Myzone Device | means a chest belt or garment incorporating a Myzone branded heart rate monitor and/or a similar device (such as a forearm or wrist band incorporating a Myzone branded heart rate monitor) or other Myzone product or service; |
Myzone Services | means all and/or any services that are provided by Myzone (and/or any of its suppliers and/or group companies) in relation to the Myzone System; |
Myzone System | means all and/or any part of the Myzone personal monitoring system comprising all current and future Myzone branded website and mobile products and services and system Software, including the Myzone Device and App; and |
The App | means the Myzone mobile software applications (and/or any part thereof) designed for downloading to mobile devices. |
To promote other products and services that we develop. We have established privacy options where you can view and make certain decisions about your personal data. Depending on the preferences that you express, we may use your personal data in order to determine which products, services and offers may be relevant for you (we call this marketing). You can ask us to stop sending you marketing messages at any time by logging into the Site and/or the App and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us at any time. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions. When you employ features that leverage technologies that integrate with our Site or App, data that is collected and shared with our Site or App is used to improve customer service and experience.
5.2 If you buy products or services through our online shop.
The primary reason for requesting information is to fulfil your order, collect payment from you, or make payment to you.
5.3 If you have provided your details so that we can contact you regarding our products and services.
You will receive marketing communications from us if you have requested information from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.
We will get your explicit opt-in consent before we share your special category personal data (such as health data) with any company outside the Myzone group of companies for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
You may receive information regarding our services and products because you have provided your details to us for marketing purposes.
Please be aware that information we collect will be processed in the Isle of Man, British Isles, a jurisdiction in which the data protection laws have been deemed to provide an adequate level of protection for personal data by the European Commission. Under the GDPR, the European Commission will be reviewing its adequacy decisions and we will update this section of our privacy policy accordingly.
By using the Site or App, providing information to us, and by giving your explicit consent to the transfers of your data, you explicitly consent to the transfer to and processing of data by Myzone in the Isle of Man, British Isles and also to the transfer to and processing of data by your facility in their jurisdiction (which is likely to be the jurisdiction in which you reside and which may not offer the same level of protection). If you wish to withdraw your explicit consent for your facility to access your personal information (perhaps because you have left your facility and have moved to another jurisdiction) you should contact support@myzone.org.
Myzone has been approved by Lloyd's Register Quality Assurance (LRQA) as conforming to Information Security Management Standard ISO/IEC 27001:2013.
8.2 Data Transfers.
Myzone operates internationally and transfers information to the United States and other countries for the purposes described in this policy and the reason that Myzone transfers data to other Myzone group companies above includes so that these other companies can help to support and service your requirements in your specific jurisdiction in relation to using your Myzone Device. Myzone relies on multiple legal bases to lawfully transfer personal data around the world. These include your explicit consent.
Please note that the countries where we operate may have privacy and data protection laws that differ from, and are potentially less protective than, the laws of your country. You expressly agree and explicitly consent to this risk when you create a Myzone account and click “I agree” to data transfers, irrespective of which country you live in. For a list of the locations where we have offices, please see our company information above. If you later wish to withdraw your explicit consent, you can delete your Myzone account as described in the Your Rights section below.
8.3 Subcontractors and Partners.
From time to time we may share information with subcontractors that provide us with services and also partners which we work with so as to provide you with Myzone Services. These services include, among other things, assisting us in operating our website, conducting our business, or servicing you. Our subcontractors and partners are required to keep the personal data that they receive confidential. These subcontractors include the subcontractors that are listed in the Third Party Sites and Service Providers section. These partners include the facilities that are listed in the Facility sections of this privacy policy.
8.4 Your Facilities.
You can register your Myzone Device for use at a facility (health club, community hub, social hub, school or employer etc.) by selecting their facility code in your Myzone Device user account. The data shared with the facility depends upon the level of agreement that the facility has entered into with us, as follows:
Level 1. As you are a member of the facility, they will have your name in their records. They are able to see that you are a Myzone Device user connected to their facility, but we do not share any data about you that Myzone obtains via your use of a Myzone Device with them.
