Skip to Content (Press Enter) Skip to Footer (Press Enter)

Privacy Notice

Last Updated: May 20, 2025

This Privacy Notice (“Privacy Notice”) explains how the affiliated entities of ZO Skin Health, Inc., each acting as a data controller (“ZO”, “our”, or “we”), collect, use, and disclose personal data. The specific ZO entity acting as a data controller for your personal data is identified in the section below titled “Data Controller Contact Details.”

This Privacy Notice applies to individuals (“users”, “you”, or “your”) located in the United Kingdom (“UK”), European Economic Area (“EEA”), or Switzerland, who visit a ZO website in those regions (the “Site”), create an account, interact with us offline, and/or make purchases through the Site or other sites or services that link to this Privacy Notice (collectively, the “Services”).
We encourage you to read this Privacy Notice carefully to understand how we handle your personal data. By using the Services, you acknowledge that you have read and understand this Privacy Notice and that we collect, process, and may disclose your personal data as set forth below. If you have any questions regarding this Privacy Notice or our privacy practices, please email us at privacy@zoskinhealth.com. If you visit our Site, please also refer to our Terms of Use.

As used in this Privacy Notice, “personal data” means any information relating to an identified or identifiable natural person, as defined under applicable data protection law, including any information that we collect, use, store, share, or transfer in either physical or electronic form.

DATA CONTROLLER CONTACT DETAILS

The specific ZO entity responsible for your personal data, acting as the data controller under applicable data protection laws, is listed below for users located in the UK, the EEA, or Switzerland.

Benelux: ZO Skin Health Netherlands B.V., a company registered in the Netherlands with a registered office at Frisselsteinstraat 8, 5461 AD Veghel, Netherlands.

France: ZO Skin Health France SAS, a company registered in France with a registered office at 6 Rue Cambacérès, 75008 Paris, France. 

Nordics: ZO Skin Health Norway AS, a company registered in Norway with a registered office at Løkkeåsveien 3, 1337 Sandvika, Norway.

United Kingdom: ZO Skin Health Limited, a company registered in the United Kingdom with a registered office at 20 Eastbourne Terrace, London, W2 6LG, United Kingdom. 

PERSONAL DATA WE COLLECT

ZO may collect personal data from the following sources:

Directly from you. For example, when you create an account, make a purchase, input information into a form on our Site, email us, or engage with us on social media.

Automatically through cookies and other tracking technologies. For example, via cookies and tracking technologies on our Site or in our email communications (see “Cookies and Other Tracking Technologies” for more information).

From other sources. For example, or vendors, partners, and social media platforms.

We may collect the following categories of personal data depending on how you interact with us. 

  • Contact Information, such as name, mailing address, telephone number, and email address.
  • Personal data, such as physician characteristics or description, login credentials, profile pictures when you choose to interact with us on social media.
  • Commercial Information, such as products considered and other browsing tendencies. 
  • Internet or Other Electronic Network Activity Information, such as products considered or other purchasing tendencies, browsing history, search history, IP address, keystrokes and scrolls, device identifiers, information regarding online interactions, including interactions over time across the internet, the Site, and advertisements, approximate location data.
  • Geolocation Data, including approximate location based on your device IP address or interaction with the Authorized Finder tool.
  • Sensory Data, including audio recordings of customer care calls. 
  • Inferences about your preferences and interactions with our Services.
  • Profile Information, such as age range and information about your skincare needs.
  • Contents of Communications, including any information you choose to share with us when you communicate with us via email, webform, chat, telephone, or otherwise.

HOW WE USE THE PERSONAL DATA WE COLLECT

We use the personal data described above for the purposes specified at the time of collection or as follows:

  • To improve our understanding of your interests and concerns,
  • To provide you with a smooth and efficient customer experience, and
  • For security, analytics, and marketing purposes.

For the purposes discussed in this Privacy Notice, we may combine the personal data that we collect through the Services with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Privacy Notice.

We may aggregate or anonymize any information we collect so that such information is no longer reasonably capable of being associated with you and use such information for any purpose. 

Legal Basis for Processing

In accordance with applicable data protection regulations, we only process your personal data when we have a legal basis to do so, such as:

  • Where use of your personal data is necessary to fulfill our obligations under a contract or commitment to you. 
  • Where use of your personal data furthers our legitimate interests or the legitimate interests of others. 
  • Where we use your personal data to comply with applicable legal obligations. 
  • Where you have consented to our processing of your personal data for a particular purpose.

