Zoovu is deeply committed to protecting our clients’ information and ensuring compliance with all applicable data privacy laws, including GDPR, UK GDPR, and CCPA, in the delivery of our services. We recognize that data privacy is a shared responsibility, and we are dedicated to enabling our clients to use Zoovu’s services while meeting their own obligations under applicable data privacy regulations. Additionally, Zoovu adheres to the principles of privacy by design and privacy by default, embedding data protection measures into our systems and processes from the outset. This page is intended to support your compliance efforts by providing detailed information about Zoovu’s data protection practices and the options available to you regarding the data processed by Zoovu in connection with your use of our services.
Zoovu collects and processes the following categories of data:
Zoovu collects and processes the following types of End User Data when engaging with our services:
Zoovu ensures that all processed data is anonymous. IP addresses are anonymized immediately upon collection by removing (hashing) the last octet. Zoovu does not use IP addresses to track or identify End Users and no full IP addresses are stored.
Zoovu stores conversations as part of Zoovu’s reporting services (Insights) for clients and to re-train and refine our own models for future improvements, which is a key value of our service. However, all conversations are completely anonymous and cannot be linked to any individual. They are used solely to provide insights and reporting to clients and are never shared with third parties or used for any other purpose. Each conversation has a unique session key, but it is not tied to any user ID—only to a server session on Zoovu’s side. Additionally, Zoovu does not use fingerprinting or identity stitching, as Zoovu’s internal policy. Furthermore, Zoovu has implemented measures to prevent users from entering personal data and advises end users not to enter personal data.
Zoovu collects the following information from Authorized Users: their name, email address, and password. Additionally, Zoovu automatically gathers information about how Authorized Users interact with our services ("Usage Data").
Usage Data includes:
To ensure privacy, all Usage Data is anonymized, de-identified, and aggregated. This ensures that no personally identifiable information can be linked back to individual users.
Zoovu collects the following information about its corporate clients:
Zoovu provides its clients with the ability to understand the behavior of End Users in aggregated / statistical form. This service is called Zoovu Insights. With Zoovu Insights clients can analyse the following data:
Zoovu also uses the statistical-aggregated data to help improve our products and services.
The raw data powering Zoovu Insights is securely stored in our databases and is never exposed through any user interface. It is only used to generate statistical and aggregated data, which is never shared with clients. Zoovu strictly uses statistical or aggregated insights to understand how our platform is used. The raw data primarily consists of a series of event records:
[event type: assistant start, event time: 2024-03-06, 12:34, assistant ID 126456, visit ID: 4a39f879bc2b3].The purpose of processing Authorized User Data is to effectively provide our services, including administrative actions such as assigning users to Clients and managing features enabled for a given Client. This also includes enabling login access to the Insights dashboard, preventing fraud and identity theft, assisting Clients in identifying the causes of system issues, evaluating the performance of our services, improving our products and services, managing billing, and settling disputes.
Client Data is used to manage and fulfill the contract between Zoovu and the Client, maintain the business relationship, send direct marketing communications, and meet tax and legal obligations.
Zoovu automatically collects End User Data through cookies or similar tracking technologies. Our system uses first-party cookies on client websites via a simple div tag and script. These cookies are essential for tracking website visitors for the purposes outlined above. Our setup supports a privacy-compliant opt-out or opt-in approach when required.
If cookies or similar technologies require user consent under applicable laws (e.g., UK GDPR, GDPR, or the EU ePrivacy Directive), it is the Client’s responsibility to obtain consent from each End User. The Client must ensure their website or platform includes clear, easy-to-understand notices about the use of cookies, what data is collected, why it’s collected, and any other legal requirements. Additionally, if needed, the Client must provide users with the ability to withdraw their consent at any time. Zoovu supports Clients by providing details about the cookies or similar technologies we use. Consent is usually managed through client’s Consent Management Platform (CMP), which Clients can configure to meet their privacy regulations. This includes opt-in/opt-out options and categorizing Zoovu’s cookies (e.g., as strictly necessary or analytics).
Here is the list of all cookies. Clients have the flexibility to assess the importance of cookies and configure their CMP accordingly. The recommendations regarding the criticality of cookies (i.e., essential vs. non-essential) are provided as guidelines only.
Clients share their data during the engagement process, and it is further processed throughout the lifecycle of the contract.
Authorized users provide their name and password to access our dashboard. Usage data is automatically collected through cookies or similar tracking technologies.
Zoovu does not sell or market data to third parties. We partner with certified third-party subprocessors and Zoovu affiliates to help deliver our services. These subprocessors store and assist in processing End User Data
| Subprocessor | Purpose | Export mechanism | Location |
|---|---|---|---|
| Microsoft Azure | Data Center |
|
EU/USA |
| Zendesk | Support platform for customers |
|
USA |
| Cloudflare |
|
|
EU/USA |
Zoovu audits its vendors, both at the time of onboarding and thereafter, to ensure that they adhere to data privacy laws/regulations, have in place appropriate organizational and technical measures in place and sign all relevant Data Processing Addendums and Standard Contractual Clauses where applicable.
