Privacy Policy
We take your privacy seriously. Please read this Privacy Policy to learn how we treat your personal data.
Effective: 7 Mar 2024
Archived versions
Zoe Limited (ZOE) is headquartered in the UK and, as a result, your information is protected by the UK General Data Protection Regulation (UK GDPR) even if you have no other connection with the UK.
This notice explains the information about you that we process when you use AskZOE if you do not login with your ZOE account. If you are a customer of our nutrition programme and use your ZOE account to login to AskZOE, then our main privacy policy applies (see below).
Our main privacy policy also contains important additional information that explains more about who we are; what we do with data we collect and your rights relating to personal data. It will also tell you how we process information about our customers, casual visitors to our other websites and anyone else whose information is processed as part of the use of our other apps.
AskZOE uses some tools provided by Meta (Facebook) for analysis, we have explained how we use information in collaboration with Meta under a separate heading.
How we process information about you
1. How we process information about you
1.2 Account Data
Account data consists of information you give us when creating your account, such as your name and email address. We use this:
In order to enable you to login.
To allow us to customise your experience of using AskZOE.
We may link your account data with device information (see below) that we collect while you are logged into your account.
We will use your email address to send ongoing gut health and nutrition insights from ZOE, as well as information and offers about our products and services.
We will also use the emails for the same purposes, and in the same way, as we would emails from our other ZOE customers as described in our main privacy policy and, in particular, the section “user research”.
1.2 Device information
When you use our AskZOE app, we will be automatically sent an IP address for your connection (which may identify your phone uniquely, depending on how you access the Internet) and information about your phone, such as the version of its operating system (iOS or Android) and the make of phone.
We make use of this information in two ways:
It is automatically stored by our servers in “logs” in order for us to identify problems in our system, including identifying external attacks to it.
We will use a code that acts as an identifier unique to your mobile device and another code that uniquely identifies your use of the app at a particular time. This allows us to recognise people who were using the app before we had an account based system and allow them to move to the account based system more seamlessly.
2. What personal data we collect
2.1 How do use this information?
It is automatically stored by our servers in “logs” in order for us to identify problems in our system, including identifying external attacks to it.
We will use a code that acts as an identifier unique to your mobile device and another code that uniquely identifies your use of the app at a particular time. This will allow us to recognise you if you want to create an account with us at a later date. We do not yet have an account based system.
As you would expect, we process information relating to items you scan (e.g. barcode, product and the results of the scan) along with any other information you provide - for example where a food isn’t in our database, we ask you to take a picture of it and give us more information about it.
We use this information to:
Provide you with the food score and any other features we may add to the app that rely on information specific foods.
Customise your experience of interacting with ZOE based on the kinds of foods you have shown an interest in, including sending you push notifications relating to particular foods or making our information updates and marketing more relevant to you.
We also use this information as part of our work on understanding and improving the app and improving our food database, but when we do so, we do not use it in a way that relates to you.
Our legal basis for using account data, device information and usage information is a legitimate interest in:
Running a reliable app.
Improving the app and providing a useful service to future users.
Marketing our products and services.
Those two bullets being our purpose in obtaining the information in the first place.
ZOE Customers: Account Linking
If you use your ZOE account to login to AskZOE, we will treat your usage of AskZOE as an extension of your normal use of ZOE services. This means we will link all the information we collect via AskZOE with your ZOE account and use it in the same way, and for the same purposes, as if we had collected it as part of your normal usage of ZOE. Our standard privacy policy will apply.
2.2 How long do we keep customer information for?
At the moment, we will keep the information we use to recognise users of the app who did not have accounts for at most 12 months’ after it was collected, after which it will be deleted.
Otherwise, we routinely delete our server logs after 90 days, unless we are aware of any serious problem that requires investigation (for example fraud or a hostile attack to our systems), in which case we may preserve any information necessary for that investigation for as long as it is needed. Once the investigation is concluded, we will delete the data unless it is being retained for some other purpose.
3. Tracking tools
3.1 Meta
In order to understand how AskZOE is being used, we of Meta Inc’s “Business Tools” called App Events. We send the following information to Meta:
Information automatically transmitted by your app to our systems (such as IP address and version of your phone’s operating system)
A “session ID”, which is a code unique to your use of the app at that time (which will be meaningless to Meta) and a “device ID” which is a number intended to be unique to your browser stored in a cookie called “_fbp”.
We do not store the information collected this way, but we are able to access it and use it so long as Meta stores it.
For this processing of your personal data Meta is a joint controller with Zoe. We have entered into a UK Controller Addendum to determine the respective responsibilities for compliance with the obligations under the UK GDPR with regard to the joint processing, including an agreement that we are responsible for providing you as a minimum with the information under this heading and that, Meta is responsible for enabling your rights under Articles 15-20 of the UK GDPR with regard to the personal data stored by Meta after the joint processing.
Further information on how Meta processes personal data, including the legal basis that Meta relies on and the ways to exercise data subject rights against Meta, and other information that the UK GDPR requires Meta to disclose to you can be found in Meta's Privacy Policy at https://www.facebook.com/about/privacy.
3.2 Your rights
In our main privacy policy you can also read about:
Your rights under UK data protection law, which governs our business (see “7.5 Data Subject Rights” and “7.6 International Transfers of Personal Data”)
Rights of California Residents (see “8. California Resident Rights”)
Other rights you may have (see “9. Other Rights”).
4. How to contact us:
If you have any questions or comments about this privacy notice, the ways in which we collect and use your Personal Data or your choices and rights regarding such collection and use, please do not hesitate to contact us at:
For more general enquiries: hello@joinzoe.com
For data privacy requests: dpo.askzoe@joinzoe.com
To contact our Data Protection Officer: dpo@joinzoe.com.