TO WHOM WE SHARE YOUR PERSONAL DATA

We may disclose your personal data to:


Subsidiaries and Affiliates. We may share your personal data with our subsidiaries and affiliates.

Service Providers. We may disclose your personal data to vendors that perform certain services on our behalf, such as processing orders, processing credit card payments, delivering products and services, providing customer service and marketing assistance, performing business and sales analysis, supporting our website functionality, and supporting other features and promotions offered through our Site (“Service Providers”). We will only provide these Service Providers with the personal data that they need to provide such services, and Service Providers are not permitted to share or use such personal data for other purposes. 


ZO Authorized Partners. When purchasing products on our Site, you may choose one of the many ZO Authorized Partners across the country before completing your purchase. When selecting a ZO Authorized Partner in checkout, you can choose to allow us to disclose your personal data to your selected ZO Authorized Partner. If you choose for us to disclose your personal data in this way, we will disclose certain personal data to the ZO Authorized Partner who you selected.


Business Partners. From time to time, we may offer promotions, sweepstakes, or third-party offerings on our Site. If you make purchases or engage in these services and/or products offered through our Site or our Services, we may disclosure personal data to the businesses with which we partner to offer you those products, services, promotions, contests, and/or sweepstakes. When you elect to engage in a particular merchant’s offer or program, we will require your consent to provide your email address and other information to that merchant.  

Other Users of the Services. We may provide areas on the Services where you can communicate with others, upload content, and post comments or reviews. If you choose to share information in this way, you share such information with all individuals capable of viewing it. For example, if you post a comment on a publicly viewable area of the Services, you choose to share the information you post with the public. We encourage you to exercise discretion and caution with respect to sharing your information.

Business Transfers. We may disclose your personal data in connection with a merger, acquisition, reorganization, assignment, sale of assets, or other corporate transactions, or in the event of bankruptcy. 

Legal Obligations, ZO may disclose your personal data in good faith in response to a subpoena, court order, or other legal process from law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us, in our sole discretion.

COOKIES AND OTHER TRACKING TECHNOLOGIES

A cookie is a small data file that is stored by your browser on your device. We use cookies to deliver a better experience, for example, remembering your preferences.

Other examples of why we use cookies include:

  • To learn about how you interact with our Site
  • To detect and prevent fraud
  • To conduct analytics activities
  • To improve our Services
  • To facilitate interest-based advertising

The cookies we use can be categorized as follows:

Strictly Necessary Cookies. These cookies are necessary for the Site to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the Site will not then work. These cookies do not store any personal data.

Performance Cookies. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of the Site. They help us to know which pages are the most and least popular and see how visitors move around the Site. All the information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited the Site and will not be able to monitor its performance.

Functional Cookies. These cookies enable the Site to provide enhanced functionality and personalization. They may be set up by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these Services may not function properly.

Targeting Cookies. These cookies may be set through our Site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store personal data but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

You can find more information about the individual cookies we use and the purposes for which we use them in the Cookie Table below.

Please note that the following third parties may also use cookies, over which we have no control. These third parties may include, for example, advertising networks and providers of external services like web traffic analysis services. To deactivate the use of third-party advertising cookies, you may visit the consumer page for the services below. These third-party cookies are likely to be analytical cookies or performance cookies or targeting cookies:

Demandware e-Commerce

OneTrust

Google Analytics

Predictive Intelligence

Microsoft Bing Ads

Commerce Cloud

Stripe

B2B CommerceMeta

Digioh

Klaviyo

You can choose which category of cookies we can set by clicking on the buttons provided on our  Center. You can also choose to “Reject All” cookies in the cookie banner. If you use your browser’s method of blocking or removing cookies, some, but not all, types of cookies may be deleted and/or blocked. If you delete or block cookies, some functionality on our Site may not work properly.

Modifying your mobile device or browser settings may have different results depending on the type of device or browser you are using and the version of the device operating system you are running. Opting out of tailored advertising does not prevent you from seeing advertising online; instead, the ads you see are less likely to be customized to your interests. 

In addition to cookies, we may use other types of tracking technologies in connection with our Services.