All Zoovu entities have signed a Group Data Transfer Agreement incorporating the Standard Contractual Clauses mandated by Decision (EU) 2021/914 of 4 June 2021, for the transfer of personal data to third countries under GDPR. Additionally, the agreement includes the international data transfer addendum to the European Commission’s Standard Contractual Clauses issued under Section 119A of the UK Data Protection Act 2018, for data transfers under UK GDPR:
| Affiliate | Purpose and Role | Location |
|---|---|---|
| Zoovu Limited | Ongoing operating activity and business of Zoovu Group companies, including managing customer, partner, vendor, employees and shareholder relationships.
Data (joint) controller/processor |
UK |
| Zoovu (Austria) GmbH | Ongoing operating activity and business of Zoovu Group companies, including managing customer, partner, vendor, employees and shareholder relationships.
Data (joint) controller/processor |
Austria |
| Zoovu (Germany) | Ongoing operating activity and business of Zoovu Group companies, including managing customer, partner, vendor, employees and shareholder relationships.
Data (joint) controller/processor |
Germany |
| Zoovu (Poland) sp. z o.o. | Ongoing operating activity and business of Zoovu Group companies, including managing customer, partner, vendor, employees and shareholder relationships.
Data (joint) controller/processor |
Poland |
| Zoovu (USA) Inc | Ongoing operating activity and business of Zoovu Group companies, including managing customer, partner, vendor, employees and shareholder relationships.
Data (joint) controller/processor |
USA |
| Zoovu Canada Inc | Ongoing operating activity and business of Zoovu Group companies, including managing customer, partner, vendor, employees and shareholder relationships.
Data (joint) controller/processor |
Canada |
| Zoovu (USA) Holdings LLC | Activity and business of Zoovu Group companies, including managing customer, partner, vendor, employees and shareholder relationships.
Data (joint) controller/processor |
USA |
End User Data of our clients based in the European Economic Area (EEA) is hosted by default on an EU-based instance of Microsoft Azure (The Netherlands). Additionally, interactions of EEA-based users with Zoovu are managed through EU-based Cloudflare servers.
Zoovu also offers a US-based instance (Azure US, North Virginia). Following the European Commission's adequacy decision in July 2023 for the EU-US Data Privacy Framework, the US is deemed to provide an adequate level of protection for personal data transferred to participating US companies, as Microsoft is. To further safeguard cross-border data transfers to the US, Zoovu incorporates Standard Contractual Clauses (SCCs) in its Data Processing Agreement, ensuring compliance with the strict standards of GDPR and UK GDPR.
Zoovu acts as the processor of End User Data. As a processor, Zoovu does not determine the lawful basis for processing End User Data; as per GDPR and UK GDPR this responsibility lies with the controller—Zoovu's clients—who are required to establish the appropriate legal ground for processing. Under the CCPA, Zoovu is categorized as a "service provider" When the client falls under the definition of “business”.
Zoovu is the controller of Client Data and Authorized User Data. The primary legal basis for processing these data types is the necessity for entering into and performing contractual obligations. Additionally, the legitimate interest in maintaining and managing business relationships serves as a secondary basis for processing Client Data.
Zoovu complies with industry-recognized security frameworks, including SOC 2 and ISO 27001, to safeguard client’s data. To ensure the highest level of security and compliance, Zoovu has implemented the following technical and organizational measures:
Additionally, we enforce strict internal policies on data protection, and all Zoovu employees undergo annual training to stay updated on data privacy and security best practices.
| End User Data | 1 year after client contract ends |
| Clients Data | 6 years after contract ends |
| Authorized User Data | 6 years after contract ends |
Zoovu enables End Users to exercise their data protection rights, through client CMP, particularly their ability to control tracking, through opt-in and opt-out mechanisms:
This system empowers End Users to manage their tracking preferences while aligning with regulatory standards.
Any other requests to exercise privacy rights can be sent to the following email address: dpo@zoovu.com or to Zoovu Limited, 27 Old Gloucester Street, London, WC1N 3AX, United Kingdom. Alternatively, you can fill in the contact form on our Contact page to submit your request.
Yes, Zoovu’s Data Protection Officer contact details are below:
Aphaia Ltd
Eagle House
163 City Road, London
EC1V 1NR
DPO Telephone: +44 20 3917 4158 Email address: dpo@zoovu.com
Last updated on February 2025
Obligatory disclaimer: The content below is provided for informational purposes only. The information shared here is not meant to serve as legal advice. You should work closely with legal and other professional counsel to determine exactly how the GDPR, UK GDPR and/or CCPA may or may not apply to you.