IMPORTANT INFORMATION REGARDING THE SHARING OF INFORMATION WITH YOUR FACILITY
Your facility may upgrade its facility agreement by entering into a data-sharing agreement with us. If they have entered into a data-sharing agreement, they are responsible directly to you for the data that they receive and, if applicable, that they share with other third parties. You are advised of the access level that your facility operates under and you must give explicit consent in the Myzone App to your facility accessing data in accordance with its agreement level. If you do not give explicit consent, your data will not be shared with the facility and this may impact on the services that they can provide to you. The additional agreement levels are:
Level 2. The facility has advised us that they are based outside of the EU and that it has no EU citizens as members. They can transfer personal data from the Myzone platform to their systems. They can retain personal data on their systems if you were to terminate your Myzone Device user account and are responsible directly to you for the data that they hold.
Level 3. The facility cannot transfer personal data from the Myzone platform to their systems. If you were to terminate your Myzone Device user account, they will not have access to any personal data.
Level 4. The facility can transfer personal data from the Myzone platform to their systems. They can retain personal data on their systems if you were to terminate your Myzone Device user account and are responsible directly to you for the data that they hold.
Individuals connected with facilities are not our employees or agents and you should satisfy yourself that the facility has procedures in place to protect your privacy (and, if applicable, the privacy of any child).
Any data shared with facilities includes your first name, last name, nickname, Myzone Device ID, phone number, email address, date of birth, gender, resting heart rate, and maximum heart rate.
Your facility can also access data showing when you have participated in any class activity, the duration of such activity, and the number of calories burnt. In addition, facilities can access the names of your social connections linked with their facility and access the number of “likes” and the number of comments you have made against activities of other Myzone Device users. If you do not explicitly consent to facilities having access to such information you should either not proceed with your Myzone Device registration or should request and use a generic Myzone facility code. The facilities do not have access to any personal biometric data unless you permit them to have such access.
8.5 Distributors.
Our products are sold to facilities through third party distributors. If you decide to purchase a product, in order for you to enter into an agreement with the distributor, and for the distributor to fulfil the agreement for a facility, we may transfer any information that you (a facility) provide to us to the distributor.
Your distributor may provide support services to you and your facility in your region for which purpose the distributor will enter into a data-sharing agreement with us. If they have entered into a data-sharing agreement, they are responsible directly to you for the data that they receive and, if applicable, that they share with other third parties. You are advised if a distributor requires access and you must give explicit consent in the Myzone App to your distributor accessing data. If you do not give explicit consent, your data will not be shared with the distributor and this may impact on the support services that they can provide to you. The distributor cannot transfer personal data from the Myzone platform to their systems through an API or a data export feature offered by us. If you were to terminate your Myzone Device user account, they will not have access to any personal data.
Individuals connected with distributors are not our employees or agents and you should satisfy yourself that the distributor has procedures in place to protect your privacy (and, if applicable, the privacy of any child).
Any data shared with distributors includes your first name, last name, nickname, Myzone Device ID, phone number, email address, date of birth, gender, resting heart rate, and maximum heart rate.
Your distributor can also access data showing when you have participated in any class activity, the duration of such activity, and the number of calories burnt. In addition, distributors can access the names of your social connections linked with your facility and access the number of “likes” and the number of comments you have made against activities of other Myzone Device users. If you do not explicitly consent to facilities having access to such information you should either not proceed with your Myzone Device registration or should request and use a generic Myzone facility code. Distributors do not have access to any personal biometric data.
8.6 Business Transition.
In the event that we are bought, or substantially all of our assets are acquired, your information will be transferred to the acquiring company.
8.7 Sharing your Information with Law Enforcement.
We may report to law enforcement agencies any activities that we reasonably believe to be unlawful, or that we reasonably believe may aid a law enforcement investigation into unlawful activity. In addition, we reserve the right to release your information to law enforcement agencies if we determine, in our sole judgment, that the release of your information may protect the safety or property of any person or entity.
8.8 Sharing Your Information as Permitted by Law.
We may share your information with others as required by, or permitted by, law. This may include sharing your information with governmental entities, or third parties in response to subpoenas, court orders, other legal process, or as we believe is necessary to exercise our legal rights, to defend against legal claims that have been brought against us, or to defend against possible legal claims that we determine in our sole discretion might be brought against us.
