PRIVACY POLICY

THIS PRIVACY POLICY EXPLAINS HOW MYZONE PROCESSES YOUR PERSONAL DATA. PLEASE READ IT CAREFULLY AND IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY THEN PLEASE DO NOT USE ANY OF THE MYZONE SERVICES. YOU CAN USE YOUR ACCOUNT SETTINGS AND TOOLS TO WITHDRAW YOUR CONSENT AT ANY TIME, INCLUDING BY STOPPING USE OF THE MYZONE SERVICES, ANY FEATURE, REMOVING OUR ACCESS TO A THIRD PARTY SERVICE, UNPAIRING THIRD PARTY SERVICE, UNPAIRING YOUR DEVICE, OR DELETING YOUR DATA OR YOUR ACCOUNT.


Effective 1st October 2020

1. Introduction


Your privacy is very important to Myzone. Please read our Privacy Policy carefully and contact us if you have any questions.
By accessing this website (“Site”) or using our App or other Myzone product or service on any computer, mobile phone, tablet, console or other device (each a “Device”) you hereby provide your explicit consent to our Privacy Policy and to the collection, use and disclosure of your personal data in accordance with this Privacy Policy.

Myzone Device

means a chest belt or garment incorporating a Myzone branded heart rate monitor and/or a similar device (such as a forearm or wrist band incorporating a Myzone branded heart rate monitor) or other Myzone product or service;

Myzone Services

means all and/or any services that are provided by Myzone (and/or any of its suppliers and/or group companies) in relation to the Myzone System;

Myzone System

means all and/or any part of the Myzone personal monitoring system comprising all current and future Myzone branded website and mobile products and services and system Software, including the Myzone Device and App; and

The App

means the Myzone mobile software applications (and/or any part thereof) designed for downloading to mobile devices.


In this Policy Myzone, "we", "us" and "our" mean Myzone Limited (defined below). Myzone is your data controller and provides the Myzone Services (being all goods and/or services that are provided by Myzone to you) and "you" or “your” means the individual who is accessing or using the Site, App or who has registered as the user of a Myzone product
To the extent that information we collect is health data or another special category of personal data subject to the General Data Protection Regulation (GDPR), we ask for and obtain your explicit consent to process the data. We obtain this explicit consent separately when you take actions leading to our obtaining the data, for example, when you pair your device to your account, grant us access to your exercise or activity data from another service, or use any health tracking feature. You can use your account settings to withdraw your consent at any time, including by stopping use of a feature, removing our access to a third-party service, unpairing your device, or deleting your data or your account.
You must accept these Terms to create a Myzone account and to access or use the Myzone Services. If you do not have an account, you accept these terms by using any part of the Myzone services. If you do not accept these terms, please do not create an account or use any of the Myzone Services.

2. Use of Myzone Services and Your Account

Full use of the Myzone services requires that you create an account by providing Myzone with information such as your full name and a valid email address, as well as a strong password. You are responsible for all activity that occurs in association with your account. Myzone is not liable for any losses or damages caused by your failure to maintain the confidentiality of your account credentials. Please contact Myzone immediately if you discover or suspect any security breach related to the Myzone Services in relation to your account.
3. Who are we?

Myzone Ltd has its registered office and business address at Level 3, Gordon House, 10a Prospect Hill, Douglas, Isle of Man IM1 1EJ, British Isles. Myzone has notified under the GDPR with the Isle of Man Information Commissioner with the following details: R000702. Questions or comments about this Privacy Policy may be submitted by mail to the address above, via support@myzone.org, or by telephone at +44 (0)115 7788 311. Myzone has appointed a Data Protection Officer and our Data Protection Officer can be contacted at dpo@myzone.org.
4. What information do we collect?

