The owner of the website https://zestpayments.com is ZEST CONSULTANCY, S.L., as well as the person responsible for the processing of personal data supplied by its users.
The processing of personal data that is carried out through this Website observes the provisions of Regulation (EU) 2016/679, General Data Protection, in Organic Law 3/2018, December 5, Data Protection Personal and with the technical and organizational security measures to guarantee a level of security appropriate to the risk of the treatment.
Data protection information
If the user decides to request information on our Website, the data strictly necessary to achieve the purpose for which our Website is intended will be requested, which is the information and promotion of our services, all of which are available on our Website. In no case will they be used for purposes other than those for which they have been voluntarily entered on the Web.
The personal data that the user provides us will be processed, having been informed of the purposes of the treatment and other information in advance by clicking on the “Accept” button.
Those who voluntarily provide their data to the owner of the Web by any of the means always established for this purpose, have had at their disposal in a transparent and clear way, having clicked on the corresponding box, the following aspects:
1.1 The Responsible of the treatment is ZEST CONSULTANCY, S.L., set in Paseo de la Castellana 123, Esc. Izq., Piso 6, Puerta B, 28046 Madrid and NIF: B66415688.
1.2 The PURPOSE of the treatment is as follows:
- the management of the request, request or query, and the maintenance of relations between the Web and its users.
- Unequivocal authorization that the data provided can be used to send you, by any means of communication, including electronic ones, commercial communications, with information of interest, and reminder communications, if you have marked the corresponding box or have stated, by any means, unequivocally your authorization.
- contract any of the specific products or services.
1.3 The LEGAL BASIS for the treatment is based on the established relationship, on compliance with legal obligations and on your unequivocal consent if it has been provided. We inform you that you can revoke your consent at any time, through an easy and simple means. In the case of contact persons of a legal person, the legal basis for the treatment is the legitimate interest of this entity in maintaining relations with said legal person.
1.4 We inform you that the CONSERVATION PERIOD of your data will be that of the validity of the contract and after its termination, in the case in which it is determined by law, while the conservation obligation lasts and, where appropriate, during the prescription period of corresponding actions. WE WILL KEEP your data if the legal basis is consent if you do not revoke your authorization, and once it is revoked, it will be set according to the criteria of exhausting the limitation periods for actions.
1.5 RECIPIENTS: no recipients of your data are foreseen, except legal obligation.
Information about users
We do record your IP (Internet Protocol) data assigned to the subscriber who owns the telephone line at the time of connection with this website, for the purpose of security and collaboration with the Justice. The data will be kept by the service provider for the time set by current legislation.
Rights of Access, Rectification, Opposition, Suppression, Limitation, unless the subject of automated decisions and Portability
At any time, the user has the right to access their information, to rectify it if their data is wrong, to oppose any type of treatment associated with the maintenance of the contractual relationship, to revoke the consent granted, to request the limitation or deletion of its treatment, not to be subjected to automated decisions, and to unsubscribe from the services of ZEST CONSULTANCY, S.L
These rights can be made effective after accreditation of the personality in the forms and within the terms established in the General Data Protection Regulation, by writing to the postal address that appears in the Legal Notice of the Web.
The processing of personal data and the sending of communications by electronic means, where appropriate, are adjusted to the regulations established in the General Data Protection Regulations, Organic Law 3/2018, of December 5, on Data Protection Personal and in Law 34/2002, of July 11, on Services of the Information Society and Electronic Commerce.
Remaining information on data protection.
The following information is extended information on data protection, available at any time:
In case you are a client:
Information on data protection. The person responsible for the treatment is: ZEST CONSULTANCY, S.L. Personal data will be processed for the purpose of CUSTOMER MANAGEMENT, OPERATIONAL CONSULTANT, FINANCIAL INTERMEDIATION, VIRTUAL POS MANAGEMENT, BILLING AND MAINTENANCE.
The legal basis of the treatment is the contract entered, the fulfillment of a legal obligation, the legitimate interest in the case of contact persons of legal persons and the consent, where appropriate, revocable at any time.
The criteria established for the conservation of your data is the limitation period for actions. If the basis of the treatment was consent, the data will be kept until the revocation of the consent or opposition to the treatment and, subsequently, during the period for filing claims.
The recipients of your data are the tax administration and banking entities, where appropriate.
You have at your disposal the exercise of access rights including the right to obtain a copy of the personal data subject to treatment, rectification, opposition, deletion or erasure, where appropriate, portability and limitation of treatment, by writing to the person responsible for the treatment to the following address: Paseo de la Castellana 123, Esc. Izq., Piso 6, Puerta B, 28046 Madrid (Spain). The customer service email is firstname.lastname@example.org and the cosntact telephone number is +34 913 50 65 07. You have the right to file a claim with the supervisory authority.
2- Data treatment agreement.
In the event of provision of a service for which personal data of the client or Contractor is processed, the Property will act as the data controller, with the client or contractor being the data controller, who has decided to choose this MANAGER because the latter offers sufficient guarantees to apply appropriate technical and organizational measures to the data provided, guaranteeing that the processing commissioned complies with Regulation (EU) 2016/679, on Data Protection (RGPD). In this regard, the person responsible for the treatment will provide data that he has obtained lawfully, and the person in charge of the treatment will undertake the following:
2.1- It will only process the data in accordance with the instructions of the TREATMENT CONTROLLER, and for the purpose of this proposal or contract, not communicating them to any third party, not even for their conservation. The processing of personal data is necessary for the provision of the service. The type of personal data may be data from POS transactions and data derived from them, provided by the CONTROLLER, and the categories of personal data may refer to customers or users (Identification data, contact, mobile phone, the means of payment used and transaction). The treatment operations are: collection, recording, consultation, sending, modification, assignment, conservation, deletion and destruction.