Analytics. We may use third-party web analytics services (such as those of Google Analytics) on our Services to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; assist with fraud prevention; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

We may integrate the analytics services we use with advertising services that are made available by our analytics providers. For example, we integrate Google Analytics with the following Google advertising features:

  • Remarketing with Google Analytics
  • Cross Device Remarketing & Reporting
  • Google Analytics Demographics and Interest Reporting
  • Google Display Network Impression Reporting

To opt-out of Google Analytics for display advertising or customize Google display network ads, visit the Google Ads Settings page. Please note that these opt-outs apply per device, so you will have to opt-out for each device through which you access our Services.

If you receive email from us, we may use certain analytics tools, such as tracking pixels, to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.

Session Replay Technology. We may use session recording and replay technology to observe your mouse movements, scrolling, and clicks on our Site. We use these tracking tools for support and analytics purposes, and to better understand how people engage with our Site. This information is often collected and processed by our Service Providers who we have engaged to analyze this information on our behalf. 

Online Advertising. For more information about tailored advertising and how you can generally control the cookies being placed on your device to deliver tailored advertising, please visit the Network Advertising Initiative’s Consumer Opt-Out link, or the Digital Advertising Alliance’s Consumer Opt-Out link or Your Online Choices to opt out of receiving tailored advertising from companies that participate in those programs. 

THIRD PARTY WEBSITES 

The Services may link to third-party websites. We do not control, recommend, or endorse such websites. We are not responsible for and make no representations about such websites or their content, services, or practices. This Privacy Notice does not govern any third-party websites. Thus, we encourage you to review the privacy policies of any third-party websites you choose to visit to understand how those websites collect, use, and share your personal data.

INTERNATIONAL TRANSFERS

The personal data that we collect from you may be transferred to, and stored at, a destination outside the UK, the EEA, or Switzerland. It may also be processed by personnel operating outside these jurisdictions who work for us or for one of our suppliers. Such personnel may be involved in activities including, but not limited to, fulfilling your order, processing your payment details, and providing support services.

Where we transfer your personal data outside the UK, the EEA, or Switzerland, we take appropriate steps to ensure that your data is treated securely and in accordance with applicable data protection laws. These safeguards may include the use of standard contractual clauses approved by the European Commission, the UK International Data Transfer Agreement or Addendum, or equivalent safeguards recognized under Swiss data protection law. We will ensure that any such transfer is subject to an adequate level of protection consistent with your rights and freedoms.

DATA SECURITY

ZO maintains appropriate security measures (including physical, electronic, and procedural measures) to help safeguard your personal data. However, we cannot guarantee the security of such personal data because no security measures are perfect. We are not responsible for third-party circumvention of any of our privacy settings or security measures. 

You can also take steps to safeguard your personal data. If you create an account on our Site, you will be required to select a password which should be kept confidential and be of appropriate complexity. You should also limit access to your devices and accounts to avoid unwanted access to your personal data. For example, you should always log out of your account after using it on a shared device.

DATA RETENTION

We will retain your personal data only for as long as is reasonably necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Notice, or as required to comply with legal, regulatory, tax, accounting, or reporting obligations. Where processing is based on your consent, we will cease processing and delete the relevant personal data upon withdrawal of your consent, unless continued retention is required by law.

In accordance with our internal retention policies and applicable legal requirements, we may delete or anonymize records containing personal data when they are no longer necessary for the purposes for which they were collected. We are not obligated to retain your personal data indefinitely and disclaim any liability arising from or related to the deletion of such data in accordance with applicable laws and our retention practices.

YOUR RIGHTS

Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal data. We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you. We reserve the right to charge a fee where permitted by law if your request is manifestly unfounded or excessive.  

You can exercise your rights through any reasonable means, including by completing our request form at privacy@zoskinhealth.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfill your request in compliance with applicable law. Responses can only be provided in English.

We may not always be able to fully address your request, if, for example, it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way. 

Right to Access Personal Data

You have a right to request that we provide you with a copy of your personal data that we hold and you have the right to be informed of: (a) the source of your personal data; (b) the purposes, legal basis, and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal data may be transferred. 

Right to Rectify or Erase Personal Data

You have a right to request that we rectify inaccurate personal data. We may seek to verify the accuracy of the personal data before rectifying it. You can also request that we erase your personal data in limited circumstances where:  

  • It is no longer needed for the purposes for which it was collected.
  • You have withdrawn your consent (where the processing was based on consent), and where there is no other legal ground for the processing.
  • Following a successful right to object (see right to object).
  • It has been processed unlawfully.
  • To comply with a legal obligation to which ZO is subject.   