4.1 If you are a Myzone user
We collect information from you when you register your Myzone Device on this Site or via the App. We also collect information from Myzone facilities (health clubs, community hubs, social hubs, schools or employers etc.).
When registering your Myzone Device on this Site or via the App, you will be asked to enter information including your name, email address, date of birth, gender, height, weight, phone number and member/employee number (if applicable). In addition, you may provide (either through manually inputting data or through the use of compatible devices) biometric data such as blood pressure, bone mass, fat mass, basal metabolic rate, waist circumference, fat free mass, total body water, visceral fat, metabolic age and your location details.
When you employ features that leverage technologies that integrate with our Site or App, such as other mobile applications, wearables, other fitness technologies, biometric and body composition analysers, and services capturing location data, we may collect data that is shared with our Site or App. The collection of such data may occur even when our Site or App are not actively open and running. Inferences drawn from any of the above, including the number of calories you burned, distance you travelled and personalized exercise and activity goals may also be collected. We will not collect location data unless you have allowed this by providing your explicit consent in your “permissions”.
If you have installed the App on a Device and are aged 18 or over, you may also capture images.
You can add details to your exercise activity and personalize your profile with photos. You can add (and remove) social connections and send and receive messages with them. You can search for other Myzone users and they can search for your profile and your connections to add you and your connections as a connection (with your permission). You can block (and unblock) connections to prevent your profile being displayed in the search results of those you block. You can elect to “like” exercise activity of Myzone users you are connected with.
We also collect information passively from the Myzone Device, including heart rate data.
Myzone facilities will be asked to provide their contact details, including their telephone number, email address(es) and Twitter account.
Myzone collects the categories of personal information mentioned in this privacy policy and as below. We receive this information from you, your device, your use of the services, the facilities, third parties (like the other services you have connected to or employers), and as otherwise described in this policy. We use and disclose these categories of information for the business purposes described in this Privacy Policy. The categories are:
  •  Biometric information, such as your exercise, activity or health data and any similar information to which you grant us access from another service.
  •  Commercial information, including your payment information and records of the services or devices you purchased, obtained, or considered (for example, if you added them to your shopping cart on the Myzone online store but did not purchase them).
  •  Demographic information, such as your gender, age, health information, and physical characteristics or description.
  •  Geolocation data, if you have granted us access to that information.
  •  Identifiers, like your name or username, email address, mailing address, phone number, IP address, account ID, device ID, cookie ID, profile photo or other photos and other similar identifiers and other information that you provide, including account information such as your biography or country and information via any chatbots.
  •  Internet or other electronic network activity information, such as the usage data we receive when you access or use our Myzone services. This includes information about your interactions with the services (such as times and periods of usage and non-usage) and about the devices and computers you use to access the Myzone services.
  •  Professional or employment related information, including any information (like your name, email address, or similar information) that your employer or third party provides to us.
  •  Inferences drawn from any of the above, including the number of calories you burned, distance and personalized exercise and activity goals.

4.2 If you have provided your details so that we can contact you regarding our products and services either via your explicit consent or under our legitimate interests as set out in this Privacy Policy.
You have choices about the information on your profile such as your name and email address and password. You don’t have to provide additional information on your profile but adding additional information will help you to get more from the Myzone Services.
It is up to you as to whether or not you make any of the information about you public. Please do not post or add personal data to your profile or send any information to others (by posting information or otherwise) that you would not want to be publicly available. You do not have to post or upload personal data but not doing so may limit your ability to grow and engage with others that you may wish to engage with.
We also use personal data and information about you such as your profile to help others find your profile, suggest connections for you and others and enable you to invite others to become a connection of yours. It is your choice whether or not to invite someone to connect with you by using Myzone Services or allow to allow another Myzone user to become your connection. When you invite someone to connect with you, your invitation will include basic profile information and you can choose whether or not to share your own list of connections with your connections.
We identify you and log usage data when you visit or use the App or the Myzone Services such as if you perform a search, install or update our mobile apps, share articles or connect or communicate with others that are also using the Myzone Services.
We also get information about your network and device and if you use the Myzone Services we log location regarding phone settings but we will ask for you to opt in to using GPS or other tools to identify your exact location.
We may also use your data for invitations and communications promoting membership and network growth, engagement and our Myzone Services, such as by showing your connections that you have used a feature on our Services.
We will also use your data (which can include our communications with you):
  1.  to investigate, respond to and resolve complaints and for Myzone Service issues (such as resolving any issues with the Myzone Services); and
  2.  for security purposes or to prevent or investigate possible fraud and/or other breaches of our terms and conditions of use of the Myzone Services and/or any attempts to harm the Myzone Services and/or any users of the Myzone Services and/or any third parties (including suppliers and facilities) that may be in any way connected or associated with the Myzone Services.

4.3 If you buy products or services through our online shop or ecommerce platform
We will collect the following information about you:
1. Your name
2. Postal Address
3. Email address
4. Telephone number (including mobile number)
We may also collect information about whether or not you completed a purchase, your purchase details (including details of aborted purchases), returns and other details such as the product purchased and the amount paid.
In the course of your use of the Site or App, we may also automatically collect technical data, including internet protocol (IP) address, your login data, browser type and version, time zone setting and location (please refer to your preference controls regarding location data), browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Site or App.
In order to complete your transaction, we may refer you to a third party’s website, or a third party’s payment portal, by way of example only CyberSource and Till Payments that will collect information about your payment card. The information that you submit to them is not transmitted to Myzone, and you should review any privacy statements issued by the third-party provider before submitting your information. We may also collect your bank account information and transmit this to a third party, by way of example only GoCardless and you should review their privacy statement before providing information to us, that will retain your information in order collect one-off or recurring payments. The information about your payment card or bank account that you provide may be retained and accessed for use with your subsequent purchases.
In addition, our Site or App may also contain links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. It is important to note that we do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site or App, we encourage you to read the privacy notice of every website and application you visit or use.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

4.4 If you are a visitor to our site
We use Automated Features (see Third-Party Sites and Service Providers section below for details).
Please also see our cookie policy (see Do we use cookies section below for details).

