Legitimate Interest Assessment for Free Tier

Last Updated: Feb 16, 2026

Legitimate Interest Assessment

ZEAL IO LIMITED

LEGITIMATE INTEREST ASSESSMENT

Free Tier Value-Added Services

Document Property	Value
Document Reference:	ZEAL-LIA-FREETIER-001
Version:	1.1 (REVISED)
Classification:	CONFIDENTIAL - LEGAL PRIVILEGED
Assessment Date:	January 2026
Next Review:	January 2027 (or upon material change)
Prepared By:	Data Protection Officer
Approved By:	[Chief Legal Officer / Board]

UK GDPR Article 6(1)(f) Compliance Assessment
This document constitutes Zeal IO Limited's formal Legitimate Interest Assessment for the processing of personal data in connection with Free Tier Value-Added Services deployed via the B2B2C payment terminal ecosystem.

REVISION NOTES (Version 1.1)

This revised version incorporates critical updates following comprehensive legal review of Zeal's PSP Authorization Agreement, Merchant Terms of Service, and Data Processing Addendum completed in January 2026:

Section 9.1.1: Terminal screen notifications replaced with email-based notification mechanism (terminal notifications not technically feasible; email provides superior transparency)
Section 6.5.1: Updated merchant opt-out mechanisms to align with PSP Agreement Section 7.1(f) (dedicated opt-out portal at getzeal.io/optout, optout@getzeal.io email address)
Section 6.5.2: Updated opt-out processing timeline to align with PSP Agreement Section 7.1(f)(iv) (5 Business Days to cease collection, 30 days to delete data)
Section 7.5.2: Updated consumer contact details (primary contact: privacy@getzeal.io, secondary: dpo@getzeal.io)
Section 9.1.2: Distinguished Free Tier (recommended signage) vs Paid Tier (mandatory consumer signage per Merchant ToS and PSP Agreement Section 8.5)
Section 9.1.3: Added cross-merchant identification Privacy Policy disclosure requirements for Paid Tier services
Section 9.2.3: Clarified Free Tier (no cross-merchant tracking, covered by this LIA) vs Paid Tier cross-merchant identification (consumer consent-based, NOT covered by this LIA)
Section 10.2: Updated conditions for validity to reflect email notification requirement and Joint Controller Arrangement Notice publication requirement

1. EXECUTIVE SUMMARY

1.1 Purpose of This Assessment

This Legitimate Interest Assessment (LIA) evaluates whether Zeal IO Limited ('Zeal') may lawfully rely on the legitimate interests legal basis under Article 6(1)(f) of the UK General Data Protection Regulation (UK GDPR) for processing personal data in connection with its Free Tier Value-Added Services.

The assessment follows the three-part test established by the Information Commissioner's Office (ICO) and addresses the specific challenges arising from Zeal's B2B2C deployment model, where services are deployed via Payment Service Providers (PSPs) and ZMS Controllers rather than through direct merchant engagement.

1.2 Scope of Processing Activities

This LIA covers all personal data processing activities associated with Free Tier Services, specifically:

Transaction Data Analytics: Processing of transaction amounts, dates, times, and merchant category codes to generate business performance insights for merchants
Token-Based Consumer Recognition: Processing of payment card tokens (not PANs) to identify new versus returning customers for merchant analytics
Terminal-Based Reporting: Display of transaction summaries and business insights on payment terminal screens
Aggregated Analytics Generation: Creation of anonymised benchmarking data from transaction patterns across the merchant network

1.3 Assessment Conclusion

✓ OUTCOME: LEGITIMATE INTEREST BASIS: VALID
Subject to implementation of mandatory safeguards, including email-based merchant notification within 24 hours of deployment.

This assessment concludes that Zeal may rely on legitimate interests as the lawful basis for Free Tier processing, subject to implementation of the transparency mechanisms and safeguards detailed in Section 9. The legitimate interests of merchants in understanding their business performance, combined with Zeal's commercial interest in demonstrating platform value, are not overridden by the rights and freedoms of data subjects when appropriate safeguards are in place.

