Myzone and GDPR
If your facility requires access to users’ data, please review the following data sharing agreements.
Data Sharing Agreement Levels
Please read the below carefully. All facilities are required to accept the Level 1 agreement. You will need to look at Levels 2, 3, and 4 to identify which one is most relevant to you.
Level 1 Facility Agreement
All facilities will be subject to Level 1, however you will need to still accept the agreement to comply with GDPR. Please click on the link which will take you to the facility login page.
Level 2 Data Sharing Agreement
Your facility is located outside of the EU and does not hold data on any EU citizens. The facility is given access to personal data on the Myzone 2.0 platform. The facility can download data from Myzone 2.0 and is provided with an API.
The facility must give the undertaking at clause 3.1 that none of its members are EU citizens and that the GDPR does not apply to it. The facility must indemnify Myzone in respect of this undertaking. The facility will not be able to access the personal data when their contact with Myzone terminates.
Users are informed that the facility has access to their personal data. Users confirm that they are not an EU citizen.
Level 3 Data Sharing Agreement
Your facility requires access to Users personal data, which may relate to EU citizens. The facility cannot download data from Myzone 2.0 and
is not provided with an API.
The facility must complete a Level 3 Data Sharing Agreement and must comply with the requirements of the GDPR and meet its obligations to the Users in respect of any processing that they carry out. The facility will not be able to access the End Users’ Personal Data when the data sharing agreement with Myzone terminates.
End Users are informed that the facility has access to their Personal Data and that such access will be withdrawn either when an End User ends their contract with Myzone or the facility’s data sharing agreement with Myzone terminates.
Level 4 Data Sharing Agreement
Your facility requires access to Users personal data, which may relate to EU citizens. The facility can download data from Myzone 2.0 and is provided with an API.
The facility must complete this Level 4 Data Sharing Agreement and must comply with the requirements of the GDPR and meet its obligations to the Users in respect of any processing that they carry out. The facility will be able to access the personal data when the data sharing agreement with Myzone ends. End Users are informed that the facility has access to their personal data and that when their contract with Myzone ends, or the facility’s contract with Myzone terminates, the facility may retain their personal data.
The facility will need to prepare a Data Protection Impact Assessment.
ACTION REQUIRED
To accept the terms you will need to click on the link below. This will take you to the Myzone facility login page. From here you will need to go to the Facility License page accessible from the drop down menu at the top left of the page.
It is important that one person is dedicated to delivering the signed GDPR Shared Data Agreement for Myzone. Please ensure that within a facility you have agreed who is responsible for this and it is actioned to prevent any loss of access on data for your facility.
What constitutes personal data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.