5 What do we use your information for?

5.1 If you are a Myzone user
As part of your use of the Myzone Device, you may receive notifications, text messages, alerts, emails, and other electronic communications. You agree to the receipt of these communications. You can control most of these communications from your account settings. We may need to provide you with certain communications, such as security, service announcements and administrative messages from which you cannot opt out. You are responsible for any messaging or data fees you may be charged by your wireless carrier. Any notices, agreements, disclosures, or other communications that we send to you electronically will satisfy any legal communication requirements, including that the communication be in writing. We will also use data (which can include your communications) to investigate, respond to and resolve complaints and for Service issues (e.g., bugs).
The primary reason for requesting information is to personalise your experience and to allow you to enjoy the full benefits of being able to monitor your physical activity through measuring, recording and displaying your heart rate while using the Myzone Device.
The information we collect from you may also be used in the following ways:
  • To improve our Site or App (we continually strive to improve our Site and App based on the information and feedback we receive from you);
  • To improve customer service (your information helps us to respond more effectively to your customer service requests and support needs);
  • To administer an online exercise class, contest, promotion, survey or similar function. (Note: you can unsubscribe from receiving marketing communications at any time by contacting us in writing or via the App.)
  • To send periodic emails. The email address you provide will only be used to send you information and updates pertaining to your Myzone Device or matters which we believe may be of interest.
  • We request information from Myzone facilities so that they can register as a Myzone site owner, access the names of users who have registered Myzone Devices at their facility so they can communicate with them, and to enhance the Myzone Device users’ experience of the Myzone System.
  • To assist Myzone facilities in the service that they provide to you. We use the information we collect to promote the safety and security of the Myzone services, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
  • To promote other products and services that we develop. We have established privacy options where you can view and make certain decisions about your personal data. Depending on the preferences that you express, we may use your personal data in order to determine which products, services and offers may be relevant for you (we call this marketing). You can ask us to stop sending you marketing messages at any time by logging into the Site and/or the App and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us at any time. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions. When you employ features that leverage technologies that integrate with our Site or App, data that is collected and shared with our Site or App is used to improve customer service and experience.

5.2 If you buy products or services through our online shop
The primary reason for requesting information is to fulfil your order, collect payment from you, or make payment to you.

5.3 If you have provided your details so that we can contact you regarding our products and services
You will receive marketing communications from us if you have requested information from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.
We will get your explicit opt-in consent before we share your special category personal data (such as health data) with any company outside the Myzone group of companies for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
You may receive information regarding our services and products because you have provided your details to us for marketing purposes.

6. How do we protect your personal data?

Myzone Ltd is registered as a data controller in the Isle of Man under the Data Protection Act 2018 and has Notification Number R000702. Accordingly, any personal data we hold must be:
  • Used fairly and lawfully
  • Used for specific and lawful purposes, in a manner that is compatible with those purposes
  • Adequate, relevant and not excessive
  • Accurate and where necessary kept up to date
  • Kept for no longer than necessary
  • Used in accordance with the rights of individuals under the Act
  • Kept secure to avoid unauthorised or unlawful use, accidental loss, or damage

Please be aware that information we collect will be processed in the Isle of Man, British Isles, a jurisdiction in which the data protection laws have been deemed to provide an adequate level of protection for personal data by the European Commission. Under the GDPR, the European Commission will be reviewing its adequacy decisions and we will update this section of our privacy policy accordingly.
By using the Site or App, providing information to us, and by giving your explicit consent to the transfers of your data, you explicitly consent to the transfer to and processing of data by Myzone in the Isle of Man, British Isles and also to the transfer to and processing of data by your facility in their jurisdiction (which is likely to be the jurisdiction in which you reside and which may not offer the same level of protection). If you wish to withdraw your explicit consent for your facility to access your personal information (perhaps because you have left your facility and have moved to another jurisdiction) you should contact support@myzone.org.
Myzone has been approved by Lloyd's Register Quality Assurance (LRQA) as conforming to Information Security Management Standard ISO/IEC 27001:2013.

7 Do we use cookies?

Yes (cookies are small files that a site transfers to your computer’s hard drive through your Web browser (if you allow) enabling us to recognize your browser and capture and remember certain information).
We use cookies to help us remember and process site preferences so that we can offer better site experiences and tools in the future. We do not share cookies with third parties.
Some web browsers and devices permit you to broadcast a preference that you not be “tracked” online. However, we do not recognize or respond to browser initiated Do Not Track signals, as the internet industry has not fully developed Do Not Track standards, implementations and solutions. To learn more about Do Not Track signals, you can visit https://allaboutdnt.com.
8 Do we disclose any information to outside parties?


We do not share your personally identifiable information with any other party (whether by way of sale, trade, or otherwise) except in the following situations:
8.1 Group companies
We may share your information with group companies (Myzone Group Companies) that are a fellow subsidiary undertaking of Myzone Holdings Limited, namely:
Myzone Inc, incorporated in Illinois, USA, number 70161893. Registered Office: 311 S Wacker Dr. Suite 480, Chicago, Illinois 60606;
Myzone Group Ltd, incorporated in England and Wales, number 9634208. Registered Office: European House, 93 Wellington Road, Leeds, LS12 1DZ UK;
Myzone (APAC) Pty Ltd, ACN 606 655 887. Registered Office: 18 Sangiorgio Court, Osborne Park, WA 6017, Australia;
Myzone (Europe) GmbH, De-Saint-Exupéry-Straße 10, 60549 Frankfurt am Main, Registered office: Frankfurt am Main, Germany, Court of Registration: AG Frankfurt am Main, HRB 115303;
Myzone Tech (Asia) Pte. Ltd, incorporated in Singapore, number 202011967G. Registered office: 6 Eu Tong Sen Street #11-20 The Central, Singapore 059817;
Myzone Holdings Ltd, Myzone (Worldwide) Ltd and Myzone (UK) Ltd, all incorporated in IOM, British Isles, numbers 017376V, 0006611V, and 006010V. Registered address: Level 3, Gordon House, 10a Prospect Hill, Douglas, IOM IM11EJ, British Isles.