1.4 Key Findings Summary

Test Component	Finding	Status
Purpose Test	Valid legitimate interests identified for both merchant analytics and Zeal's commercial demonstration purposes	PASS
Necessity Test	Processing is necessary and proportionate; no less intrusive alternative achieves equivalent outcomes	PASS
Balancing Test (Merchants)	Merchant interests aligned with processing purposes; transaction data is merchant's own operational data	PASS
Balancing Test (Consumers)	Limited impact on consumers; tokens are pseudonymised; processing occurs at aggregated level	PASS
Transparency Requirements	Email-based notification within 24 hours with 30-day opt-out period - see mandatory safeguards Section 9.1.1	CONDITIONAL
Opt-Out Mechanism	Robust merchant opt-out mechanism in place; consumer impact mitigated by pseudonymisation	PASS

2. LEGAL FRAMEWORK AND REGULATORY CONTEXT

2.1 Applicable Legal Provisions

2.1.1 UK GDPR Article 6(1)(f)

Article 6(1)(f) of the UK GDPR provides that processing is lawful where:

Article 6(1)(f) - Legitimate Interests
"Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child."

This legal basis requires a three-part assessment: (1) identification of a legitimate interest; (2) demonstration that processing is necessary for that interest; and (3) a balancing test weighing the interest against data subject rights.

2.1.2 ICO Guidance on Legitimate Interests

The ICO's guidance on legitimate interests establishes that controllers must:

Identify a specific legitimate interest (not merely a lawful or beneficial purpose)
Demonstrate that processing is genuinely necessary (not merely convenient)
Consider whether data subjects would reasonably expect the processing
Implement appropriate safeguards to mitigate any identified risks
Provide an easy and effective opt-out mechanism

2.1.3 Recital 47 - B2B Processing

Recital 47 of the UK GDPR provides specific support for B2B processing scenarios:

Recital 47 (Extract)
"The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest... The processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned."

While this recital specifically addresses marketing and fraud prevention, the underlying principle - that business-to-business processing serving genuine commercial purposes may constitute a legitimate interest - supports the processing activities assessed in this LIA.

2.2 Regulatory Enforcement Context

2.2.1 ICO Enforcement Trends (2024-2025)

Recent ICO enforcement actions provide context for assessing legitimate interest claims:

Case	Fine	Key Issue	Relevance to Zeal
Advanced Computer Software (2025)	£3.07M	Inadequate security measures, missing MFA	Security failures override legitimate interest claims
Capita (2024)	£14M	Security failures, slow breach response	Technical safeguards essential to legitimate interest reliance
Clearview AI (2024)	£7.5M	No legitimate interest for facial recognition	Consumer-focused processing requires strong justification
Experian (2020)	£1M (voluntary)	Invisible processing without transparency	B2B2C deployment requires clear transparency mechanisms

⚠ IMPORTANT: The ICO's enforcement approach emphasises that legitimate interest claims must be supported by genuine necessity, appropriate safeguards, and meaningful transparency - not merely asserted as convenient alternatives to consent.

2.2.2 Reasonable Expectations Test

The ICO's 'reasonable expectations' test is central to legitimate interest assessments. Data subjects are more likely to have their interests overridden where:

They would not reasonably expect the processing
They have no direct relationship with the controller
Processing occurs 'invisibly' without their knowledge
They have no practical opportunity to objectThis assessment addresses each of these factors in relation to both merchant and consumer data subjects.

3. DESCRIPTION OF PROCESSING ACTIVITIES

3.1 Overview of Free Tier Services

Zeal's Free Tier Services provide merchants with transaction analytics and business insights delivered through their existing payment terminals. These services are deployed without charge to demonstrate platform value and encourage upgrade to Paid Tier Services.

3.1.1 Service Components

Component	Description	Personal Data Involved
Terminal Dashboard	Real-time display of transaction summaries on terminal screen	Transaction amounts, times (aggregated per merchant)
Business Insights	Daily/weekly performance metrics and trends	Transaction patterns, category breakdowns
New vs Returning Analysis	Identification of repeat customer patterns	Payment card tokens (pseudonymised)
Comparative Benchmarks	Performance relative to anonymised peer group	Aggregated cross-merchant statistics

3.1.2 Technical Architecture

Free Tier Services operate through the following technical flow:

Zeal Software installed on payment terminal via PSP/ZMS Controller authorisation
Transaction data observed post-authorisation (after payment completion)
Token (not PAN) extracted for consumer identification purposes
Transaction metadata transmitted to Zeal Platform via encrypted channel
Analytics generated and displayed on terminal screen
Aggregated/anonymised data retained for benchmarking; identifiable data retained per retention schedule

