Effective 31 December 2018
Myzone Ltd has its registered office and business address at Falcon House, Ridgeway Street, Douglas, Isle of Man IM1 1EL, British Isles.
We collect information from you when you register your Myzone belt on this Site or via the App. We also collect information from Myzone facilities (health clubs, community hubs, social hubs, schools or employers etc.).
When registering your Myzone belt on this Site or via the App, you will be asked to enter information including your name, email address, date of birth, gender, height, weight, phone number and member/employee number (if applicable). In addition, you may provide (either through manually inputting data or through the use of compatible devices) biometric data such as blood pressure, bone mass, fat mass, basal metabolic rate, waist circumference, fat free mass, total body water, visceral fat, metabolic age and your location details.
When you employ features that leverage technologies that integrate with our Site or App, such as other mobile applications, wearables, other fitness technologies, biometric and body composition analysers, and services capturing location data, we may collect data that is shared with our Site or App. The collection of such data may occur even when our Site or App are not actively open and running. We will not collect location data unless you have allowed this in your “permissions”.
If you have installed the App on a Device and are aged 18 or over you may also capture images.
You can add details to your exercise activity and personalize your profile with photos. You can add social connections and send and receive messages with them. You can search for other Myzone users and they can search for your profile and your connections to add you and your connections as a connection (with your permission). You can elect to “like” exercise activity of Myzone users you are connected with.
We also collect information passively from the Myzone belt, including heart rate data.
Myzone facilities will be asked to provide their contact details, including their telephone number, email address(es) and Twitter account.
We will collect the following information about you:
1. Your name
2. Postal address
3. Email address
4. Telephone number (including mobile number)
We may also collect information about whether or not you completed a purchase, your purchase details (including details of aborted purchases), returns and other details such as the product purchased and the amount paid.
In the course of your use of the Site or App, we may also automatically collect technical data, including internet protocol (IP) address, your login data, browser type and version, time zone setting and location (please refer to your preference controls regarding location data), browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Site or App.
In order to complete your transaction, we may refer you to a third party’s website, or a third party’s payment portal, for example CyberSource or SimplePay, that will collect information about your payment card. The information that you submit to them is not transmitted to us, and you should review any privacy statements issued by the third-party provider before submitting your information.
In addition, our Site or App may also contain links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. It is important to note that we do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site or App, we encourage you to read the privacy notice of every website and application you visit or use.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
The primary reason for requesting information is to personalise your experience and to allow you to enjoy the full benefits of being able to monitor your physical activity through measuring, recording and displaying your heart rate while using the Myzone belt. The information we collect from you may also be used in the following ways:
When you employ features that leverage technologies that integrate with our Site or App, data that is collected and shared with our Site or App is used to improve customer service and experience.
The primary reason for requesting information is to fulfil your order, collect payment from you, or make payment to you.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established privacy options where you can view and make certain decisions about your personal data. Depending on the preferences that you express, we may use your personal data in order to determine which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or made a purchase from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any company outside the Myzone group of companies for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by logging into the Site and/or the App and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
Myzone Ltd is registered as a data controller in the Isle of Man under the Data Protection Act 2002 and has Notification Number N002814. Accordingly, any personal data we hold must be:
By using the Site or App, providing information to us, and by giving your explicit consent to the transfers of your data, you consent to the transfer to and processing of data by Myzone in the Isle of Man, British Isles and also to the transfer to and processing of data by your facility in their jurisdiction (which is likely to be the jurisdiction in which you reside and which may not offer the same level of protection). If you wish to withdraw your consent for your facility to access your personal information (perhaps because you have left your facility and have moved to another jurisdiction) you should contact [email protected]
Myzone has been approved by Lloyd's Register Quality Assurance (LRQA) as conforming to Information Security Management Standard ISO/IEC 27001:2013.
Yes (cookies are small files that a site transfers to your computer’s hard drive through your Web browser (if you allow) enabling us to recognize your browser and capture and remember certain information).
Some web browsers and devices permit you to broadcast a preference that you not be “tracked” online. However, we do not recognize or respond to browser-initiated Do Not Track signals, as the internet industry has not fully developed Do Not Track standards, implementations and solutions. To learn more about Do Not Track signals, you can visit allaboutdnt.com.
