What personal data we collect
Information from the quiz
The Blue Poop quiz collects the following information:
- Your first name
- Sex assigned at birth and the gender you identify with
- Location (country and state (if US))
- Email address
- Height and weight
- Gut transit time
- Information about your diet
We use this information as follows as part of the Blue Poop service:
- For calculating your personalized results and reporting them back to you.
- To allow you to access your personalized results through a unique URL that is sent to your email.
- Sending you insights about nutrition and health, as well as letting you know about other ZOE services that we think might be of interest to you.
- Personalizing your experience, for example using your first name when we send emails to you, or using your personal data to make sure that we send things that are relevant to you.
- Aggregating it (for example to allow us to compare results across different countries), see under “aggregating data” below.
- If you signed up to be a citizen scientist, we will use it for our research (see “citizen science” below).
- We share a hashed version of your email address with Facebook, so that we can make sure some of our advertisements are shown only to participants in the challenge or other people associated with ZOE.
- In the future, we may personalize other aspects of ZOE’s services to you based upon this data.
Our purpose in doing so is to:
- Provide you fun and interesting insights into your gut and its relationship to your health, which we hope will encourage you to think more about how important your gut microbiome is, and which may eventually encourage you to use ZOE’s other nutrition services.
- Provide you with other insights that we have learned about diet and health.
- Use your personal data for community science (if you consented to our doing so).
- Tell others about what we have discovered, for example in scientific publications or news articles, but without identifying you..
- Enable us to focus our advertising on people who might be interested in ZOE.
We keep this data:
- For the Blue Poop insight service, without a specific time limit, but you may unsubscribe at any time.
- For citizen science, as long as the information contributes to our research effort (we have no specific time limit, but will review how long we are keeping it on a regular basis).
Our legal basis for processing this information is that we have a legitimate interest in trying to build interest in our brand, and also a legitimate interest in collecting data for the purpose of research. If, for any reason, you wish us to stop processing your data, please contact us at firstname.lastname@example.org.
If you have opted to participate in citizen science then we will also use the information from your quiz as part of our research. This includes sharing it with research teams with which we collaborate and using it to write research papers for publication. If we share your personal data with third parties for research purposes, we will remove your name and email address.
Our purpose in doing so is to contribute to our research into gut transit time, diet, and the gut microbiome, for which our legal basis is consent. You may withdraw that consent at any time, by contacting us at email@example.com at which point we will stop using your quiz data for research.
Because this personal data is being used for scientific research, we do not have a specific date in the future when it will be deleted, but we do carry out periodic reviews of all personal data we use for research purposes in order to decide whether we should continue to retain it. We will delete it if we should not.
Where you have ordered blue muffins, we collect:
- Delivery information (address, name, contact number)
- Billing information necessary in order for payments to be processed by our third party payment processor. For example the amount of the payment, payment card type, payment card number, and your billing address.
Billing information is processed on our behalf by our payment provider Shopify, but we have access only to the last 4 digits of your payment card number.
- Consent to marketing
- Consent to being included in scientific research
- Unsubscribe indications for mailing lists
We use this information to keep track of whether you have consented to be included in scientific research; or to receiving emails from us. Our legal basis for doing so is compliance with our legal obligations under electronic privacy law and for that reason, we retain it (and any associated email address) for six years.
How we share your personal data
We do not share personal data with anyone else, other than with:
- Our group (ZOE Ltd, based in the UK, and ZOE US Inc, based in the United States).
- Others carrying out research into diet and/or health including academic research organizations (such as universities). When we do this an anonymous code will always be used to replace your personal details (name and email address).
- Contractors providing us with services we use for processing personal data, which include:
Hosting, technology, and communication providers, Security and fraud prevention consultants, Analytics providers, Support and customer service vendors, Payment processors & Marketing platforms
These contractors will not be permitted to use any personal data for their own purposes and will be under contractual obligations to us to keep any personal data they process secure.
- Our professional advisors, such as if we need to consult an attorney for legal advice. In all cases, these will be advisors under a professional duty of confidence.
Other personal data
- Device and browser data: If you visit our website, or use our app, then some information (for example about your browser or Internet address) will be automatically collected. See Device and browser data.
- Correspondence: contact details of those who directly correspond with use. See correspondence.
- Support: We may process any of the information you provide us for the purposes of providing support and assistance.
- Legal requirements: We may also process your personal information, including sharing it with government agencies if we are legally required to do so in circumstances where this cannot be reasonably resisted.
- International transfer of data: we transfer data internationally for a number of reasons - for example between our UK and US companies. When we do so, we take care to ensure that your personal data remains protected. For more detail on this see international transfers.
- Rights in the USA: you may have rights under US state law which we have not described here. For more information, please see our California Residents’ Rights.
We may aggregate personal data so that no individual may be identified from it. For example, we might want to write a blog post giving the percentages of people who fall into different gut transit time categories. Our legal basis for aggregation is that we have a legitimate interest in summarising or otherwise communicating the shape of the quiz data to others. Once aggregated the data will cease to be personal data.
Your rights as a UK Union Data Subject
Our parent company (Zoe Ltd) is based in the United Kingdom, which means that you have rights under the UK's data protection law (the UK General Data Protection Legislation) even if you do not live there or are not a citizen of the UK.
Under the UK GDPR, you have certain rights with respect to your personal data, which we have summarised below. For more information about these rights, or to submit a request to exercise any of those rights that apply to us, please email us at firstname.lastname@example.org or www.joinzoe.com/dpo.
There are some circumstances where do not have to or must not comply with a request such as if it is extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to your request and explain why we are not complying with it. In some cases, we may also need you to provide us with additional information, which may include personal data, if necessary to verify your identity and the nature of your request.
- Access: You can request more information about the personal data we hold about you and request a copy of such personal data.
- Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
- Erasure: You can request that we erase some or all of your personal data from our systems.
- Withdrawal of Consent: If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. However, if you exercise this right but still want to continue to use some parts of our Service, you may have to provide express consent on a case-by-case basis for the use or disclosure of certain of your personal data, if such use or disclosure is necessary to enable you to utilize some or all of our Service.
- Portability: You can ask for a copy of your personal data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
- Objection: You can contact us to let us know that you object to the further use or disclosure of your personal data for certain purposes, such as for direct marketing purposes.
- Restriction of Processing: You can ask us to restrict further processing of your personal data.
- Right to File Complaint: You have the right to lodge a complaint about ZOE’s practices with respect to your personal data with the United Kingdom information commissioner.
How to contact us:
email@example.com or www.joinzoe.com/dpo
You may use the following information to contact our Data Protection Officer and our European Union-Based Member Representative:
firstname.lastname@example.org or www.joinzoe.com/dpo