We are not required to comply with your request to erase personal data if the processing of your personal data is necessary for compliance with a legal obligation; for the establishment, exercise or defense of legal claims; or for the performance of a contract. 

Right to Restrict the Processing of Your Personal Data

You can ask us to restrict your personal data, where:

  • Its accuracy is contested, to allow us to verify its accuracy
  • The processing is unlawful, but you do not want it erased
  • It is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend legal claims
  • You have exercised the right to object, and verification of overriding grounds is pending

We can continue to use your personal data following a request for restriction where we have your consent; to establish, exercise, or defend legal claims; or to protect the rights of another natural or legal person. 

Right to Transfer Your Personal Data

You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, where the processing is based on your consent or on the performance of a contract with you; and the processing is carried out by automated means.  

Right to Object to the Processing of Your Personal Data

You can object to any processing of your personal data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. 

Right to Object to How We Use Your Personal Data for Direct Marketing Purposes

You can request that we change the way we contact you for marketing purposes. 

Right to Obtain a Copy of Personal Data Safeguards Used for Transfers Outside Your Jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the UK or EEA. We may redact data transfer agreements to protect commercial terms.  

Right to Lodge a Complaint with Your Local Supervisory Authority

If you have concerns about our use of your personal data, you have a right to make a complaint to the data protection regulator in your country. 

No Rights of Third Parties

To the extent permitted by Applicable Law, this Privacy Notice does not create rights enforceable by third parties or require disclosure of any information relating to users of the Sites.

YOUR CHOICES

We provide several ways for you to exercise control over how we use personal data about you and how we communicate with you as described below.

Marketing Emails. Consistent with your choices and in compliance with applicable law, we may send you marketing and promotional emails. You may opt out of these emails by (a) by clicking unsubscribe at the bottom of our marketing emails, or (b) by writing to us at privacy@zoskinhealth.com. It may take up to 10 days for us to process an opt-out request. You will still receive transactional communications from us. 

“Do Not Track” Signals. The Site does not respond to “Do Not Track” signals sent by browsers, mobile devices, or other mechanisms.

Social Media. To control the personal data you share with us when you follow us, like our posts, or otherwise interact with us on social media, you can adjust your social media account settings related to how your personal data is shared.

CHILDREN

Our Services are not directed to or intended for YOUR CHOICES, CHILDREN. We do not knowingly collect personal data from children without permission from a parent or legal guardian.

You must be at least 16 years old to provide us with your personal data and 18 years old to engage in transactions on the Site. By engaging in transactions with us, you affirm that you are at least 18 years old and are fully able to enter into and be legally bound by such transactions

CHANGES TO THIS PRIVACY NOTICE

We will occasionally update this Privacy Notice. When we post changes to this Privacy Notice, we will revise the “Last Updated” date at the top of this Privacy Notice and, if applicable notify you as required by applicable law. Please note, we may change information on the Sites and/or this Privacy Notice at any time and any changes to this Privacy Notice. We recommend that you check our Site from time to time to inform yourself of any changes in this Privacy Notice.

CONTACT US

If you have any questions or concerns about how we process and use your personal data or would like to exercise any of your privacy rights, you may contact us at the following details:

By email to privacy@zoskinhealth.com

By phone at 1 (888) 893-1375 

By mail to 9685 Research Drive

Irvine, CA 92618

USA

COOKIE LIST

Cookie Type

Cookie Name

Purpose

Duration

Strictly Necessary

dwsid

This cookie is essential for our site.

A few seconds

Strictly Necessary

dw_dnt

This cookie is essential for our site.

1 day

Strictly Necessary

_cfuvid

This cookie is essential for our site.

2 days

Strictly Necessary

sid

This cookie is essential for our site.

3 days

Strictly Necessary

__bxcurr

This cookie is essential for our site.

4 days

Strictly Necessary

__lbxprev

This cookie is essential for our site.

5 days

Strictly Necessary

OptanonAlertBoxClosed

This cookie is essential for our site.

1 year

Strictly Necessary

2c.cId

This cookie is essential for our site.

3 years

Strictly Necessary

OptanonConsent

This cookie is set by OneTrust to remember which types of cookies a visitor allowed or rejected.

