Privacy Policy
Notice to individuals in the UK, EU and Switzerland where mPort Ltd is the controller of your data: Personal Information you provide to mPort will be transferred to the United States for processing. By providing your Personal Information to US, you consent to this transfer. You should be aware that the European Union has not determined that the United States provides an adequate level of protection for Personal Information. Although mPort has committed to abiding by the privacy principles described by the General Data Protection Regulation and has specified methods under which you may enforce your rights, the laws of the United States may not respect such principles. You may withdraw your consent at any time by emailing us at gdpr@bodymapp.com
mPort Ltd ACN 160 626 086 (mPort) understands the importance of protecting the privacy of an individual’s personal information This privacy policy sets out how mPort aims to protect the privacy of your personal information in accordance with General Data Protection Regulation, the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs), and how mPort collects, holds, uses and discloses your personal information.
This privacy policy may be updated from time to time.
Personal information is information or an opinion about an identified, or reasonably identifiable, individual During the provision of its services, mPort may collect your personal information.
Generally, the kinds of personal information mPort collects are:
- contact and identification information such as your name, address, telephone number, email address, date of birth, gender and age
- physical measurements, including height, waist, bust, hip, weight over time as you scan
- history of when and where you scan yourself;
- preferences or information you disclose on our website for our various applications;
Sensitive information including:
- health information; where you consent to the collection of such information and if relevant to the provision of mPort’s services
- where you are applying for a position with mPort, criminal record information where relevant
- other information required for mPort’s functions and activities. In some circumstances mPort may also hold other personal information provided by you
Generally, mPort collects your personal information directly from you, including when you apply for a position with mPort, through your use of the mPort website or when you otherwise provide us with personal information.
There may be occasions when mPort collects your personal information from other sources such as from: – an information services provider; – a publicly maintained record or other publicly available sources of information including social media and similar websites; and – for recruitment purposes, from an external recruitment or background screening services provider, agencies that undertake criminal history checks, any of your former or current employers and work colleagues, professional associations, registration bodies and educational institutions.
Generally, mPort will only collect your personal information from sources other than you if it is unreasonable or impracticable to collect your personal information from you.
mPort collects, holds, uses and discloses your personal information where it is reasonably necessary for the purposes of: – providing customers with our services, including for accounting, billing and other internal administrative purposes; – identifying and informing you of products and services that may be of interest to you from mPort or selected third parties; – assessing your application for employment with mPort or for the purpose of engaging you as a contractor or consultant; and – any other legal requirements.
mPort may also use your personal information for purposes related to the above purposes and for which you would reasonably expect mPort to do so in the circumstances, or where you have consented or the use is otherwise in accordance with law.
You are under no obligation to provide your personal information to mPort However, without certain information from you, mPort may not be able to provide its services to you.
mPort discloses your personal information for the purpose for which mPort collects it. mPort will only disclose your personal information for a purpose set out above. This may include disclosing your personal information to: – third parties engaged to perform administrative or other business management functions; – mPort’s professional advisors, contractors, consultants, insurance providers and related bodies corporate; and – regulatory bodies.
mPort may also disclose your personal information with your consent or if disclosure is required or authorised by law.
mPort is not likely to disclose any personal information to overseas recipients. However, where it is necessary to make overseas disclosure in order to provide you its products and services or for business or operational purposes (e.g. for administrative or other business management purposes), mPort will take reasonable steps to ensure the overseas recipient complies with the APPs or is bound by a substantially similar privacy scheme unless you consent to the overseas disclosure or it is otherwise required or permitted by law. If mPort is likely to disclose personal information to recipients located overseas, mPort will update this privacy policy regarding the likely disclosures (including, if it is practicable to do so, the countries in which such overseas recipients are likely to be located).
mPort may use and disclose your personal information in order to inform you of products and services that may be of interest to you In the event you do not wish to receive such communications, you can opt-out by contacting mPort via the contact details set out below or through any opt-out mechanism contained in a marketing communication to you.
mPort takes reasonable steps to ensure that the personal information it holds is protected from misuse, interference and loss and from unauthorised access, modification or disclosure mPort holds personal information in both hard copy and electronic forms in secure databases on secure premises, accessible only by authorised staff. Security measures employed by MPort will depend on the format in which it is contained. Measures include technological measures including SSL 128 bit encryption for all data transfers over the internet, physical measures such as locked cabinets and restricted access to offices and limiting access to a “need-to-know” basis. mPort will destroy or de-identify personal information in circumstances where it is no longer required, unless mPort is otherwise required or authorised by law to retain the information.
Under the Privacy Act, you have a right to access and seek correction of your personal information that is collected and held by mPort To seek access to your personal information please contact mPort’s Privacy Compliance Officer on the details set out below.