8.2 Data Transfers
Myzone operates internationally and transfers information to the United States and other countries for the purposes described in this policy and the reason that Myzone transfers data to other Myzone group companies above includes so that these other companies can help to support and service your requirements in your specific jurisdiction in relation to using your Myzone Device. Myzone relies on multiple legal bases to lawfully transfer personal data around the world. These include your explicit consent.
Please note that the countries where we operate may have privacy and data protection laws that differ from, and are potentially less protective than, the laws of your country. You expressly agree and explicitly consent to this risk when you create a Myzone account and click “I agree” to data transfers, irrespective of which country you live in. For a list of the locations where we have offices, please see our company information above. If you later wish to withdraw your explicit consent, you can delete your Myzone account as described in the Your Rights section below.

8.3 Subcontractors and Partners
From time to time we may share information with subcontractors that provide us with services and also partners which we work with to provide you with Myzone Services. These services include, among other things, assisting us in operating our website, conducting our business, or servicing you. Our subcontractors and partners are required to keep the personal data that they receive confidential. These subcontractors include the subcontractors that are listed in the Third-Party Sites and Service Providers section. These partners include the facilities that are listed in the Facility sections of this privacy policy.

8.4 Your Facilities
You can register your Myzone Device for use at a facility (health club, community hub, social hub, school, or employer etc.) by selecting their facility code in your Myzone Device user account. The data shared with the facility depends upon the level of agreement that the facility has entered into with us, as follows:
Level 1. As you are a member of the facility, they will have your name in their records. They are able to see that you are a Myzone Device user connected to their facility, but we do not share any data about you that Myzone obtains via your use of a Myzone Device with them.
IMPORTANT INFORMATION REGARDING THE SHARING OF INFORMATION WITH YOUR FACILITY
Your facility may upgrade its facility agreement by entering into a data-sharing agreement with us. If they have entered into a data-sharing agreement, they are responsible directly to you for the data that they receive and, if applicable, that they share with other third parties. You are advised of the access level that your facility operates under and you must give explicit consent in the Myzone App to your facility accessing data in accordance with its agreement level. If you do not give explicit consent, your data will not be shared with the facility and this may impact on the services that they can provide to you. The additional agreement levels are:
Level 2. The facility has advised us that they are based outside of the EU and that it has no EU citizens as members. They can transfer personal data from the Myzone platform to their systems. They can retain personal data on their systems if you were to terminate your Myzone Device user account and are responsible directly to you for the data that they hold.
Level 3. The facility cannot transfer personal data from the Myzone platform to their systems. If you were to terminate your Myzone Device user account, they will not have access to any personal data.
Level 4. The facility can transfer personal data from the Myzone platform to their systems. They can retain personal data on their systems if you were to terminate your Myzone Device user account and are responsible directly to you for the data that they hold.
Individuals connected with facilities are not our employees or agents and you should satisfy yourself that the facility has procedures in place to protect your privacy (and, if applicable, the privacy of any child).
Any data shared with facilities includes your first name, last name, nickname, Myzone Device ID, phone number, email address, date of birth, gender, resting heart rate, and maximum heart rate.
Your facility can also access data showing when you have participated in any class activity, the duration of such activity, and the number of calories burnt. In addition, facilities can access the names of your social connections linked with their facility and access the number of “likes” and the number of comments you have made against activities of other Myzone Device users. If you do not explicitly consent to facilities having access to such information you should either not proceed with your Myzone Device registration or should request and use a generic Myzone facility code. The facilities do not have access to any personal biometric data unless you permit them to have such access.

8.5 Distributors
Our products are sold to facilities through third party distributors. If you decide to purchase a product, in order for you to enter into an agreement with the distributor, and for the distributor to fulfil the agreement for a facility, we may transfer any information that you (a facility) provide to us to the distributor.
Your distributor may provide support services to you and your facility in your region for which purpose the distributor will enter into a data-sharing agreement with us. If they have entered into a data-sharing agreement, they are responsible directly to you for the data that they receive and, if applicable, that they share with other third parties. You are advised if a distributor requires access and you must give explicit consent in the Myzone App to your distributor accessing data. If you do not give explicit consent, your data will not be shared with the distributor and this may impact on the support services that they can provide to you. The distributor cannot transfer personal data from the Myzone platform to their systems through an API or a data export feature offered by us. If you were to terminate your Myzone Device user account, they will not have access to any personal data.
Individuals connected with distributors are not our employees or agents and you should satisfy yourself that the distributor has procedures in place to protect your privacy (and, if applicable, the privacy of any child).
Any data shared with distributors includes your first name, last name, nickname, Myzone Device ID, phone number, email address, date of birth, gender, resting heart rate, and maximum heart rate.
Your distributor can also access data showing when you have participated in any class activity, the duration of such activity, and the number of calories burnt. In addition, distributors can access the names of your social connections linked with your facility and access the number of “likes” and the number of comments you have made against activities of other Myzone Device users. If you do not explicitly consent to facilities having access to such information you should either not proceed with your Myzone Device registration or should request and use a generic Myzone facility code. Distributors do not have access to any personal biometric data.