8.9 You may Permit other Myzone Users to Access your Information.
You may choose to permit other Myzone users to access your activities, biometrics and (provided you are aged 18 or over) images. If any user (including coaches/trainers) connected with a Facility wish to access this information (and your phone number) through their account, you will be advised by email and can choose to refuse such access.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We keep information like your exercise or activity data, until you use your account settings to delete the data or your account because we use this data to provide you with your personal statistics and other aspects of the services. We also keep information about you and your use of the services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm,
If you choose to close your Myzone account, your personal data will generally stop being visible to others on our Myzone services within 24 hours. We generally delete closed account information within 30 days of account closure, except as noted below and please also see the request erasure section below.
We retain your personal data even after you have closed your account if we believe that this is necessary or required to comply with our legal obligations, meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, protect and/or enforce our rights and to fulfil any instructions not to communicate with you any further.
We will retain de-personalized information after your account has been closed.
Information you have shared with other users may remain visible after you close your account or delete the information from your own profile and account, and we do not control data that other users have copied out of our Myzone Services to any other devices or storage systems. Your profile may continue to be displayed in the services of others until they refresh their account settings.
We have provided you with a means of managing your privacy settings. You can update your default settings in the App and control what and with whom you share your personal information.
You hereby explicitly consent to the following default settings which are as follows:
Allow my connections to see “My Moves” data | = ON (visible) |
Allow my connections to see “My Photos” | = ON (visible) |
Allow my connections to see “My Connections” | = ON (visible) |
“Allow me to be viewed as a connection of a connection” | = ON (visible) |
If you choose to purchase any of our products or services, credit card information will be collected by a third party payment processor which has represented to us that the payment data that you transfer is encrypted (turned into unidentifiable code) by a method known as SSL (secure sockets layer).
While we take reasonable and appropriate measures to protect data that you submit directly to us, remember that the Internet is a global communications vehicle open to threats, viruses and intrusions from others and we cannot promise, and you should not expect, that we will be able to protect your information at all times and in all circumstances.
We store data on servers that are either owned or leased by us. We rent space for our servers from a dedicated hosting service provider that is compliant with ISO 27001 standards of security. We store our data at Domicilium, based the Isle of Man, British Isles. The Quality and Information Security Management Systems of Domicilium have been approved by Lloyd's Register Quality Assurance (LRQA) to the following Quality and Information Security Management Standards: ISO 9001:2015; ISO/IEC 27001:2013.
We work hard to keep your data safe. We use a combination of technical, administrative, and physical controls to maintain the security of your data. No method of transmitting or storing data is completely secure, however. If you have a security-related concern, please contact us at the Myzone contact details provided: support@myzone.org.
We allow you as a parent or guardian to create a Myzone account for a child in your care (your child) that is under the age of 16. A child’s account operates as a sub-account of your Myzone account. Your child can access their account by using the Site or App but with restricted features. You can access your child’s account by using the Site.
When a parent or guardian creates a Myzone account for their child, you can exercise each of the rights described in the “Your rights” section in connection with the child’s account. This includes the right to access the information that Myzone collected from the child, correct inaccuracies about the child, or delete information collected about a child. In addition to these rights, you can instruct Myzone to stop collecting additional information about your child (e.g. disable their account). As is indicated below, these rights can be exercised by contacting support@myzone.org or, in some cases, using online features that are built into your Myzone online account.
Your child’s account displays their username, name, “moves” activity, and profile picture. This data is shared with their connections and your facility. If you wish to collect and share your child’s biometric data with a facility, you must explicitly consent to this in your Myzone account. If such consent is given Myzone will collect the information described under the “What information do we collect?” section about your child, and use that information as is described in the “What do we use your information for?” section.
Throughout the European Union, different member states have implemented or are in the process of implementing, varying ages at which children are deemed capable of giving valid consent to the processing of their personal data, as indicated below:
Country Age for Valid Consent (correct as of 4 October 2018)
Austria | 14 |
Belgium | 13 |
Bulgaria | 14 |
Croatia | 16 |
Czech Republic | 13 |
Denmark | 13 |
Estonia | 13 |
Finland | 13 |
France | 15 |
Germany | 16 |
Greece | 15 |
Hungary | 16 |
Italy | 16 |
Latvia | 13 |
Lithuania | 14 |
Luxembourg | 16 |
Malta | 16 |
Netherlands | 16 |
Norway | 13 |
Poland | 13 |
Portugal | 13 |
Rep. of Ireland | 16 |
Romania | 16 |
Slovakia | 16 |
Slovenia | 15 |
Spain | 13 |
Sweden | 13 |
Switzerland | 16 |
United Kingdom | 13 |
Myzone can also share your personal data and information as part of a sale, merger or change in control of all and/or any part of Myzone and/or any Myzone Group Companies, or in preparation for any of these events and/or as Myzone and/or any Myzone Group Companies may be able to share your personal data under applicable law. Any other entity which buys Myzone, any Myzone Group Companies and/or part of Myzone, the Myzone Group Companies and/or the Myzone and/or Myzone Group Company business or businesses will have the right to continue to use your persona data and information, but only in the manner set out in this Privacy Policy and/or under applicable law.