2.2- It undertakes to guarantee that the people who are part of the DATA CONTROLLER’s structure and who process data have agreed to comply with confidentiality rules, and the MANAGER undertakes to adopt the necessary security measures and guarantee the rights of the affected persons, according to the provisions of Art. 32 of the RGPD, having to establish the following measures:
- the pseudonymization and encryption of personal data;
- the capacity to guarantee the confidentiality, integrity, availability and permanent resilience of the treatment systems and services;
- the capacity to restore availability and access to personal data quickly in the event of a physical or technical incident;
- have established a process of regular verification, evaluation and assessment of the efficiency of the technical and organizational measures to guarantee the security of the treatment;
- will make available to the person in charge all the information necessary to demonstrate compliance with the obligations established in the RGPD, as well as to allow and contribute to the performance of audits, including inspections, by the person in charge or another auditor authorized by said person in charge.
- assist the controller, where possible, in order to facilitate the response to the rights exercised by the interested parties and assist him in the compliance with the security measures of Articles 32 and 36 of the GDPR, considering the nature of the processing and the information available to the controller.
- It shall adopt all other requirements of Article 28 of the GDPR.
2.3- Once the contractual provision has been fulfilled, the personal data must be destroyed or returned to the RESPONSIBLE, at their option, which must be stated, unless there is any legal provision requiring its preservation. The data, if any, must be returned in the same way as they were obtained and within two months of the effective completion of the service, and the RESPONSIBLE must not make it difficult to receive it. Whenever responsibilities may arise between the RESPONSIBLE and the RESPONSIBLE, the RESPONSIBLE may keep the data duly blocked. The TREATMENT MANAGER will transfer to the RESPONSIBLE in case of receiving a request for the exercise of rights by a data subject and will do so within three working days of receipt of the request and in the same way that they are usually communicated RESPONSIBLE and RESPONSIBLE, taking preference electronic means. It is not for the RESPONSIBLE to respond to and respond to requests for these rights.
2.4- If the PROCESSOR uses the data for another purpose, communicates or uses them in breach of this contract, he will also be held responsible for the processing. If the TREATMENT MANAGER decides to subcontract all or part of this service, he must have prior written authorization from the CONTROLLER. Once the subcontracting has been authorized, the SUBBENLOADING of the processing must be subject to the same conditions and in the same written form as the RESPONSIBLE, responding to the RESPONSIBLE in case of non-compliance with the SUB-PROCESSOR.
2.5- Professional secrecy is obliged with respect to the personal data subject to the processing and must be kept secret during the processing and after the completion of the processing. It guarantees that the persons authorized to process personal data subject to this contract, have expressly committed themselves to respect the confidentiality and duty of secrecy, commitment that has been documented and is available to the RESPONSIBLE.
2.6- The treatments to which the RESPONSIBLE will access as a result of this contract are all the necessary treatments to comply with the subject matter of the contract. The RESPONSIBLE authorizes the RESPONSIBLE to transfer the data subject to processing that are necessary to the third parties referred to in this agreement or expressly indicated by the RESPONSIBLE, to comply with the provisions of this contract.
In case you are a provider:
Information about data protection. The controller is: ZEST CONSULTANCY, S.L .Personal data will be processed for the purpose of managing suppliers and payments. The criterion established for the retention of your data is the limitation period for actions.
The legal basis of the processing is the contract concluded, compliance with legal obligations, the legitimate interest in the case of contact persons of legal persons.
The recipients of your data are the tax administration and banks, if any.
You have at your disposal the exercise of access rights including the right to obtain a copy of the personal data subject to processing, rectification, opposition, deletion or erasure, portability and limitation of the processing, by writing to the controller at the following address: Paseo de la Castellana 123, Esc. Izq., Piso 6, Puerta B, 28046 Madrid (Spain). The customer service email is email@example.com and the contact telephone number is +34 913 50 65 07. You have the right to lodge a complaint with the supervisory authority.”
In case you are a social media user of this entity:
Information about data protection. Your profile details and all those provided by you become part of a data processing and you will be held as a person interested in our company. You must know and when you become friends or follower of the profile or account of the company that the data you have in open may be processed by us for the purpose of information about it or about services that you can provide. Your data may also be consulted by other members who have become friends or added to this company, with you being the one who can decide your degree of privacy on the social network. The controller is: ZEST CONSULTANCY, S.L The legal basis is consent, which you assume once you have decided to be part of the account, consent that you can revoke at any time. Your data will not be retained once you have decided not to be part of the network, account or profile of this entity. In case you wish to exercise the rights of access including the right to obtain a copy of the personal data subject to processing, rectification, opposition, deletion or erasure where applicable, portability and limitation of the processing, please write to Paseo de la Castellana 123, Esc. Izq., Piso 6, Puerta B, 28046 Madrid. The customer service email is firstname.lastname@example.org and the contact telephone number is +34 913 50 65 07, you have the right to lodge a complaint with the supervisory authority.