8.6 Business Transition
In the event that we are bought, or substantially all of our assets are acquired, your information will be transferred to the acquiring company.

8.7 Sharing your Information with Law Enforcement
We may report to law enforcement agencies any activities that we reasonably believe to be unlawful, or that we reasonably believe may aid a law enforcement investigation into unlawful activity. In addition, we reserve the right to release your information to law enforcement agencies if we determine, in our sole judgment, that the release of your information may protect the safety or property of any person or entity.

8.8 Sharing Your Information as Permitted by Law
We may share your information with others as required by, or permitted by, law. This may include sharing your information with governmental entities, or third parties in response to subpoenas, court orders, other legal process, or as we believe is necessary to exercise our legal rights, to defend against legal claims that have been brought against us, or to defend against possible legal claims that we determine in our sole discretion might be brought against us.

8.9 You may Permit other Myzone Users to Access your Information
You may choose to permit other Myzone users to access your activities, biometrics and (provided you are aged 18 or over) images. If any user (including coaches/trainers) connected with a Facility wish to access this information (and your phone number) through their account, you will be advised by email and can choose to refuse such access.

8.10 Third-Party Sites and Service Providers
  1. Payment Processors. We provide information to providers of merchant / transaction fulfilment services so that payment can be collected from you.
    We use CyberSource, an eCommerce payment management company, owned by Visa Inc. Their privacy policy is available at https://usa.visa.com/legal/privacy-policy.html.
    Till Payments Solutions Pty Ltd (for collection of Australian and New Zealand Dollars), ABN 64 160 726 349. Their privacy policy is available at https://www.tillpayments.com/privacypolicy.php.
    GoCardless Ltd, Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom (company registration number 07495895) authorised by the UK Financial Conduct Authority under the Payment Services Regulations 2017, registration number 597190, for the provision of payment services. Their privacy policy is available at https://gocardless.com/privacy/payers/.
    We do not hold debit card or payment card details of our customers. The merchant services providers mentioned above are required to comply the Payment Card Industry Data Security Standard, an information security standard for organizations that handle cardholder information.
  2. Business analytics. We use your information to analyse, develop and improve our services. We may use third party analytics providers to gain insights into how our services are used and to help us improve. The iOS App may use the following services:
    Fabric/Crashlytics to provide “crash” reports so that we can improve our service to you. Crashlytics uses and stores personal data for 90 days (Further details are available at https://docs.fabric.io/apple/fabric/data-privacy.html).
    Google Analytics and/or Firebase Crashlytics (Further details available at https://firebase.google.com/policies/analytics and https://firebase.google.com/support/privacy). We do not use or enable the Advertising Identifier. If you wish to opt out of this service, you can elect to do so in your “permissions”.
  3. Marketing platforms. We use HubSpot to assist with marketing and customer services. Their privacy policy is available at https://legal.hubspot.com/product-privacy-policy.
  4. Automated features. We use automated features, such as conversational artificial intelligence solutions and customer support “chatbots” as part of our customer service program. If you use these features through our Site or App, information may be shared with us to assist us in addressing your enquiry, including: your email address, your phone type, your Myzone Device ID, your facility code, the version of your App, your Myzone Device version and the model of your phone. We use solutions provided by Ada Support Inc. a Canadian registered company with a registered address at Unit 801, 96 Spadina Avenue, Toronto, Ontario, Canada to provide automated features. Any details you provide are subject to their Privacy Policy available at https://www.ada.support/privacy. data transfer to Canada.
  5. Support platforms. We use Zendesk to track, prioritize and solve customer support issues. Their privacy policy is available at https://www.zendesk.com/company/privacy-and-data-protection/.
  6. Project management and communications. We use Asana project management software to achieve goals and objectives (their privacy policy is available at https://asana.com/terms#privacy-policy) and we use Slack to organize conversions. Their privacy policy is available at https://slack.com/intl/en-im/privacy-policy.

The above third-party sites and service providers are obligated to protect your personal information and the privacy policy links are correct as at the date of this policy.
Notwithstanding the above, we may provide anonymised (non-personally identifiable) information to other parties for marketing, advertising, or other uses.
9 How long do we keep your personal data?