For personal data subject to the GDPR, we rely on several legal bases to process the data, including (amongst other legal bases) the ones set out in the table below:
|
Purpose or Activity |
Type of Personal Data |
The Necessary and/or relevant Legal Basis of processing |
1 |
Register you as a User and allow you to log and monitor your exercise statistics and performance via the Myzone System and reporting to you on your usage and on any new features or updates or matters concerning your use of the Myzone System |
Identity, contact information and Myzone profile and exercise statistics and User usage of the Myzone System |
Performance of a contract |
2 |
Managing your orders including payment of fees and charges |
Identity, contact information, Myzone profile information and Order information |
Performance of a contract |
3 |
Supplying you with any customer support |
Identity, contact information, Myzone profile information and Order information and usage of the Myzone System |
Performance of a contract with you |
4 |
Using any special category data (including health data) to provide you with services via the Myzone System including your health statistics on the App and to do this Myzone: (a) Uses third party suppliers and contractors and Myzone Group Companies to help Myzone provide these services (as these are set out in the Third Party Sites and Services Provider Section of this privacy policy); and (b) Transfers your personal data (including special category data which includes health data) to countries outside the EU and EEA (including to Facilities and Third Party suppliers to Myzone and to Myzone Group Companies) |
Identity, contact information, Myzone profile information, Order information and information about exercise statistics and usage and technical information relating to User use of the Myzone System |
Explicit Consent |
5 |
To collect and recover money and debts owed by you to Myzone, Myzone Group Companies and any third parties |
Identity, contact information, Myzone profile, order information and financial information |
Legitimate interests |
6 |
Carry out fraud checks |
Identity, contact, Myzone profile, order information and financial information |
Legitimate interests |
7 |
To notify you in relation to Myzone legal obligations and documents, including changes to our terms and conditions or privacy policy |
identity, contact information, Myzone profile, Order information |
Legitimate interests |
8 |
To help us improve our offering to Users, including asking you to leave a review or take a survey, or provide customer insights |
Identity, contact information, Myzone profile, order information, marketing information |
Legitimate Interests |
9 |
To enable you to enter into a prize draw or competition and have the chance to win prizes |
Identity, contact information, Myzone profile and marketing information and exercise statistics and usage of the Myzone System |
Legitimate interests |
10 |
To administer and maintain and protect and update the Myzone business and the Myzone IT systems relating to the Myzone System (including security or technical related issues) |
Identity, contact information, Myzone profile and technical information and usage information |
Legitimate interests |
11 |
To deliver relevant content, advertisements and other marketing material via the Myzone System to Users and measuring results of that promotional activity (including using data analytics for profiling of Users) |
Identity, contact, Myzone profile, order information, marketing information, technical information |
Legitimate interests |
12 |
Myzone making suggestions and recommendations to you about goods or services that may be of interest to you |
Identity, contact information, Myzone profile, order information, marketing information, technical information |
Legitimate interests including use of cookies as per our cookie policy |
13 |
Improving the Myzone System by using data analytics and profiling of Users so that Users get products/services, marketing, customer relationships and experiences and connections that are more tailored to them |
Identity, contact information, Myzone profile, exercise statistics and performance, technical information, marketing information |
Legitimate interests including use of cookies as per our cookie policy |
14 |
Sharing non-special category data with staff at Myzone and third parties (including the Myzone Group and Facilities) and also Myzone advisors and investors |
Identity, contact, Myzone profile, order information, marketing information, technical information |
Legitimate Interests |
Regarding the above legal bases:
Explicit Consent means when you have given your explicit consent, which you may withdraw at any time using your account settings and other tools.
Legitimate Interests means that we may process your personal data for the purposes of our legitimate interests or for the legitimate interests of third parties (e.g. Facilities and/or Myzone Group Companies), provided that such processing shall not outweigh your rights and freedoms.
