Book a demo

Privacy Notice

Last updated: 23/01/2024

Privacy Notice

1. Who are we?

We are Zest Technology Limited (“Zest”), a company registered in England and Wales with company number 05104223. Our head office is located at Leatherhead House, Station Road, Leatherhead, Surrey KT22 7FG.

We provide technology to allow companies and individuals to manage employee benefits via an online portal. This website (www.zestbenefits.com) provides details about the services we offer and the ability to make contact with us.

This privacy notice describes how we use your personal data. Please read it carefully along with our Cookies Policy, which can be found at the bottom of this page. We may make changes to this notice from time to time, so please check it regularly.

2. Data Protection Officer

If you wish to exercise your rights under UK data protection law, you can do so by contacting us.

Our Data Protection Officer can be contacted directly by emailing dpo@zestbenefits.com.

3. The personal data we process

We have described below the personal data that we process, what we use it for and where we get it from.

Personal data type: Your contact details, including name, telephone number and email address.
What we use it for:  To respond to your enquiry or arrange a product demonstration.
Where we get it from: You, via the “Get in touch” or “Request a demo” forms.

Personal data type: Your email address.
What we use it for: To send you newsletters about our products and services.
Where we get it from: You, via the “Subscribe to our newsletter” form.

Personal data type: Technical information about your computer or mobile device including details such as your operating system and web browser. This is statistical data and does not identify your individual device.
What we use it for: To help us ensure our website displays correctly on all popular devices and operating systems.
Where we get it from: Your device.

Personal data type: Information used to identify how you are connecting to our website, such as your IP address.
What we use it for: For security reasons, so that we can link any actions on our website with your internet connection (for example, to allow us to identify suspicious behaviour).
Where we get it from: Your device.

Personal data type: Details of your use of the website. For example, the pages you visit and the time you spend viewing a page.
What we use it for: To help us improve your experience when using the website.
Where we get it from: You.

Personal data type: Details you submit when making a request to exercise your rights under data protection legislation.
What we use it for: To fulfil your request.
Where we get it from: You.

Personal data type: Business contact details such as name, job title and email address that we obtain from third party marketing data providers or public sources.
What we use it for: To contact you if we believe you may be interested in our products and services.
Where we get it from: Third party marketing data providers (the providers we currently use are: Honch, Lusha, Lead Forensics) and public sources such as LinkedIn.

4. Data Controller

Zest is the controller of the personal data we hold about you as a result of your use of this website. “Data controller” is a role defined by the UK General Data Protection Regulation (UK GDPR). As data controller we have various obligations, including fulfilling all of your rights as a data subject, which you can read about in section 11 below.

5. EU representative

If you are a resident of the European Union, or a Supervisory Authority in an EU member state, you can contact our nominated EU representative. We have appointed IT Governance Europe Limited to act in this regard. If you wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR) or have any queries in relation to your rights or general privacy matters, please email our representative at eurep@itgovernance.eu. Please ensure to include our company name (Zest Technology Limited) in any correspondence you send to our representative.

6. Our lawful basis for processing

UK data protection law requires us to have a lawful basis to process your personal data. The lawful basis that we rely on varies depending on the specific data we are processing and how we collected it, as follows:

  • When you subscribe to our newsletter via the form on our website, we are processing your data on the basis of consent. You may withdraw this consent at any time.
  • When you use any of the other forms on our website to contact us, we are processing your data on the basis of legitimate interest. Since you have expressed interest in our products or services, it is legitimate for us to use the personal data you provided to contact you with further information.
  • With respect to any technical data we collect from you during your use of the website, or analytical data regarding the way in which you use the website, we are processing your data on the basis of legitimate interest. We want to provide you with the best experience possible while navigating the website, so it is legitimate for us to use this technical and analytical data for this purpose.
  • With respect to business contact details that we obtain from third party marketing data providers or public sources, we are processing your data on the basis of legitimate interest. We want to bring relevant offers to the market, targeted to a qualified list of individuals who are most likely to be interested, so it is legitimate for us to use the personal data in this manner.

7. Processing special categories of data

UK data protection law identifies special categories of data that are considered especially sensitive and so can only be processed under certain conditions.

