Consumer Health Data Privacy Notice

This Consumer Health Data Privacy Notice (Health Data Notice) supplements the information in our global Privacy Policy. Any definitions not defined in this Health Data Notice have the meaning given to them in our Privacy Policy.

Our Privacy Policy was written to help you understand what information we collect through our Website, our free or paid services (including the ZOE App and our personalized nutrition program (Personalized Nutrition Program)) (collectively our Services), our Daily30+ supplement or any other products we offer (Products), or if you otherwise interact with us (including when you sign up to receive our email updates or participate in our research studies (Studies)). It was written to help you understand what information we collect, how we use it, and what choices you have.

This Health Data Notice applies to a subset of that information – data that may constitute ‘Consumer Health Data’ under laws enacted by certain states, including ‘Washington’s My Health, my Data’ Act and Nevada’s SB 370 (Consumer Health Laws). It also only covers customers covered by these laws – specifically consumers interacting with us in an individual or household capacity. For more general questions, please see our Privacy Policy. 

1. What categories of Consumer Health Data do we collect?

As described in our Privacy Policy, the personal data we collect depends on the context of your interactions with our Services, the choices you make, and the tools and features you use. Consumer Health Data is broadly defined and some of the categories of data we collect would be Consumer Health Data if they were not excluded under Consumer Health Laws.

We may collect or receive the following categories of Consumer Health Data:

• Self-Reported Health and Lifestyle Data: Information about your health and lifestyle in your answers to our questionnaires or that you otherwise choose to provide us in your account. This includes height, weight, what you eat, pre-existing health conditions, recent antibiotic use, if you are pregnant, lifestyle information such as exercise and energy, your health and nutrition goals, results of blood tests you have had outside of the ZOE testing (if you have had blood tests recently and choose to share with us).

• Apple/Android Health Data: Health data from Apple/Android health applications (which may include information from wearable devices that you connect) which you choose to integrate with your account, and subject to the permissions you may set on those third-party applications and wearable devices, including, without limitation:

• Heart rate, and physical activity information;

• Information about the types of physical activities you engage in, and the duration of your physical activity;

• Sleep activity information and sleep trends;

• Other Information about your activity as may be collected from your wearable device and applications (if connected to your Apple/Android health application) or self reported;

• Test data: The results we receive back from the laboratories that have analyzed your biological samples that you sent to them for testing (on our behalf), including your blood fat and glucose levels from your finger prick sample and your microbiome analysis from your stool sample. Please note that we do not receive the samples from the laboratories, only the test results.

• Glucose Data: The concentration of glucose in your blood that we receive from the blood sugar sensor we send to you to use (if you include this in your testing). Abbott GmbH, the supplier of the blood sugar sensor, provides us with this data through their app.

• ZOE Scores: The health and food scores we create for you using information we have about you, such as your test results and what you eat.

• Photo Logging Data: To the extent your interaction with our photo logging feature in the ZOE App (Photo Logging) reveals anything about your health or dietary habits, the photos (which may include any metadata associated with the photos) that you take using the Photo Logging. 

• Study Data: To the extent it is health information, any information you provide us as part of a study you have chosen to participate in (details of such data collection will be given to you at the time you sign up).

• Menoscale Data: The information you provide if you use our Menoscale calculator, including menopause status, if taking HRT, menopause symptom questionnaire responses.

1. Where do we collect Consumer Health Data from?

We may obtain Consumer Health Data from different sources, which we set out for each category of data in our Privacy Policy. With respect to Consumer Health Data, we collect that from the following sources:

• Provided directly by you, for example when you create an account with us, if you answer questions or provide other information later on within your account, or when you log your meals.

• Collected from your Apple/Android application where you have authorized to share this with us.

• Received from the laboratories who have analyzed the biological samples you sent to them for testing.

• Collected from the provider of the blood sugar sensor we send to you, on your request.

• Inferred by us, using the above information (for example, we use this information to provide you with the ZOE Scores).

