Effective 25, May 2018
Who are we?
What information do we collect?
Regarding the Myzone® belt
We collect information from you when you register your Myzone belt on this Site or via the App. We also collect information from Myzone facilities (health clubs, community hubs, social hubs, schools or employers etc.).
When registering your Myzone belt on this Site or via the App, you will be asked to enter information including your name, email address, date of birth, gender, height, weight, phone number and member/employee number (if applicable). In addition, you may provide (either through manually inputting data or through the use of compatible devices) biometric data such as blood pressure, bone mass, fat mass, basal metabolic rate, waist circumference, fat free mass, total body water, visceral fat, metabolic age and your location details.
When you employ features that leverage technologies that integrate with our Site or App, such as other mobile applications, wearables, other fitness technologies, biometric and body composition analysers, and services capturing location data, we may collect data that is shared with our Site or App. The collection of such data may occur even when our Site or App are not actively open and running. We will not collect location data unless you have allowed this in your “permissions”.
If you have installed the App on a Device and are aged 18 or over you may also capture images.
You can add details to your exercise activity and personalize your profile with photos. You can add social connections and send and receive messages with them. You can search for other Myzone users and they can search for your profile and your connections to add you and your connections as a connection (with your permission). You can elect to “like” exercise activity of Myzone users you are connected with.
We also collect information passively from the Myzone belt, including heart rate data.
Myzone facilities will be asked to provide their contact details, including their telephone number, email address(es) and Twitter account.
Regarding the online shop
We will collect the following information about you:
1. Your name
2. Postal address
3. Email address
4. Telephone number (including mobile number)
We may also collect information about whether or not you completed a purchase, your purchase details (including details of aborted purchases), returns and other details such as the product purchased and the amount paid.
In the course of your use of the Site or App, we may also automatically collect technical data, including internet protocol (IP) address, your login data, browser type and version, time zone setting and location (please refer to your preference controls regarding location data), browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Site or App.
In order to complete your transaction, we may refer you to a third party’s website, or a third party’s payment portal, for example CyberSource, that will collect information about your payment card. The information that you submit to them is not transmitted to us, and you should review any privacy statements issued by the third-party provider before submitting your information.
In addition, our Site or App may also contain links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. It is important to note that we do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site or App, we encourage you to read the privacy notice of every website and application you visit or use.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
What do we use your information for?
Regarding the Myzone® belt
The primary reason for requesting information is to personalise your experience and to allow you to enjoy the full benefits of being able to monitor your physical activity through measuring, recording and displaying your heart rate while using the Myzone belt. The information we collect from you may also be used in the following ways:
- To improve our Site or App (we continually strive to improve our Site and App based on the information and feedback we receive from you)
- To improve customer service (your information helps us to respond more effectively to your customer service requests and support needs)
- To administer a contest, promotion, survey or similar function. (Note: you can unsubscribe from receiving marketing communications at any time by contacting us in writing.)
- To send periodic emails. The email address you provide will only be used to send you information and updates pertaining to your Myzone belt or matters which we believe may be of interest.
- We request information from Myzone facilities so that they can register as a Myzone site owner, access the names of users who have registered belts at their facility so they can communicate with them, and to enhance belt users’ experience of the Myzone system.
- To assist Myzone facilities in the service that they provide to you.
When you employ features that leverage technologies that integrate with our Site or App, data that is collected and shared with our Site or App is used to improve customer service and experience.
Regarding the online shop, other customers and vendors
The primary reason for requesting information is to fulfil your order, collect payment from you, or make payment to you.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established privacy options where you can view and make certain decisions about your personal data. Depending on the preferences that you express, we may use your personal data in order to determine which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or made a purchase from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any company outside the Myzone group of companies for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by logging into the Site and/or the App and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
How do we protect your personal data?
Myzone Ltd is registered as a data controller in the Isle of Man under the Data Protection Act 2002 and has Notification Number N002814. Accordingly, any personal data we hold must be:
- Used fairly and lawfully
- Used for specific and lawful purposes, in a manner that is compatible with those purposes
- Adequate, relevant and not excessive
- Accurate and where necessary kept up to date
- Kept for no longer than necessary
- Used in accordance with the rights of individuals under the Act
- Kept secure to avoid unauthorised or unlawful use, accidental loss, or damage
By using the Site or App, providing information to us, and by giving your explicit consent to the transfers of your data, you consent to the transfer to and processing of data by Myzone in the Isle of Man, British Isles and also to the transfer to and processing of data by your facility in their jurisdiction (which is likely to be the jurisdiction in which you reside and which may not offer the same level of protection). If you wish to withdraw your consent for your facility to access your personal information (perhaps because you have left your facility and have moved to another jurisdiction) you should contact email@example.com.
