FIND US
FIND US

Privacy Policy

1. Introduction

This Privacy Policy explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data and keep it safe.

We know that there’s a lot of information here but we want you to be fully informed about your rights, and how the Z. K. FOOD LTD uses your data.

We hope the following sections will answer any questions you have but if not, please do get in touch with our Data Protection Officer using the details set out below.

Contact Details

Data Protection Officer

Z. K. FOOD LTD

51 Armenias Street, 2006 Strovolos, Nicosia

e-mail address: [email protected]

Tel: 80000600

You have the right to make a complaint at any time to the Office of the Commissioner of Data Protection (DPA), the competent authority in Cyprus for data protection issues (www.dataprotection.gov.cy).

Changes to the Privacy Policy and your duty to inform us of changes

This version was last updated in January 2025.

It’s likely that we’ll need to update this Privacy Policy from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.

 

2. Controller

When you are using the websites of Z. K. FOOD LTD, Cooknook, cooknook.com.cy and the Cooknook programs and the Cooknook applications, or are providing any information in relation to the Cooknook loyalty programs, Z. K. FOOD LTD is the data controller.

This privacy policy is issued on behalf of Z. K. FOOD LTD – which will hereinafter be referred to as ‘the Company’. The Company includes the company Z. K. FOOD LTD and the following business names: Cooknook. Z. K. FOOD LTD is the data controller.

For simplicity throughout this policy, ‘we’ and ‘us’ means Z. K. FOOD LTD and the business names.

 

3. What personal data we collect about you

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer the following personal data about you:

  • Your name and surname, gender, date of birth, billing/delivery address, orders and receipts, email and telephone number. For your security, we’ll also keep an encrypted record of your login password.
  • Details of your interactions with us through our stores, online, through the telephone center or by using one of our apps.
  • Details of your shopping preferences and purchases.
  • Details of your visits to our websites or apps, and which site you came from to ours.
  • Personal details which help us to recommend products of interest.
  • Information on payments by card and/or cheques and/or other means.
  • Your comments and product reviews.
  • Your image may be recorded on CCTV when you visit a shop or car park of the Company.
  • Your car number plate may be recorded at some of our car parks.
  • Technical information about your internet connection, browser, country, telephone code, viewed web pages, ads clicked, and search terms.
  • Cookie data: IP address, login data, browser type, version, time zone, location, device OS, and platform.
  • Your social media username, if you interact with us through those channels.
  • Marketing preferences including your opt-in status for receiving communications.
  • Your own photos when participating in competitions or events organized by the Company.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.

However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

If you fail to provide personal data

Where we need to collect personal data under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

 

4. How is your personal data collected

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us personal data by filling in forms, applying for services, or corresponding by phone, email, or other methods.
  • apply for our products or services;
  • purchase products or services from us;
  • create and use an account on our website or apps;
  • join one of our loyalty schemes (e.g., Cooknook);
  • execute a contract with us;
  • request marketing materials or messages;
  • enter competitions, prize draws, or fill in surveys;
  • submit feedback, comments, complaints, or reviews;
  • engage with us on social media;
  • download and use our apps;
  • book appointments;
  • fill in incident or accident forms in stores;
  • submit a report or complaint;
  • visit our stores monitored by CCTV;
  • participate in company events or volunteer activities;
  • complete questionnaires on our websites;
  • provide services or products to us;
  • attend events organized by the Company.
  • Automated technologies or interactions. We collect Technical Data through cookies, server logs, and similar tech as you interact with our websites.
  • Third parties or publicly available sources. We may receive personal data from third parties and public sources.

Examples:

  • Technical Data from analytics providers (Google, Apple Store, etc.)
  • Contact and Transaction Data from payment and delivery services
  • Photos or info from third parties (e.g., for a cake order or delivery)
  • Information from lawyers or third-party reports/claims
  • Business associates we contract with

 

5. How we use your personal data

We use your personal data for purposes including:

  • Order management and fulfillment
  • Business relationship management
  • Website and app operations
  • Loyalty account management
  • Complaint and feedback handling
  • Marketing communications and promotions
  • Site and online security
  • Customer behavior monitoring for personalization
  • Financial management and billing
  • IT systems administration and fraud prevention
  • Statistics and quality assurance
  • Claims management and legal proceedings

 

6. Our reasons for using your personal data

We will process your personal data for the following reasons:

  • Processing is necessary in connection with a contract which we have entered into with you.
  • Processing is necessary to pursue our legitimate interests, such as sending personalized offers or developing products/services.
  • You have given us consent (e.g., subscribing to newsletters). You may withdraw consent at any time.
  • Compliance with legal or regulatory obligations (e.g., fraud prevention).

