App Privacy Policy

1. Who are we?
We are Zest Technology Limited, a company registered in England and Wales with company number 05104223. Our head office is located at Leatherhead House, Station Road, Leatherhead, Surrey KT22 7FG. You are the individual who wishes to access and use the app (App).

Please read the following policy in conjunction with your employer’s Portal Privacy Policy to understand how we may use the personal data you provide or which we collect about you in connection with your access to and use of the App. This policy may vary from time to time so please check it regularly.

The App provides access to your employer’s portal (Portal) for the purpose of managing information related to your employment. The Portal and the personal data collected and processed within it is governed by a separate Portal Privacy Policy defined by your employer. The Portal Privacy Policy outlines how your employer uses personal data that you provide to them or which they collect about you in connection with your access and use of the Portal. The Portal Privacy Policy provided by your employer can be accessed on the login page and the footer of the Portal, both of which can be accessed from within this App or via a web browser.

2. Data Controller
This app complies with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), which are the data protection laws that apply to all companies that process personal information in the UK.

If your employer has decided to use this App to provide access to your employment information they are considered to be the Data Controller of your personal data. If you wish to exercise your rights under the UK GDPR you can do so by contacting your Data Controller, details for whom can be found in the Portal Privacy Notice.

Should you download and access the App without having been granted access by your employer, then we are considered to be the Data Controller of your personal data. Our Data Protection Officer can be contacted directly by emailing dpo@zestbenefits.com.

3. The personal data we collect
Outside of the scope of your employer’s Portal Privacy Policy, this App collects no personal data.

Should you download and access the App without being able to verify your employer, we will collect no personal data. As we do not collect or process your personal data, we do not disclose a lawful basis for processing, how we share your personal data, how long we keep your personal data or information relating to international transfers of personal data.

4. Your rights as a data subject
The UK General Data Protection Regulation (UK GDPR) grants data subjects the following rights:

  • Right of access
    The right to request a copy of the information that a Data Controller holds about them.
  • Right of rectification
    The right to correct data that a Data Controller holds about them that is inaccurate or incomplete.
  • Right to be forgotten
    In certain circumstances they may ask for the data that a Data Controller holds about them to be erased from their records.
  • Right to restriction of processing
    Where certain conditions apply, they have the right to restrict the processing of their personal data (as an alternative to erasure). This means the Data Controller would be allowed to store the data, but not use it.
  • Right of portability
    They have the right to have the data a Data Controller holds about them transferred to another organisation.
  • Right to object
    They have the right to object to certain types of processing. This includes an absolute right to prevent their personal data being used for direct marketing.
  • Right to object to automated processing, including profiling
    They have the right not to be subject to decisions based solely on automated processing, including profiling, if this produces legal effects or similarly significantly affects them.

Where your employer is considered to be the Data Controller, you can exercise your rights through the channels specified within the Portal Privacy Policy.

Where we are considered to be the Data Controller, you can exercise any of the above rights by submitting your request via the online form at https://www.zestbenefits.com/dsar. When we are not the Data Controller of the personal data in question, we will forward your request to the appropriate third party and notify you that we have done so.

UK data protection law also grants data subjects the following additional rights:

  • Right to complain
    They have the right to lodge a complaint with a supervisory authority or with the relevant Data Protection Officer, as described in section 5 below.
  • Right to judicial review
    They have the right to take legal action against a controller or processor where they consider that any of their rights have been infringed as a result of their personal data being processed in a way that does not comply with UK data protection law. They also have the right to take legal action against the supervisory authority if they do not handle the complaint in an appropriate or timely manner.

5. Complaints
In the event that you wish to make a complaint about how your personal data is being processed by Zest, or about how a previous complaint has been handled, you have the right to lodge a complaint directly with Zest’s Data Protection Officer and with the supervisory authority.

The details for each of these contacts are:

Zest Data Protection Officer:
Data Protection Officer
Zest Technology Ltd
Leatherhead House
Station Road
Leatherhead
Surrey KT22 7FG
dpo@zestbenefits.com

Supervisory Authority:
Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
casework@ico.org.uk
https://www.ico.org.uk