Myzone has been approved by Lloyd’s Register Quality Assurance (LRQA) as conforming to Information Security Management Standard ISO/IEC 27001:2013.
Yes (cookies are small files that a site transfers to your computer’s hard drive through your Web browser (if you allow) enabling us to recognize your browser and capture and remember certain information).
Some web browsers and devices permit you to broadcast a preference that you not be “tracked” online. However, we do not recognize or respond to browser-initiated Do Not Track signals, as the internet industry has not fully developed Do Not Track standards, implementations and solutions. To learn more about Do Not Track signals, you can visit allaboutdnt.com.
Do we disclose any information to outside parties?
We do not share your personally identifiable information with any other party (whether by way of sale, trade, or otherwise) except in the following situations:
From time to time we may share information with subcontractors that provide us with services. These services include, among other things, assisting us in operating our website, conducting our business, or servicing you. Our subcontractors are required to keep the personal data that they receive confidential.
- Your Facilities.
You can register your Myzone belt for use at a facility (health club, community hub, social hub, school or employer etc.) by selecting their facility code in your Myzone belt user account. The data shared with the facility depends upon the level of agreement that the facility has entered into with us, as follows:Level 1. As you are a member of the facility, they will have your name in their records. They are able to see that you are a Myzone belt user connected to their facility, but we do not share any data with them.IMPORTANT INFORMATION REGARDING THE SHARING OF INFORMATION WITH YOUR FACILITYYour facility may upgrade its facility agreement by entering into a data-sharing agreement with us. If they have entered into a data-sharing agreement, they are responsible directly to you for the data that they receive and, if applicable, that they share with other third parties. You are advised of the access level that your facility operates under and you must give explicit consent in the Myzone App to your facility accessing data in accordance with its agreement level. If you do not give consent, your data will not be shared with the facility and this may impact on the services that they can provide to you. The additional agreement levels are:Level 2. The facility has advised us that they are based outside of the EU and that it has no EU citizens as members. They can transfer personal data from the Myzone platform to their systems. They can retain personal data on their systems if you were to terminate your Myzone belt user account and are responsible directly to you for the data that they hold.Level 3. The facility cannot transfer personal data from the Myzone platform to their systems. If you were to terminate your Myzone belt user account, they will not have access to any personal data.Level 4. The facility can transfer personal data from the Myzone platform to their systems. They can retain personal data on their systems if you were to terminate your Myzone belt user account and are responsible directly to you for the data that they hold.Individuals connected with facilities are not our employees or agents and you should satisfy yourself that the facility has procedures in place to protect your privacy (and, if applicable, the privacy of any child).Any data shared with facilities includes your first name, last name, nickname, belt ID, phone number, email address, date of birth, gender, resting heart rate, and maximum heart rate.Your facility can also access data showing when you have participated in any class activity, the duration of such activity, and the number of calories burnt. In addition, facilities can access the names of your social connections linked with their facility and access the number of “likes” and the number of comments you have made against activities of other belt users. If you do not consent to facilities having access to such information you should not proceed with your belt registration. The facilities do not have access to any personal biometric data unless you permit them to have such access.
Our products are sold to facilities through third party distributors. If you decide to purchase a product, in order for you to enter into an agreement with the distributor, and for the distributor to fulfil the agreement for a facility, we may transfer any information that you (a facility) provide to us to the distributor.
- Payment Processors.
We provide information to providers of merchant / transaction fulfilment services so that payment can be collected from you. We use CyberSource, an eCommerce payment management company, owned by Visa Inc.
- Business Transition.
In the event that we are bought, or substantially all of our assets are acquired, your information will be transferred to the acquiring company.
- Business analytics.
We use your information to analyse, develop and improve our services. We may use third party analytics providers to gain insights into how our services are used and to help us improve. The iOS App uses a service called Fabric/Crashlytics to provide “crash” reports. Crashlytics uses and stores personal data for 90 days. Further details are available at docs.fabric.io/apple/fabric/data-privacy.html.
- Sharing Your Information with Law Enforcement.
We may report to law enforcement agencies any activities that we reasonably believe to be unlawful, or that we reasonably believe may aid a law enforcement investigation into unlawful activity. In addition, we reserve the right to release your information to law enforcement agencies if we determine, in our sole judgment, that the release of your information may protect the safety or property of any person or entity.
- Sharing Your Information as Permitted by Law.