We have legitimate business interest in:

  • Providing and promoting our products, services, and events
  • Managing our business relationship with you or your organization
  • Understanding and responding to feedback
  • Improving services, customer experience, and offers
  • Receiving data from associated companies for shared clients
  • Enforcing our terms and conditions
  • Securing our systems and premises
  • Monitoring Company income and expenses
  • Protecting legal rights and ensuring invoices are paid

 

7. How and why do we use your personal data?

We aim to give you the best customer experience by understanding you through your data.

We use this to provide relevant promotions and rewards. This is part of our legitimate interest.

Here’s how we’ll use your personal data and why:

  • To process orders and deliveries — without your data, we cannot fulfill purchases.
  • To respond to queries, refunds, complaints — based on legal and contractual obligations.
  • To prevent fraud and protect accounts — using browsing/IP data for monitoring.
  • To operate CCTV for safety — justified by legitimate interests.
  • To process payments and monitor suspicious transactions.
  • To meet hygiene and safety standards on premises.
  • To notify law enforcement in cases of criminal behavior.
  • With consent, to send you personalized offers, product updates, and promotions by email, phone, text, or in-store.
  • To send postal communications (based on legitimate interests). You can opt out.
  • To send legal or policy updates (not considered marketing).
  • To personalize website/app content based on your interactions and consent (e.g., cookies).
  • To manage competitions and prize draws.
  • To improve our services through testing and system development.
  • To comply with legal obligations for law enforcement or legal claims.
  • To send non-promotional surveys/feedback requests (legitimate interest).
  • To combine internal and third-party data to tailor your experience and analyze trends.
  • To determine loyalty program benefits using algorithms (with your consent).
  • To handle legal claims and insurance processes for accidents on our premises.
  • To share your data with third-party services (e.g., couriers or call centers) where necessary for services.

8. Combining your data for personalised direct marketing

We want to bring you offers that are most relevant to your interests. We combine your data across Z. K. FOOD LTD and Cooknook, including third-party data (with your consent), to better understand you and deliver relevant promotions.

9. How we protect your personal data

We treat your data with the utmost care and take all appropriate steps to protect it:

  • HTTPS encryption on websites and apps
  • Password-protected access to data
  • Secure storage for sensitive data like payment details
  • Ongoing security monitoring and penetration testing

10. For how long we will keep your personal data

We only keep your data as long as necessary for the reason it was collected. When it's no longer needed, we either delete or anonymize it.

Examples:

  • Orders: Personal data kept for 2–3 months unless required longer for legal purposes.
  • Inactive accounts: After 12 months of inactivity, we may delete the account unless you respond to keep it active.
  • Photos: Only kept as long as necessary for competitions/events/orders.
  • Complaints: Retained until issue is fully resolved or longer if needed for legal defense.
  • CCTV footage: Auto-deleted after 10–15 days unless needed for investigation.
  • We may retain data longer for legal, tax, or court-related obligations.

11. With whom we share your personal data

We may share your data with trusted third parties. Our data protection policies ensure:

  • They only receive what is necessary.
  • They use it only for agreed purposes.
  • They protect your privacy at all times.
  • They delete/anonymize your data when services end.

Examples include:

  • IT support providers
  • Server and storage services
  • Delivery and call center operators
  • Email/marketing partners
  • Research/analytics firms
  • Advertising partners (e.g., Google/Facebook) with cookie consent
  • Database/CRM providers for customer records
  • Competition organizers

Sharing for third-party purposes:

  • With your consent (e.g., direct marketing)
  • Fraud investigations and law enforcement
  • Legal obligations (e.g., court orders)
  • Business transfers or mergers

12. Where your personal data may be processed

Some partners may process your data outside the EEA (e.g., USA). We ensure they apply the same standards through data protection agreements and safeguards.

13. What are your rights over your personal data?

You have the right to:

  • Access your data
  • Request corrections
  • Request deletion in certain circumstances
  • Receive a copy in a structured format (e.g., CSV)
  • Restrict processing temporarily
  • Object to processing (e.g., marketing)
  • Withdraw consent at any time
  • Request human review of automated decisions

You can contact our Data Protection Officer to exercise these rights. We will verify your identity before proceeding.

14. How can you stop the use of your personal data for direct marketing?

You can opt out at any time by:

  • Clicking the “unsubscribe” link in our emails
  • Managing preferences in our apps
  • Contacting us by email, phone, or mail

Note: You may still receive service communications (e.g., policy updates).

15. Contacting the Regulator

If you feel your data has been mishandled, you can lodge a complaint with:

Office of the Commissioner of Personal Data
Phone: 22818456
Website: www.dataprotection.gov.cy

16. If you have any questions on the Privacy Policy

For further information or questions not answered here, please contact:

  • Email: [email protected]
  • Mail: Data Protection Officer, Z. K. FOOD LTD, 51 Armenias Street, 2006 Strovolos, Nicosia