1. Why do we collect your Consumer Health Data?

We may collect and use Consumer Health Data for one or more of the following purposes:

• To provide you with our Personalized Nutrition Program, including determining your eligibility, facilitating testing of samples, analyzing your information and providing you with the functionalities of the ZOE App (including providing you with the ZOE Scores and advising you what to eat), and integrating data between the Website and ZOE App.

• To gain a better understanding of nutritional responses to food generally, in order to develop and improve your experience and our Services, including training our algorithm.

• To provide you with the ZOE App functionality and insights (including Photo Logging and food scores), whether you are a free or paid user.

• Providing you with our Menoscale service.

• To provide you with the ZOE App Community functionality, including being able to provide our coaching effectively.

• Where you have consented, to carry out the relevant study/research (including determining your eligibility for such research, inviting you to participate, and sharing, in de-identified form, with partners such as universities).

• To provide you with customer support and quality assurance, and to manage our relationship with you, including providing support on our Services and Products (including via our chatbot).

• To carry out analytics and use feedback to develop and improve our Services, customer service, relationships and experiences.

• To manage our business and finance operations and administration.

• To investigate complaints/incidents with our Services and resolve legal disputes/claims.

• To ensure we are complying with data protection laws and responding to your requests (including on Cookies and data subject requests).

• De-identify, tokenize, or aggregate your information (or otherwise render the information so you are not reasonably identifiable), or to create or derive datasets, as part of the Services and for other purposes consistent with the purposes for which the information was collected.

4. How might we share your Consumer Health Data?

In addition to disclosing data to our group company in the UK (ZOE Limited) we may disclose each of the categories of Consumer Health Data described above to the parties set out below for the purposes set out in this Health Data Notice (or if the law otherwise allows it):

• Suppliers and service providers acting on our behalf (typically known as ‘processors’ under the Consumer Health Laws), including hosting and other technology and communication providers, analytics providers, CRM, system administration services, security and fraud prevention consultants, and support and customer service vendors.

• If you have purchased ZOE testing, the laboratories engaged by us to carry out your tests. 

• Where you have consented to participate in a Study or other research, the third parties carrying out research into diet and/or health including academic research organizations (such as universities) and pharmaceutical companies (for example to assist in the development of new medications). 

• Where you have chosen to include a blood sugar sensor in your testing, your Glucose Data with the sensor provider, Abbott GmbH (although your data is only linked to a random ID, not your name). 

• Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets, or to acquire. 

• Auditors and professional advisers including lawyers, bankers, auditors and insurers. 

We do not ‘sell’ or ‘share’ Consumer Health Data as defined under the Consumer Health Laws, except where you have given specific consent for us to share your data for scientific research purposes - this is never for money, but it still may be considered as ‘selling’ under the very specific definition in the CPRA. You can opt-out of this sharing at any time by contacting us. 

1. What are your Consumer Health Data rights and choices?

You have the right to (1) request a copy of your Consumer Health Data; (2) confirm whether we have disclosed or sold your Consumer Health Data; (3) delete your Consumer Health Data; or (4) withdraw their consent or authorization relating to such data. See How can you contact us? below for how to exercise these rights. 

1. How can you submit an appeal?

To appeal our decision on your Consumer Health Data Rights request, you may contact us by using the contact information listed below or emailing us at dpo@joinzoe.com. In submitting your appeal, please enclose a copy of or otherwise specifically reference our decision on your data subject request, so that we may adequately review and address it. We will respond in accordance with applicable law.

1. How can you contact us?

For any questions, complaints, or inquiries regarding this Policy, or our privacy practices, You can contact us or submit a request as follows:

• To access or erase your data: use our form at https://privacy.zoe.com/zoe. 

• To exercise any of your other rights, or to ask for more information about this privacy policy or our use of your data: email us at dpo@joinzoe.com. 

• For more general enquiries: please contact us at hello@joinzoe.com.