To obtain access to your personal information: – you will have to provide proof of identity; – you should be reasonably specific about the information you require; and – mPort may charge you a reasonable administration fee, which reflects the cost to mPort for providing access in accordance with your request.
If mPort refuses your request to access or correct your personal information, mPort will provide you with written reasons for the refusal and details of complaint mechanisms. mPort will also take steps reasonable in the circumstance to provide you with access in a manner that meets your needs and the needs of mPort.
mPort will endeavour to respond to your request to access or correct your personal information within 30 days from your request.
In addition to this, if you are located in the European Economic Area, these rights may include:
To access your personal information held by us (right to access)
To rectify inaccurate personal information and, taking into account the purpose of processing the personal information, ensure it is complete (right to rectification)
To erase/delete your personal information, to the extent permitted by applicable data protection laws (right to erasure; right to be forgotten). In some instances, we may not be able to delete some or all your information in order to comply with applicable laws. We may retain de-identified data.
To restrict our processing of your personal information, to the extent permitted by law (right to restriction of processing).
To transfer your personal information to another controller, to the extent possible (right to data portability)
To object to any processing of your personal information carried out on the basis of our legitimate interests (right to object). Where we process your personal information for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection.
Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision-Making”). Automated Decision-Making currently does not take place through our Services.
To the extent we base the collection, processing, and sharing of your personal information on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.
To exercise your rights, please contact us using the information in the Contact Information section of this policy. We try to respond to all legitimate requests within one month and will contact you if we need additional information from you in order to honor your request.
A ‘cookie’ is a packet of information placed on a user’s computer by a website for record keeping purposes. Cookies are generally used on the mPort site to:
access online services – if you visit a mPort website and log into our secure areas, we may use cookies to enable us to authorise your access
traffic monitoring – we may use tracking companies to gather information about how people use the mPort sites. This information may include time of visit, pages visited and system information about the type of computer you are using. We will use this information to enhance the content and services offered on the site
Cookies may also be used for other purposes on mPort sites but in each case none of the information collected can be used to personally identify you.
You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences.
If you disable the use of cookies on your web browser or remove or reject specific cookies from this website or linked sites then you may not be able to gain access to all of the content and features in this website.
For all citizens who reside outside of the UK, the EU and Switzerland, further information or enquiries regarding your personal information, or if you would like to opt-out of receiving any promotional or marketing communications, please contact mPort’s
Privacy Compliance Officer at support@mport.com
mPort Ltd (trading as Bodymapp), which processes the personal data of individuals in the European Union, European Economic Area and UK, in either the role of ‘data controller’ or ‘data processor’, has appointed DataRep as its Data Protection Representative for the purposes of GDPR* in the EU/EEA and The Data Protection Act 2018 / UK GDPR (as amended) in the UK, and FADP** in Switzerland.
If Bodymapp has processed or is processing your personal data, you may be entitled to exercise your rights under GDPR/FADP in respect of that personal data. For more details on the rights you have in respect of your personal data, please refer to the national Data Protection Authority in your country, the European Commission in the EU (https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu en) or the Federal Data Protection and Information Commission 1n Switzerland (https://www.edoeb.admin.ch/edoeb/en/home.html).
Bodymapp takes the protection of personal data seriously, and has appointed DataRep as their Data Protection Representative in the European Union and Switzerland so that you can contact them directly in your home country. DataRep has locations in each of the 27 EU countries, the UK, and Norway & Iceland in the European Economic Area (EEA) and Switzerland, so that Bodymapp’s customers can always raise the questions they want with them.
If you want to raise a question to Bodymapp, or otherwise exercise your rights in respect of your personal data, you may do so by:
- sending an email to DataRep at datarequest@comqquoting <Bodymapp> in the subject line,
- contacting us on our online webform at datarep.com/data-request,or
- mailing your inquiry to DataRep at the most convenient of the addresses in the subsequent
PLEASE NOTE: when mailing inquiries. it is ESSENTIAL that you mark your letters for ‘DataRep‘ and not ‘Bodymapp’, or your inquiry may not reach us. Please refer clearly to Bodymapp in your correspondence. On receiving your correspondence, Bodymapp is likely to request evidence of your identity, to ensure your personal data and information connected with it is not provided to anyone other than you.
Please direct all privacy complaints to mPort’s Privacy Compliance Officer.
At all times, privacy complaints will:
- be treated seriously
- be dealt with promptly
- be dealt with in a confidential manner
- not affect your existing obligations or affect the commercial arrangements between you and mPort
mPort’s Privacy Compliance Officer will commence an investigation into your complaint You will be informed of the outcome of your complaint following completion of the investigation In the event that you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Office of the Australian Information Commissioner.