We do not share your personally identifiable information with any other party (whether by way of sale, trade, or otherwise) except in the following situations:
From time to time we may share information with subcontractors that provide us with services. These services include, among other things, assisting us in operating our website, conducting our business, or servicing you. Our subcontractors are required to keep the personal data that they receive confidential.
You can register your Myzone belt for use at a facility (health club, community hub, social hub, school or employer etc.) by selecting their facility code in your Myzone belt user account. The data shared with the facility depends upon the level of agreement that the facility has entered into with us, as follows:
Level 1.As you are a member of the facility, they will have your name in their records. They are able to see that you are a Myzone belt user connected to their facility, but we do not share any data with them.
IMPORTANT INFORMATION REGARDING THE SHARING OF INFORMATION WITH YOUR FACILITY
Your facility may upgrade its facility agreement by entering into a data-sharing agreement with us. If they have entered into a data-sharing agreement, they are responsible directly to you for the data that they receive and, if applicable, that they share with other third parties. You are advised of the access level that your facility operates under and you must give explicit consent in the Myzone App to your facility accessing data in accordance with its agreement level. If you do not give consent, your data will not be shared with the facility and this may impact on the services that they can provide to you. The additional agreement levels are:
Level 2. The facility has advised us that they are based outside of the EU and that it has no EU citizens as members. They can transfer personal data from the Myzone platform to their systems. They can retain personal data on their systems if you were to terminate your Myzone belt user account and are responsible directly to you for the data that they hold.
Level 3. The facility cannot transfer personal data from the Myzone platform to their systems. If you were to terminate your Myzone belt user account, they will not have access to any personal data.
Level 4. The facility can transfer personal data from the Myzone platform to their systems. They can retain personal data on their systems if you were to terminate your Myzone belt user account and are responsible directly to you for the data that they hold.
Individuals connected with facilities are not our employees or agents and you should satisfy yourself that the facility has procedures in place to protect your privacy (and, if applicable, the privacy of any child).
Any data shared with facilities includes your first name, last name, nickname, belt ID, phone number, email address, date of birth, gender, resting heart rate, and maximum heart rate.
Your facility can also access data showing when you have participated in any class activity, the duration of such activity, and the number of calories burnt. In addition, facilities can access the names of your social connections linked with their facility and access the number of “likes” and the number of comments you have made against activities of other belt users. If you do not consent to facilities having access to such information you should not proceed with your belt registration. The facilities do not have access to any personal biometric data unless you permit them to have such access.
Our products are sold to facilities through third party distributors. If you decide to purchase a product, in order for you to enter into an agreement with the distributor, and for the distributor to fulfil the agreement for a facility, we may transfer any information that you (a facility) provide to us to the distributor.
We provide information to providers of merchant / transaction fulfilment services so that payment can be collected from you. We use CyberSource, an eCommerce payment management company, owned by Visa Inc., and SimplePay.
In the event that we are bought, or substantially all of our assets are acquired, your information will be transferred to the acquiring company.
We use your information to analyse, develop and improve our services. We may use third party analytics providers to gain insights into how our services are used and to help us improve. The iOS App uses a service called Fabric/Crashlytics to provide “crash” reports. Crashlytics uses and stores personal data for 90 days. Further details are available at docs.fabric.io/apple/fabric/data-privacy.html.
We may report to law enforcement agencies any activities that we reasonably believe to be unlawful, or that we reasonably believe may aid a law enforcement investigation into unlawful activity. In addition, we reserve the right to release your information to law enforcement agencies if we determine, in our sole judgment, that the release of your information may protect the safety or property of any person or entity.
We may share your information with others as required by, or permitted by, law. This may include sharing your information with governmental entities, or third parties in response to subpoenas, court orders, other legal process, or as we believe is necessary to exercise our legal rights, to defend against legal claims that have been brought against us, or to defend against possible legal claims that we determine in our sole discretion might be brought against us.
You may choose to permit other Myzone users to access your activities, biometrics and (provided you are aged 18 or over) images. If any user (including coaches/trainers) connected with a Facility wish to access this information (and your phone number) through their account, you will be advised by email and can choose to refuse such access.
Notwithstanding the above, we may provide anonymised (non-personally identifiable) information to other parties for marketing, advertising, or other uses.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We have provided you with a means of managing your privacy settings. You can update your default settings in the App and control what and with whom you share your personal information.
