Last updated: 24/05/2018
1. Who are we?
We are Zest Technology Limited, a company registered in England and Wales with company number 05104223. Our head office is located at Leatherhead House, Station Road, Leatherhead, Surrey KT22 7FG. We are part of The SimplyBiz Group.
We provide technology to allow companies and individuals to manage employee benefits via an online portal. This website (www.zestbenefits.com) provides details about the services we offer and the ability to make contact with us.
This privacy notice describes how we use the personal data you provide through your use of this website. Please read it carefully along with our Cookies Policy, which can be found at the bottom of this page. We may make changes to this notice from time to time, so please check it regularly.
2. Data Protection Officer
Our Data Protection Officer can be contacted directly by emailing firstname.lastname@example.org.
3. The personal data we process
We have described below the personal data that we process, what we use it for and where we get it from.
Personal data type: Your contact details, including name, telephone number and email address
What we use it for: To respond to your enquiry or arrange a product demonstration
Where we get it from: You, via the “Get in touch” or “Request a demo” forms
Personal data type: Your email address
What we use it for: To send you newsletters about our products and services
Where we get it from: You, via the “Subscribe to our newsletter” form
Personal data type: Technical information about your computer or mobile device including details such as your operating system and web browser. This is statistical data and does not identify your individual device.
What we use it for: To help us ensure our website displays correctly on all popular devices and operating systems
Where we get it from: Your device
Personal data type: Information used to identify how you are connecting to our website, such as your IP address.
What we use it for: For security reasons, so that we can link any actions on our website with your internet connection (for example, to allow us to identify suspicious behaviour).
Where we get it from: Your device
Personal data type: Details of your use of the website. For example, the pages you visit and the time you spend viewing a page.
What we use it for: To help us improve your experience when using the website,
Where we get it from: You
4. Data Controller
Zest is the controller of the personal data we hold about you as a result of your use of this website. “Data controller” is a role defined by the General Data Protection Regulation (GDPR). This is the data protection law that all companies have to comply with from 25 May 2018 if they process personal data of EU citizens. As data controller we have various obligations, including fulfilling all of your rights as a data subject, which you can read about in section 4.10 below.
5. Our lawful basis for processing
The GDPR requires us to have a lawful basis to process your personal data. The lawful basis that we rely on varies depending on the specific data we are processing and how we collected it, as follows:
• When you subscribe to our newsletter via the form on our website, we are processing your data on the basis of consent. You may withdraw this consent at any time.
• When you use any of the other forms on our website to contact us, we are processing your data on the basis of legitimate interest. Since you have expressed interest in our products or services, it is legitimate for us to use the personal data you provided to contact you with further information.
• With respect to any technical data we collect from you during your use of the website, or analytical data regarding the way in which you use the website, we are processing your data on the basis of legitimate interest. We want to provide you with the best experience possible while navigating the website, so it is legitimate for us to use this technical and analytical data for this purpose.
6. Processing special categories of data
The GDPR identifies special categories of data that are considered especially sensitive and so can only be processed under certain conditions.
None of the personal data that we process through this website falls into these special categories.
7. Sharing your personal data
We will share some of your personal data with other companies for the following purposes:
• With website hosting companies, in order to provide this website and to process requests you submit via this website.
• With mailing list management companies, in order to send you newsletters and to allow you to manage your newsletter subscription.
• With website analytics companies such as Google Analytics, in order to understand your use of this website and to allow us to improve your experience.
We may also anonymise your personal data and use the results to produce reports or analysis to be shared with other companies in our group, or with external parties.
In addition to the above, we may share your personal data with third parties in the following circumstances:
• To conform to legal requirements or comply with legal process.
• To assist in the investigation of suspected illegal or wrongful activity. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
• To protect and defend our rights or property.
• To deal with any misuse of the website.
• To sell, make ready for sale or dispose of our business in whole or in part including to any potential buyer or their advisers.
We may share your personal data in other circumstances but, if so, we will obtain your prior consent before we do so.
8. How long we will keep your personal data
We will process and retain your personal data for as long as it is required for the purpose for which it was originally collected.
The exception to this is if, as a result of you making a request as described in section 4.10 below, we are required by law to stop processing or storing your personal data.
9. International transfer of your personal data
It is possible that we may transfer your personal data to a country that is outside of the EEA. When we do this, we will ensure that measures are in place as required by the GDPR so that all of your privacy rights are guaranteed.
10. Your rights as a data subject
At any point while we are holding or processing your personal data, you have the following rights:
• Right of access
You have the right to request a copy of the information that we hold about you.
• Right of rectification
You have the right to correct data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten
In certain circumstances you can ask for the data we hold about you to be erased from our records.
• Right to restriction of processing
Where certain conditions apply, you have the right to restrict the processing of your personal data (as an alternative to erasure). This means we would be allowed to store the data, but not use it.
• Right of portability
You have the right to have the data we hold about you transferred to another organisation.
• Right to object
You have the right to object to certain types of processing. This includes an absolute right to prevent your personal data being used for direct marketing.
• Right to object to automated processing, including profiling
You have the right not to be subject to decisions based solely on automated processing, including profiling, if this produces legal effects or similarly significantly affects you.
You can exercise any of the above rights by submitting your request via the online form at https://www.zestbenefits.com/websitedsar.
When we are not the data controller of the personal data in question, we will forward your request to the appropriate third party and notify you that we have done so.
In cases where we have shared your data with a third party (as explained in section 4.7 above) we may also share your request with that third party so that they can assist us in fulfilling it.
The GDPR also gives you the following additional rights:
• Right to complain
You have the right to lodge a complaint with a supervisory authority or with our Data Protection Officer, as described in section 4.11 below.
• Right to judicial review
You have the right to take legal action against a controller or processor where you consider that any of your rights have been infringed as a result of your personal data being processed in a way that does not comply with the GDPR. You also have the right to take legal action against the supervisory authority if they do not handle your complaint in an appropriate or timely manner.
In the event that you wish to make a complaint about how your personal data is being processed by Zest (or third parties as described in section 4.7 above), or about how a previous complaint has been handled, you have the right to lodge a complaint directly with Zest’s Data Protection Officer and with the supervisory authority.
The details for each of these contacts are:
Zest Data Protection Officer:
Data Protection Officer
Zest Technology Ltd
Surrey KT22 7FG
Information Commissioner’s Office (ICO)
Cheshire SK9 5AF
1. Important Information
This policy may vary from time to time so please check it regularly.
2. What are cookies?
Cookies are small text files that are placed on your computer, mobile phone or tablet by websites that you visit or apps/portals that you use. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to website owners.
3. Which cookies are used on this website?
The cookies we use are non-intrusive and most web sites use similar cookies. None of your personal details are held in these cookies. The paragraph below describes the types of cookies that this website uses and why.
Strictly necessary cookies
These cookies are used to store server-side, user-specific information to maintain a session state for you. They are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies, services you have asked for cannot be provided and some other functions of the website may not work properly, or at all.
These cookies collect information about how users use this website, for instance the number of users, where users have come from, which pages users go to most often, and if they get error messages. These cookies don’t collect information that identifies a user. All information these cookies collect is aggregated and therefore anonymous. We use the information to compile reports and to help us improve the website.
We use Google Analytics for the purposes described above. You can find out more about Google Analytics and privacy at Google by clicking here.
These cookies allow the website to remember choices you make and provide enhanced, more personal features. These cookies can also be used to remember changes to parts of website that you can customise. They may also be used to provide services you have asked for such as watching a video or submitting comments. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
To find out more about the way cookies work, how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.