1 year

Performance

_hjSessionUser_xxxxxx

This cookie recognises you when you return to our site.

1 year

Performance

_ga

This cookie recognises you when you return to our site.

1 year

Performance

__idcontext

This cookie recognises you when you return to our site.

1 year

Performance

_uetvid

This cookie recognises you when you return to our site.

A few seconds

Performance

_gid

This cookie stores and updates a unique value to track user activity across pages for analytics purposes.

A few seconds

Performance

_ga_xxxxxxxxxx

This cookie generates statistical data on how visitors use the site.

A few seconds

Performance

__cq_uuid

This cookie tracks users to improve site performance and personalize content by storing a unique user identifier.

1 year

Performance

_gat_UA-

This cookie allows us to limit data collection on our high-traffic site by controlling request rates.

A few seconds

Performance

__cq_bc

This cookie tracks user activity to improve site performance and personalize content, including storing a history of viewed products.

1 month

Performance

cquid

This cookie tracks user activity to improve site performance and personalize content, including storing a history of viewed products.

A few seconds

Performance

cqcid

This cookie tracks user activity to improve site performance and personalize content, including storing a history of viewed products.

A few seconds

Performance

_hjSession_xxxxxx

This cookie stores session data to ensure all user actions during a visit are attributed to the same session.

A few seconds

Functional

weird_get_top_level_domain

This cookie is used by Salesforce Commerce Cloud to help the site work correctly across different pages or subdomains.

A few seconds

Functional

__cq_dnt

This cookie shows that a visitor has opted out of tracking on the site and is set on each page by Commerce Cloud.

A few seconds

Functional

__stripe_mid

This cookie is used by Stripe to remember the visitor and securely process credit card payments without storing card details on the site.

1 year

Functional

__anact

This cookie helps the site understand when a search shows no results so it can improve the visitor’s experience.

A few seconds

Functional

ABCDEFGHIJKLMNOP

QRSTUVWXYZabcdefg

hijklmnopqrstuvwxyz012

3456789+/

The cookie is associated with Bounce Exchange and protects the security of visitor data.

A few seconds

Functional

screenSize

This cookie helps adjust the site layout to fit a visitor’s device.

1 year

Functional

__cq_seg

This cookie helps the site show more relevant products by using a visitor’s shopping behavior and preferences.

1 month

Functional

__cqact

This cookie assigns each user a unique ID so the site can count visits and understand how visitors interact with it.

A few seconds

Functional

__stripe_sid

This cookie is used by Stripe to remember the visitor and securely process credit card payments without storing card details on the site.

A few seconds

Targeting

__bxtest

This cookie is used to test whether cookies are working and enabled for the current visitor.

A few seconds

Targeting

__bxprev

This cookie is used to track metrics that indicate previous days the visitor was at the site.

A few seconds

Targeting

_fbp

This cookie is set by Facebook to deliver ads, including real-time bidding from third-party advertisers.

2 months

Targeting

_gcl_au

This cookie is set by Google AdSense to test how well ads work on the site.

2 months

Targeting

__lbxcid

This cookie is used for enabling the display of promotional overlays and forms through Digioh.

A few seconds

Targeting

__lbxcurr

This cookie is used for enabling the display of promotional overlays and forms through Digioh.

A few seconds

Targeting

_uetsid

This cookie is set by Bing to show ads that may be relevant to the visitor browsing the site.

A few seconds

Targeting

_fbp

This cookie is set by Facebook to deliver ads, including real-time bidding from third-party advertisers.

2 months

Targeting

xdibx

This cookie is set by Digioh to track how visitors interact with content like images or videos delivered through Lightbox CDN.

A few seconds

Targeting

dwac_XXXXX

This cookie stores session and shopper details like customer ID, source code, currency, and time zone for analytics purposes.

A few seconds

Targeting

__bxevents

This cookie is set by Digioh to measure how well site features are working and how visitors access the site.

A few seconds

Targeting

__bxcid

This cookie is used to identify a browser for the duration of a session.

A few seconds

Targeting

__lbxevents

This cookie is set by Digioh to help the site work better and make a visitor’s experience smoother and more personalized.

A few seconds

Targeting

dwanonymous_xxxxxxxx

This cookie is set by the Demandware platform to anonymously track visitors for targeting or personalization.

5 months
Back to top