None of the personal data that we process through this website falls into these special categories.

8. Sharing your personal data

We will share some of your personal data with other companies for the following purposes:

  • With website hosting companies, in order to provide this website and to process requests you submit via this website.
  • With mailing list management companies, in order to send you newsletters and to allow you to manage your newsletter subscription.
  • With website analytics companies such as Google Analytics, in order to understand your use of this website and to allow us to improve your experience.
  • With sales engagement platforms, in order to facilitate contacting you with details of our products and services.

We may also anonymise your personal data and use the results to produce reports or analysis to be shared with other companies in our group, or with external parties.

In addition to the above, we may share your personal data with third parties in the following circumstances:

  • To conform to legal requirements or comply with legal process.
  • To assist in the investigation of suspected illegal or wrongful activity. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  • To protect and defend our rights or property.
  • To deal with any misuse of the website.
  • To sell, make ready for sale or dispose of our business in whole or in part including to any potential buyer or their advisers.
  • In order to enforce or apply the website Terms of Use, the terms of this privacy notice or our Cookies Policy, and other agreements with third parties.

We periodically appoint digital marketing agents to conduct marketing activity on our behalf. Such activity may result in the compliant processing of personal information by such agents. Agents that are currently appointed in this capacity include:

  • Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733, acting as a Joint Controller. You can contact Sopro and view their privacy policy here: http://sopro.io. Sopro are registered with the ICO Reg: ZA346877. Their Data Protection Officer can be emailed at: dpo@sopro.io.

We may share your personal data in other circumstances but, if so, we will obtain your prior consent before we do so.

9. How long we will keep your personal data

We will process and retain your personal data for as long as it is required for the purpose for which it was originally collected.

The exception to this is if, as a result of you making a request as described in section 11 below, we are required by law to stop processing or storing your personal data.

10. International transfer of your personal data

It is possible that we may transfer your personal data to a country that is outside of the UK and EEA. When we do this, we will ensure that measures are in place as required by UK data protection law and the EU GDPR so that all of your privacy rights are guaranteed.

11. Your rights as a data subject

At any point while we are holding or processing your personal data, you have the following rights:

  • Right of access
    You have the right to request a copy of the information that we hold about you.
  • Right of rectification
    You have the right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten
    In certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing
    Where certain conditions apply, you have the right to restrict the processing of your personal data (as an alternative to erasure). This means we would be allowed to store the data, but not use it.
  • Right of portability
    You have the right to have the data we hold about you transferred to another organisation.
  • Right to object
    You have the right to object to certain types of processing. This includes an absolute right to prevent your personal data being used for direct marketing.
  • Right to object to automated processing, including profiling
    You have the right not to be subject to decisions based solely on automated processing, including profiling, if this produces legal effects or similarly significantly affects you.

You can exercise any of the above rights by submitting your request via the online form at https://www.zestbenefits.com/dsar.

When we are not the data controller of the personal data in question, we will forward your request to the appropriate third party and notify you that we have done so.

In cases where we have shared your data with a third party (as explained in section 8 above) we may also share your request with that third party so that they can assist us in fulfilling it.

UK data protection law also gives you the following additional rights:

  • Right to complain
    You have the right to lodge a complaint with a supervisory authority or with our Data Protection Officer, as described in section 4.11 below.
  • Right to judicial review
    You have the right to take legal action against a controller or processor where you consider that any of your rights have been infringed as a result of your personal data being processed in a way that does not comply with UK data protection law. You also have the right to take legal action against the supervisory authority if they do not handle your complaint in an appropriate or timely manner.

12. Complaints

In the event that you wish to make a complaint about how your personal data is being processed by Zest (or third parties as described in section 8 above), or about how a previous complaint has been handled, you have the right to lodge a complaint directly with Zest’s Data Protection Officer and with the supervisory authority.

The details for each of these contacts are:

Zest Data Protection Officer:
Data Protection Officer
Zest Technology Ltd
Leatherhead House
Station Road
Leatherhead
Surrey KT22 7FG
dpo@zestbenefits.com

Supervisory Authority:
Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
casework@ico.org.uk
https://www.ico.org.uk