The default settings are as follows:
Allow my connections to see my “moves” data = ON (visible)
Allow my connections to see my photos = ON (visible)
Allow my connections to see all my connections = ON (visible)
Allow me to be viewed as a connection of a connection = ON (visible)
If you choose to purchase any of our products, credit card information will be collected by a third party payment processor which has represented to us that the payment data that you transfer is encrypted (turned into unidentifiable code) by a method known as SSL (secure sockets layer).
While we take reasonable and appropriate measures to protect data that you submit directly to us, remember that the Internet is a global communications vehicle open to threats, viruses and intrusions from others and we cannot promise, and you should not expect, that we will be able to protect your information at all times and in all circumstances.
We store data on servers that are either owned or leased by us. We rent space for our servers from a dedicated hosting service provider that is compliant with ISO 27001 standards of security. We store our data at Domicilium, based the Isle of Man, British Isles. The Quality and Information Security Management Systems of Domicilium have been approved by Lloyd's Register Quality Assurance (LRQA) to the following Quality and Information Security Management Standards: ISO 9001:2008; ISO/IEC 27001:2013.
We allow you as a parent or guardian to create a Myzone account for a child in your care (your child) that is under the age of 16. A child’s account operates as a sub-account of your Myzone account. Your child can access their account by using the Site or App but with restricted features. You can access your child’s account by using the Site.
A parent/guardian may consent to the appointment of a school to act in the capacity of parent/guardian of their child.
When a parent or guardian creates a Myzone account for their child, you can exercise each of the rights described in the “Your rights” section in connection with the child’s account. This includes the right to access the information that Myzone collected from the child, correct inaccuracies about the child, or delete information collected about a child. In addition to these rights, you can instruct Myzone to stop collecting additional information about your child (e.g., disable their account). As is indicated below, these rights can be exercised by contacting [email protected] or, in some cases, using online features that are built into your Myzone online account.
Your child’s account displays their username, name, “moves” activity, and profile picture. This data is shared with their connections and your facility. If you wish to collect and share your child’s biometric data with a facility, you must consent to this in your Myzone account. If such consent is given Myzone will collect the information described under the “What information do we collect?” section about your child, and use that information as is described in the “What do we use your information for?” section.
Throughout the European Union, different member states have implemented or are in the process of implementing, varying ages at which children are deemed capable of giving valid consent to the processing of their personal data, as indicated below:
|Country||Age for Valid Consent (correct as of 4 October 2018)|
|Republic of Ireland||16|
When you give the consent described above in respect of a child that is able to provide valid consent, the child must also give their own consent to the processing of their personal data via their Myzone account as they will have attained the Age for Valid Consent.
Users under 16 years of age are not permitted to upload photos. You can view your child’s connections and comments made on your child’s “moves” activity by accessing their account using the Site.
The parent or guardian of any person aged below 16 years and the child where they are aged from the Age for Valid Consent and 16, are required to consent to the collection and use of their child's and their own personal data at the time that the parent or guardian registers a belt for their child. Parents and guardians must communicate this consent through completion of additional steps in their Myzone account. Persons aged from the Age for Valid Consent to 16 must also communicate this consent through completion of additional steps in their Myzone account. Parents and guardians will have complete access to their child’s Myzone account.
Once the child has attained the age of 16, they are eligible to create and independently manage their own Myzone account.
You have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasureof your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Users are able to request the deletion or removal of personal data. Users can email [email protected] and we will remove their personal data from all records, including archive records, and disable their account. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Once an account has been deleted, we will not be able to recreate it. It should be noted that we do not know the reasoning behind any period of inactivity on a Myzone account, and we are reluctant to close accounts without the consent of Users. We contact all Users that have had no activity on their account over a period of 24 months to determine if they wish to retain their account. We delete the account if we receive confirmation that account is no longer required. Please note that the removal of such personal data will render the belt and service inoperable. Also note that content you have shared with others or that others have copied may also remain visible after you have deleted your account or deleted the information from your own account. Please also note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. Users have a right to move their data from one facility to another. However, if the other facility is not a Myzone customer, we will only be able to assist in transferring data if this is technically feasible. If you wish to transfer your account or receive a copy of your data, contact [email protected]
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
The following additional terms also apply to your use of this Site and/or an App: