such information will be destroyed in a secure manner and in a reasonable time frame.

HOW WE HOLD AND SECURE YOUR INFORMATION

The security of your personal and confidential business information is important to us. We take appropriate industry recognised steps to prevent personal and confidential business information we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure. This protection includes the use of technologies and processes such as access control procedures, network firewalls, encryption and physical security.

HOW TO CONTACT US

If you:

would like to access or inquire about personal information we hold about you,

have a query in relation to this Privacy Policy, or

would like to make a complaint about our handling of personal information, please contact us using the contact details below.

If you wish to make a complaint about an alleged breach of the Privacy Laws, we ask that you send us your complaint in writing to the email address listed above. We endeavour to respond to complaints within a reasonable period (usually 30 days).

If you are not satisfied with our response, you may make a complaint to the Office of the Australian Information Commissioner by phoning 1300 363 992 or by email at enquiries@oaic.gov.au.

Our contact details are:

Bodd Technologies Pty Limited
20 Macquarie Street Prahran, Victoria 3181 Australia
privacy@bodd.io

DATE OF THIS POLICY

This policy was last updated on 12 April 2024.