We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We keep information like your exercise or activity data, until you use your account settings to delete the data or your account because we use this data to provide you with your personal statistics and other aspects of the services. We also keep information about you and your use of the services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm,
If you choose to close your Myzone account, your personal data will generally stop being visible to others on our Myzone services within 24 hours. We generally delete closed account information within 30 days of account closure, except as noted below and please also see the request erasure section below.
We retain your personal data even after you have closed your account if we believe that this is necessary or required to comply with our legal obligations, meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, protect and/or enforce our rights and to fulfil any instructions not to communicate with you any further.
We will retain de-personalized information after your account has been closed.
Information you have shared with others users may remain visible after you close your account or delete the information from your own profile and account, and we do not control data that other users have copied out of our Myzone Services to any other devices or storage systems. Your profile may continue to be displayed in the services of others until they refresh their account settings.

10 Managing your privacy options

We have provided you with a means of managing your privacy settings. You can update your default settings in the App and control what and with whom you share your personal information.
You hereby explicitly consent to the following default settings which are as follows:
Allow my connections to see “My Moves” data = ON (visible)
Allow my connections to see “My Photos” = ON (visible)
Allow my connections to see “My Connections” = ON (visible)
“Allow me to be viewed as a connection of a connection” = ON (visible)
You may at any time change your account settings so as to turn any of the settings above to “OFF”
You can ask us to stop sending you marketing messages at any time by logging into your account and adjusting your marketing preferences.
You can at any time delete your account or withdraw your explicit consent by following the guidelines on the App.
On inactive accounts we will send reminders to you about this but if you do not respond to our reminders then we reserve the right to delete your account (including all data in or relating to your account).

11 Security


If you choose to purchase any of our products or services, credit card information will be collected by a third party payment processor which has represented to us that the payment data that you transfer is encrypted (turned into unidentifiable code) by a method known as SSL (secure sockets layer).
While we take reasonable and appropriate measures to protect data that you submit directly to us, remember that the Internet is a global communications vehicle open to threats, viruses and intrusions from others and we cannot promise, and you should not expect, that we will be able to protect your information at all times and in all circumstances.
We store data on servers that are either owned or leased by us. We rent space for our servers from a dedicated hosting service provider that is compliant with ISO 27001 standards of security. We store our data at Domicilium, based the Isle of Man, British Isles. The Quality and Information Security Management Systems of Domicilium have been approved by Lloyd's Register Quality Assurance (LRQA) to the following Quality and Information Security Management Standards: ISO 9001:2015; ISO/IEC 27001:2013.
We work hard to keep your data safe. We use a combination of technical, administrative, and physical controls to maintain the security of your data. No method of transmitting or storing data is completely secure, however. If you have a security-related concern, please contact us at the Myzone contact details provided: support@myzone.org.

12 Children’s accounts and Myzone’s collection of information from children


We allow you as a parent or guardian to create a Myzone account for a child in your care (your child) that is under the age of 16. A child’s account operates as a sub-account of your Myzone account. Your child can access their account by using the Site or App but with restricted features. You can access your child’s account by using the Site.
When a parent or guardian creates a Myzone account for their child, you can exercise each of the rights described in the “Your rights” section in connection with the child’s account. This includes the right to access the information that Myzone collected from the child, correct inaccuracies about the child, or delete information collected about a child. In addition to these rights, you can instruct Myzone to stop collecting additional information about your child (e.g. disable their account). As is indicated below, these rights can be exercised by contacting support@myzone.org or, in some cases, using online features that are built into your Myzone online account.
Your child’s account displays their username, name, “moves” activity, and profile picture. This data is shared with their connections and your facility. If you wish to collect and share your child’s biometric data with a facility, you must explicitly consent to this in your Myzone account. If such consent is given Myzone will collect the information described under the “What information do we collect?” section about your child, and use that information as is described in the “What do we use your information for?” section.
Throughout the European Union, different member states have implemented or are in the process of implementing, varying ages at which children are deemed capable of giving valid consent to the processing of their personal data, as indicated below:
Country Age for Valid Consent (correct as of 4 October 2018)
Austria 14
Belgium 13
Bulgaria 14
Croatia 16
Czech Republic 13
Denmark 13
Estonia 13
Finland 13
France 15
Germany 16
Greece 15
Hungary 16
Italy 16
Latvia 13
Lithuania 14
Luxembourg 16
Malta 16
Netherlands 16
Norway 13
Poland 13
Portugal 13
Rep. of Ireland 16
Romania 16
Slovakia 16
Slovenia 15
Spain 13
Sweden 13
Switzerland 16
United Kingdom 13
When you give the explicit consent described above in respect of a child that is able to provide valid consent, the child must also give their own explicit consent to the processing of their personal data via their Myzone account as they will have attained the age for valid consent.
Users under 18 years of age are not permitted to upload photos. Users cannot search and locate other users unless the other party is 16 years of age. Parties that are connected to your child’s Myzone account can comment on your child’s “moves” activity. Other chat functions are disabled. In addition, a parent or guardian may disable features enabling their child’s workout to be uploaded to social media sites.
The parent or guardian of any person aged below 16 years and the child where they are aged from the Age for Valid Consent and 16, are required to explicitly consent to the collection and use of their child's and their own personal data at the time that the parent or guardian registers a Myzone Device for their child. Parents and guardians must communicate this explicit consent through completion of additional steps in their Myzone account. Persons aged from the Age for Valid Consent to 16 must also communicate this explicit consent through completion of additional steps in their Myzone account. Parents and guardians will have complete access to their child’s Myzone account.
Once the child has attained the age of 16, they are eligible to create and independently manage their own Myzone account.
Persons under the age of 13, or any higher minimum age in the jurisdiction where that person resides, are not permitted to create accounts unless their parent has consented in accordance with applicable law. If we learn that we have collected the personal information of a child under the relevant minimum age without parental consent, we will take steps to delete the information as soon as possible. Parents who believe that their child has submitted personal information to us and would like to have it deleted may contact us at; support@myzone.org.

