🔒 Customize the GDPR notice in Zest

2 min read

🧭 Steps to customize your GDPR notice

1️⃣ Log in to Zest from a computer using a Super Admin account

2️⃣ Click on your first name in the top-right corner of the screen

3️⃣ Select Back Office

4️⃣ Go to Global settings

5️⃣ In the General tab, scroll down to the GDPR section

You will find two customizable fields:

  • 📨 GDPR / DPO contact email: the address your employees can use to submit their requests (access, rectification, deletion, objection, etc.)
  • 📝 Custom text: a short paragraph explaining your company’s legitimate interest in using Zest to process personal data

    ✏️ Example of customization

    “We use Zest to foster collaboration and well-being at work, by measuring employee engagement and continuously managing our HR initiatives.”

    💬 This text will be displayed in the GDPR notice that each employee validates during their first login to Zest.

📄 Reminder of the GDPR notice content

The GDPR notice shown to users is based on Zest’s general GDPR framework, which is compliant with the General Data Protection Regulation (GDPR).

It includes:

  • The role of the company (data controller) and of Zest (data processor)
  • The legal basis: the employer’s legitimate interest
  • The data processing duration (limited to the duration of the contract)
  • User rights: access, rectification, erasure, restriction, objection
  • The company’s DPO / GDPR contact email
  • The right to lodge a complaint with the relevant Data Protection Authority

🧩 This notice is automatically generated and enriched with your customized information to reflect your internal policy.

✅ Validation and accessibility

  • Each user must accept the GDPR notice during their first login to Zest
  • The notice remains accessible at any time from the user profile:

Profile → Settings → Personal data → View details

💡 Best practices

⚙️ Zest tip: use the custom text field to clearly and transparently explain the purpose of your use of Zest.

Examples:

  • “To measure employee well-being and engagement.”
  • “To foster recognition and collaboration across teams.”
  • “To support professional development and collective performance.”

🔐 Go further

👉 Consult the official document “Zest GDPR General Framework” to learn more about:

  • The responsibilities of the Client (data controller) and Zest (data processor)
  • Data storage and security measures (OVH hosting, France, ISO 27001, SOC 1 & SOC 2 certified)
  • Data retention periods (up to 60 days after contract termination)
  • The contact details of Zest’s Data Protection Officer
Did this answer your question?