AskZOE Privacy Policy
We take your privacy seriously. Please read this Privacy Policy to learn how we treat your personal data.
Effective: 23rd February 2024
Archived versions
This notice explains the very limited amount of information about you that we process when you use AskZOE. Our main privacy notice explains more about who we are; and how we process information about our customers, casual visitors to our other websites and anyone else whose information is processed as part of the use of our other apps. AskZOE also uses some tools provided by Meta (Facebook) for analysis, we have explained how we use information in collaboration with Meta under a separate heading.
This notice applies to v1 of AskZOE. We will update it as the app evolves.
Zoe Limited is headquartered in the UK and, as a result, your information is protected by the UK General Data Protection Regulation (UK GDPR) even if you have no other connection with the UK.
How we process information about you
1. How we process information about you
When you use our AskZOE app, we will be automatically sent an IP address for your connection (which may identify your phone uniquely, depending on how you access the Internet) and information about your phone, such as the version of its operating system (iOS or Android) and the make of phone.
2. What personal data we collect
2.1 How do use this information?
It is automatically stored by our servers in “logs” in order for us to identify problems in our system, including identifying external attacks to it.
We will use a code that acts as an identifier unique to your mobile device and another code that uniquely identifies your use of the app at a particular time. This will allow us to recognise you if you want to create an account with us at a later date. We do not yet have an account based system.
As you would expect, we process information relating to items you scan (e.g. barcode, product and the results of the scan) along with any other information you provide - for example where a food isn’t in our database, we ask you to take a picture of it and give us more information about it.
We use this information to:
Provide you with the food score and any other features we may add to the app that rely on information specific foods.
Customise your experience of interacting with ZOE based on the kinds of foods you have shown an interest in, including sending you push notifications relating to particular foods or making our information updates and marketing more relevant to you.
We also use this information as part of our work on understanding and improving the app and improving our food database, but when we do so, we do not use it in a way that relates to you.
Our legal basis for doing these things is a legitimate interest in:
Running a reliable app.
Improving the app and providing a useful service to potential customers at a later date.
Those two bullets being our purpose in obtaining the information in the first place.
2.2 How long do we keep customer information for?
We routinely delete our server logs after 90 days, unless we are aware of any serious problem that requires investigation (for example fraud or a hostile attack to our systems), in which case we may preserve any information necessary for that investigation for as long as it is needed. Once the investigation is concluded, we will delete the data unless it is being retained for some other purpose.
We will keep information for the purposes of creating a unique identifier - or just the identifier itself - for at most 12 months’ after we have collected, after which it will be deleted.
3. Tracking tools
3.1 Meta
In order to understand how AskZOE is being used, we of Meta Inc’s “Business Tools” called App Events. We send the following information to Meta:
Information automatically transmitted by your app to our systems (such as IP address and version of your phone’s operating system)
A “session ID”, which is a code unique to your use of the app at that time (which will be meaningless to Meta) and a “device ID” which is a number intended to be unique to your browser stored in a cookie called “_fbp”.
We do not store the information collected this way, but we are able to access it and use it so long as Meta stores it.
For this processing of your personal data Meta is a joint controller with Zoe. We have entered into a UK Controller Addendum to determine the respective responsibilities for compliance with the obligations under the UK GDPR with regard to the joint processing, including an agreement that we are responsible for providing you as a minimum with the information under this heading and that, Meta is responsible for enabling your rights under Articles 15-20 of the UK GDPR with regard to the personal data stored by Meta after the joint processing.
Further information on how Meta processes personal data, including the legal basis that Meta relies on and the ways to exercise data subject rights against Meta, and other information that the UK GDPR requires Meta to disclose to you can be found in Meta's Privacy Policy at https://www.facebook.com/about/privacy.
3.2 Your rights
In our main privacy notice you can also read about:
Your rights under UK data protection law, which governs our business (see “7.5 Data Subject Rights” and “7.6 International Transfers of Personal Data”)
Rights of California Residents (see “8. California Resident Rights”)
Other rights you may have (see “9. Other Rights”).
4. How to contact us:
If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data or your choices and rights regarding such collection and use, please do not hesitate to contact us at:
dpo.askzoe@joinzoe.com for data privacy requests or askzoe@joinzoe.com for general requests or zoe.com/dpo