13 Change in Control or Sale of Myzone and any Myzone Group Companies


Myzone can also share your personal data and information as part of a sale, merger or change in control of all and/or any part of Myzone and/or any Myzone Group Companies, or in preparation for any of these events and/or as Myzone and/or any Myzone Group Companies may be able to share your personal data under applicable law. Any other entity which buys Myzone, any Myzone Group Companies and/or part of Myzone, the Myzone Group Companies and/or the Myzone and/or Myzone Group Company business or businesses will have the right to continue to use your persona data and information, but only in the manner set out in this Privacy Policy and/or under applicable law.

14 Your rights


For personal data subject to the GDPR, we rely on several legal bases to process the data, including (amongst other legal bases) the ones set out in the table below:

 

Purpose or Activity

Type of Personal Data

The Necessary and/or relevant Legal Basis of processing

1

Register you as a User and allow you to log and monitor your exercise statistics and performance via the Myzone System and reporting to you on your usage and on any new features or updates or matters concerning your use of the Myzone System

Identity, contact information and Myzone profile and exercise statistics and User usage of the Myzone System

Performance of a contract

2

Managing your orders including payment of fees and charges

Identity, contact information, Myzone profile information and Order information

Performance of a contract

3

Supplying you with any customer support

Identity, contact information, Myzone profile information and Order information and usage of the Myzone System

Performance of a contract with you

4

Using any special category data (including health data) to provide you with services via the Myzone System including your health statistics on the App and to do this Myzone:

(a)      Uses third party suppliers and contractors and Myzone Group Companies to help Myzone provide these services (as these are set out in the Third-Party Sites and Services Provider Section of this privacy policy); and

(b)      Transfers your personal data (including special category data which includes health data) to countries outside the EU and EEA (including to Facilities and third-party suppliers to Myzone and to Myzone Group Companies)

Identity, contact information, Myzone profile information, Order information and information about exercise statistics and usage and technical information relating to User use of the Myzone System

Explicit Consent

5

To collect and recover money and debts owed by you to Myzone, Myzone Group Companies and any third parties

Identity, contact information, Myzone profile, order information and financial information

Legitimate interests

6

Carry out fraud checks

Identity, contact, Myzone profile, order information and financial information

Legitimate interests

7

To notify you in relation to Myzone legal obligations and documents, including changes to our terms and conditions or privacy policy

identity, contact information, Myzone profile, Order information

Legitimate interests

8

To help us improve our offering to Users, including asking you to leave a review or take a survey, or provide customer insights

Identity, contact information, Myzone profile, order information, marketing information

Legitimate Interests

9

To enable you to enter into a prize draw or competition and have the chance to win prizes

Identity, contact information, Myzone profile and marketing information and exercise statistics and usage of the Myzone System

Legitimate interests

10

To administer and maintain and protect and update the Myzone business and the Myzone IT systems relating to the Myzone System (including security or technical related issues)

Identity, contact information, Myzone profile and technical information and usage information

Legitimate interests

11

To deliver relevant content, advertisements and other marketing material via the Myzone System to Users and measuring results of that promotional activity (including using data analytics for profiling of Users)

Identity, contact, Myzone profile, order information, marketing information, technical information

Legitimate interests

12

Myzone making suggestions and recommendations to you about goods or services that may be of interest to you

Identity, contact information, Myzone profile, order information, marketing information, technical information

Legitimate interests including use of cookies as per our cookie policy

13

Improving the Myzone System by using data analytics and profiling of Users so that Users get products/services, marketing, customer relationships and experiences and connections that are more tailored to them

Identity, contact information, Myzone profile, exercise statistics and performance, technical information, marketing information

Legitimate interests including use of cookies as per our cookie policy

14

Sharing non-special category data with staff at Myzone and third parties (including the Myzone Group and Facilities) and also Myzone advisors and investors

Identity, contact, Myzone profile, order information, marketing information, technical information