We may share your information with others as required by, or permitted by, law. This may include sharing your information with governmental entities, or third parties in response to subpoenas, court orders, other legal process, or as we believe is necessary to exercise our legal rights, to defend against legal claims that have been brought against us, or to defend against possible legal claims that we determine in our sole discretion might be brought against us.
- You may Permit other Myzone Users to Access Your Information.
You may choose to permit other Myzone users to access your activities, biometrics and (provided you are aged 18 or over) images. If any user (including coaches/trainers) connected with a Facility wish to access this information (and your phone number) through their account, you will be advised by email and can choose to refuse such access.
Notwithstanding the above, we may provide anonymised (non-personally identifiable) information to other parties for marketing, advertising, or other uses.
How long do we keep your personal data?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Managing your privacy options
We have provided you with a means of managing your privacy settings. You can update your default settings in the App and control what and with whom you share your personal information.
The default settings are as follows:
- Allow my connections to see my “moves” data = ON (visible)
- Allow my connections to see my photos = ON (visible)
- Allow my connections to see all my connections = ON (visible)
- Allow me to be viewed as a connection of a connection = ON (visible)
If you choose to purchase any of our products, credit card information will be collected by a third party payment processor which has represented to us that the payment data that you transfer is encrypted (turned into unidentifiable code) by a method known as SSL (secure sockets layer).
While we take reasonable and appropriate measures to protect data that you submit directly to us, remember that the Internet is a global communications vehicle open to threats, viruses and intrusions from others and we cannot promise, and you should not expect, that we will be able to protect your information at all times and in all circumstances.
We store data on servers that are either owned or leased by us. We rent space for our servers from a dedicated hosting service provider that is compliant with ISO 27001 standards of security. We store our data at Domicilium, based the Isle of Man, British Isles. The Quality and Information Security Management Systems of Domicilium have been approved by Lloyd’s Register Quality Assurance (LRQA) to the following Quality and Information Security Management Standards: ISO 9001:2008; ISO/IEC 27001:2013.
Users under 16
We are mindful that the belt and system will be attractive and of benefit to users under the age of 16 and it is our policy, regardless of the country in which the facility is located, to ensure that parents or guardians can monitor data collected in respect of such persons.
Our Site, App, products and services are all available to persons who are below 16 years of age. A parent or guardian (as advised to us) of any child who has not attained 16 years of age can review their child’s personal data, ask to have it deleted and refuse to allow any further collection or use of the child’s information. If the parent or guardian wishes to exercise this right they should contact us in writing using the information below. We only collect personal data that is required to provide the service: please note that the removal of such personal data will render the belt and service inoperable.
The parent or guardian of any person aged below 16 years is required to consent to the collection and use of their child’s personal data at the time of registering a belt. Parents and guardians must communicate this consent through completion of additional steps in the Myzone App. Consent must be verified by the parent or guardian uploading to their Myzone account an image of themselves holding documentary ID, such as a passport or driving license. Parents and guardians will have access to their child’s Myzone account and receive a copy of all email communications that are sent to their child, until such child or student has attained the age of 16.
You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Users are able to request the deletion or removal of personal data. Users can email firstname.lastname@example.org and we will remove their personal data from all records, including archive records, and disable their account. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Once an account has been deleted, we will not be able to recreate it. It should be noted that we do not know the reasoning behind any period of inactivity on a Myzone account, and we are reluctant to close accounts without the consent of Users. We contact all Users that have had no activity on their account over a period of 24 months to determine if they wish to retain their account. We delete the account if we receive confirmation that account is no longer required. Please note that the removal of such personal data will render the belt and service inoperable. Also note that content you have shared with others or that others have copied may also remain visible after you have deleted your account or deleted the information from your own account. Please also note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. Users have a right to move their data from one facility to another. However, if the other facility is not a Myzone customer, we will only be able to assist in transferring data if this is technically feasible. If you wish to transfer your account or receive a copy of your data, contact email@example.com.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Terms and Conditions
Please also visit our Terms and Conditions section establishing the use, disclaimers, and limitations of liability governing the use of our websites and Apps at www.myzone.org.
Other Applicable Terms
The following additional terms also apply to your use of this Site and/or an App:
- Our Acceptable Use Policy, which sets out the permitted and prohibited uses of this Site or an App. When using our Site or an App, you must comply with this Acceptable Use Policy.
- Our User License (or Facility Licenses, if applicable), which sets out the terms that govern your use of the Myzone system.
- Our Important Information, which sets out some provisions to which you must consent when registering a Myzone physical activity belt.
This policy was written in English. To the extent a translated version conflicts with the English version, the English version prevails.
Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
This policy was last modified on May 25, 2018.