Performance of a Contract with You means we may process your personal data for the purposes of our performing a contract with you.
Myzone may use information about your identity, contact information, profile information, usage of the Myzone System, technical information, order information and your exercise statistics or performance to decide upon what we think you may or may not want or need, or what may or may not be of interest to you. This is how we decide which products, services and offers may be relevant for you. Myzone may use the data you provide to us directly for this purpose along with third party data.
We generally only send emails and messages such as email marketing to Users or individuals who have previously bought similar products from us and this is in our legitimate interests. We will aim to provide Users with a way out of receiving this marketing when you first purchase our products and in every marketing communication afterwards. We may sometimes send out postal marketing for the purpose of growing our sales which is in our legitimate interests and you can opt out of this by contacting us at: support@myzone.org.
Where you have not previously bought from us but have registered your details with us (for example by entering a competition or signing up for a newsletter), we will only send you marketing communications if you opted into receiving marketing at the time and given consent which you may withdraw at any time.
We may also share certain data with third parties in order to show you targeted ads when you visit them. We do this by the use of cookies which capture your visits to our website in accordance with our cookie policy.
You can ask us to stop sending you marketing messages at any time by logging into your account and adjusting your marketing preferences.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, or related correspondence, and we will continue to process such data in accordance with this Privacy Policy and as permitted by law.
We do not conduct any automated decision making. You have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Users are able to request the deletion or removal of personal data. Users can email support@myzone.org and we will remove their personal data from all records, including archive records, and disable their account. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Once an account has been deleted, we will not be able to recreate it. It should be noted that we do not know the reasoning behind any period of inactivity on a Myzone account, and we are reluctant to close accounts without the consent of Users. We contact all Users that have had no activity on their account over a period of 24 months to determine if they wish to retain their account. We delete the account if we receive confirmation that account is no longer required. Please note that the removal of such personal data will render the Myzone Device and service inoperable. Also note that content you have shared with others or that others have copied may also remain visible after you have deleted your account or deleted the information from your own account. Please also note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. If you choose to delete your account, please note that while most of your information will be deleted within 30 days, it may take up to 90 days to delete all of your information, like the data recorded by your Myzone Device and other data stored in our backup systems. This is due to the size and complexity of the systems we use to store data. We may also preserve data for legal reasons or to prevent harm.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. Users have a right to move their data from one facility to another. However, if the other facility is not a Myzone customer, we will only be able to assist in transferring data if this is technically feasible. If you wish to transfer your account or receive a copy of your data, contact support@myzone.org.
Withdraw consent at any time where we are relying on explicit consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your explicit consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your explicit consent.
Editing and Deleting Data. By logging into your account and using your account settings, you can change and delete your personal information. For instance, you can edit or delete the profile data you provide and delete your Myzone account if you wish.
Exercising your rights: Many of your rights above can be exercised via your account settings and tools to control our use of your personal data. For example, through your account settings, you can limit how your information is visible to other users of the services. If you need further assistance regarding your rights, please contact our Data Protection Officer at: dpo@myzone.org and we will consider your request in accordance with applicable laws.
Please also visit our Terms and Conditions section establishing the use, disclaimers, and limitations of liability governing the use of our websites and Apps at www.myzone.org.
By ordering or registering your Myzone Device, and by Myzone facilities registering their facility, you confirm your acceptance of our Privacy Policy (including providing Myzone with your explicit consent to use your personal data in the ways that are set out in this Privacy Policy).
This policy was written in English. To the extent a translated version conflicts with the English version, the English version prevails.
Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority. Further information about ICO can be obtained here: https://www.inforights.im/. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance at: dpo@myzone.org.
Myzone will use your personal data for the purposes for which Myzone collected it, unless Myzone consider that Myzone needs to use it for another reason and Myzone believes that the relevant reason is compatible with the original purpose. If you want further information about this then please contact: support@myzone.org. If Myzone need to use your personal data for an unrelated purpose, Myzone will notify you and we will explain the relevant legal basis of processing.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
If we decide to change our Privacy Policy, we will post those changes on this page, send an email notifying you of any changes or display a message on this Site, and/or update the Privacy Policy modification date below. If the change relates to the use of children’s accounts, an email will be sent to the relevant Responsible Adult, being the parent or guardian of the child.
This policy was last modified in January 2022.