Legitimate Interests



Regarding the above legal bases:
Explicit Consent means when you have given your explicit consent, which you may withdraw at any time using your account settings and other tools.
Legitimate Interests means that we may process your personal data for the purposes of our legitimate interests or for the legitimate interests of third parties (e.g. Facilities and/or Myzone Group Companies), provided that such processing shall not outweigh your rights and freedoms.
Performance of a Contract with You means we may process your personal data for the purposes of our performing a contract with you.
Myzone may use information about your identity, contact information, profile information, usage of the Myzone System, technical information, order information and your exercise statistics or performance to decide upon what we think you may or may not want or need, or what may or may not be of interest to you. This is how we decide which products, services and offers may be relevant for you. Myzone may use the data you provide to us directly for this purpose along with third party data.
We generally only send emails and messages such as email marketing to Users or individuals who have previously bought similar products from us and this is in our legitimate interests. We will aim to provide Users with a way out of receiving this marketing when you first purchase our products and in every marketing communication afterwards. We may sometimes send out postal marketing for the purpose of growing our sales which is in our legitimate interests and you can opt out of this by contacting us at: support@myzone.org.
Where you have not previously bought from us but have registered your details with us (for example by entering a competition or signing up for a newsletter), we will only send you marketing communications if you opted into receiving marketing at the time and given consent which you may withdraw at any time.
We may also share certain data with third parties in order to show you targeted ads when you visit them. We do this by the use of cookies which capture your visits to our website in accordance with our cookie policy.
You can ask us to stop sending you marketing messages at any time by logging into your account and adjusting your marketing preferences.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, or related correspondence, and we will continue to process such data in accordance with this Privacy Policy and as permitted by law.
We do not conduct any automated decision making. You have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Users are able to request the deletion or removal of personal data. Users can email support@myzone.org and we will remove their personal data from all records, including archive records, and disable their account. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Once an account has been deleted, we will not be able to recreate it. It should be noted that we do not know the reasoning behind any period of inactivity on a Myzone account, and we are reluctant to close accounts without the consent of Users. We contact all Users that have had no activity on their account over a period of 24 months to determine if they wish to retain their account. We delete the account if we receive confirmation that account is no longer required. Please note that the removal of such personal data will render the Myzone Device and service inoperable. Also note that content you have shared with others or that others have copied may also remain visible after you have deleted your account or deleted the information from your own account. Please also note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. If you choose to delete your account, please note that while most of your information will be deleted within 30 days, it may take up to 90 days to delete all of your information, like the data recorded by your Myzone Device and other data stored in our backup systems. This is due to the size and complexity of the systems we use to store data. We may also preserve data for legal reasons or to prevent harm.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. Users have a right to move their data from one facility to another. However, if the other facility is not a Myzone customer, we will only be able to assist in transferring data if this is technically feasible. If you wish to transfer your account or receive a copy of your data, contact support@myzone.org.
Withdraw consent at any time where we are relying on explicit consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your explicit consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your explicit consent.
Editing and Deleting Data. By logging into your account and using your account settings, you can change and delete your personal information. For instance, you can edit or delete the profile data you provide and delete your Myzone account if you wish.
Exercising your rights: Many of your rights above can be exercised via your account settings and tools to control our use of your personal data. For example, through your account settings, you can limit how your information is visible to other users of the services. If you need further assistance regarding your rights, please contact our Data Protection Officer at: dpo@myzone.org and we will consider your request in accordance with applicable laws.

15 Terms and Conditions


Please also visit our Terms and Conditions section establishing the use, disclaimers, and limitations of liability governing the use of our websites and Apps at www.myzone.org.

16 Other Applicable Terms

The following additional terms also apply to your use of this Site and/or an App:
  •  Our Terms of Use, which set out the terms and conditions on which you may make use of this Site or an App.
  •  Our Acceptable Use Policy, which sets out the permitted and prohibited uses of this Site or an App. When using our Site or an App, you must comply with this Acceptable Use Policy.
  • Our User License (or Facility Licenses, if applicable), which sets out the terms that govern your use of the Myzone system.
  •  Our Important Information, which sets out some provisions to which you must explicitly consent when registering a Myzone Device.
If you purchase products on our Site, in addition to this Privacy Policy, the Terms and Conditions of Sale for deliveries to your location will apply to any such purchase. The Terms and Conditions of Sale are an agreement between you and the supplier as stated therein.
17 Your Consent and Explicit Consent


By ordering or registering your Myzone Device, and by Myzone facilities registering their facility, you confirm your acceptance of our Privacy Policy (including providing Myzone with your explicit consent to use your personal data in the ways that are set out in this Privacy Policy).

18. Language


This policy was written in English. To the extent a translated version conflicts with the English version, the English version prevails.

19. Complaints


Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority. Further information about ICO can be obtained here: https://www.inforights.im/. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance at: dpo@myzone.org.

20. Changes to our Privacy Policy


Myzone will use your personal data for the purposes for which Myzone collected it, unless Myzone consider that Myzone needs to use it for another reason and Myzone believes that the relevant reason is compatible with the original purpose. If you want further information about this then please contact: support@myzone.org. If Myzone need to use your personal data for an unrelated purpose, Myzone will notify you and we will explain the relevant legal basis of processing.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
If we decide to change our Privacy Policy, we will post those changes on this page, send an email notifying you of any changes or display a message on this Site, and/or update the Privacy Policy modification date below. If the change relates to the use of children’s accounts, an email will be sent to the relevant Responsible Adult, being the parent or guardian of the child.


This policy was last modified in September 2020.