3.2 Personal Data Categories

3.2.1 Merchant Data

Data Element	Source	Sensitivity	Retention
Merchant legal name	PSP/ZMS Controller upload	Low (B2B)	Duration of service + 7 years
Trading name	PSP/ZMS Controller upload	Low (B2B)	Duration of service + 7 years
Merchant ID (MID)	PSP/ZMS Controller upload	Low (identifier)	Duration of service + 7 years
Terminal ID (TID)	PSP/ZMS Controller upload	Low (identifier)	Duration of service + 7 years
Business contact email	PSP/ZMS Controller upload	Medium (personal)	Duration of service + 7 years
Business contact phone	PSP/ZMS Controller upload	Medium (personal)	Duration of service + 7 years
Merchant Category Code	PSP/ZMS Controller upload	Low (classification)	Duration of service + 7 years

3.2.2 Transaction Data

Data Element	Source	Sensitivity	Retention
Transaction amount	Terminal observation	Medium (financial)	36 months then anonymised
Transaction date/time	Terminal observation	Low	36 months then anonymised
Payment card token	Terminal observation	Medium (pseudonymised)	36 months then deleted
Card scheme indicator	Terminal observation	Low	36 months then anonymised
Transaction outcome	Terminal observation	Low	36 months then anonymised

3.2.3 Consumer Data

🔴 CRITICAL
Zeal does NOT collect consumer names, contact details, addresses, or any directly identifiable consumer information through Free Tier Services. Consumer recognition is based solely on pseudonymised payment card tokens.

The only consumer-related data processed is the payment card token, which:

Is a surrogate value that cannot be reversed to obtain the PAN
Is used solely to identify repeat visits (new vs returning customer analytics)
Cannot be used to identify the consumer's name, address, or contact details
Is not shared with merchants in identifiable form

3.3 Data Subjects

This LIA addresses the interests of the following categories of data subjects:

Category	Relationship to Zeal	Nature of Processing
Merchant Representatives	Indirect (via PSP)	Business contact data for service delivery
Consumers	None (no direct relationship)	Pseudonymised tokens for repeat visit analysis

3.4 The B2B2C Deployment Model

3.4.1 How Deployment Works

Zeal's Free Tier Services are deployed through a B2B2C (Business-to-Business-to-Consumer) model:

PSP Authorisation: A Payment Service Provider executes a PSP Authorisation Agreement with Zeal, granting Zeal permission to deploy software on terminals within the PSP's merchant network
ZMS Controller Deployment: Where applicable, a ZMS Controller (terminal management company) uploads merchant data and facilitates software deployment
Merchant Deployment: Zeal Software is installed on terminals at merchant locations, often as part of a broader terminal software update
Consumer Interaction: Consumers transact at terminals where Zeal Software observes transaction data

3.4.2 Legal Basis Chain

Legal Basis Justification Chain
PSP → Zeal: Contract (PSP Authorisation Agreement)
PSP → Merchant: PSP's existing merchant agreement (containing value-added services provisions)
Zeal → Merchant: Legitimate Interest (merchant's own operational data, processed for merchant benefit) WITH mandatory email notification within 24 hours and 30-day opt-out period (see Section 9.1.1)
Zeal → Consumer: Legitimate Interest (minimal pseudonymised processing, not overriding consumer rights)

⚠ IMPORTANT: The key challenge in this model is that merchants do not actively 'choose' Zeal services before deployment - the PSP authorises deployment on behalf of its merchant network. This LIA addresses whether legitimate interest remains valid in this context by implementing robust email-based transparency and opt-out mechanisms that provide merchants with actual notice and genuine choice.

4. PURPOSE TEST: IDENTIFYING LEGITIMATE INTERESTS

4.1 Framework for the Purpose Test

The first limb of the legitimate interest test requires identification of a specific, real, and genuine legitimate interest. The ICO guidance indicates that a legitimate interest must be:

Lawful (not contrary to any law)
Clearly articulated (not vague or speculative)
Real and present (not hypothetical)
Beneficial to the controller, data subject, or third party

4.2 Zeal's Legitimate Interests

4.2.1 Primary Interest: Demonstrating Platform Value

Zeal has a legitimate commercial interest in:

Legitimate Interest #1
Demonstrating the value of the Zeal Platform to prospective paying customers (merchants) by providing Free Tier analytics services that showcase Zeal's capabilities and encourage upgrade to Paid Tier subscriptions.

This interest is:

Lawful: There is no law prohibiting the provision of free analytics services
Clearly articulated: The interest is specific (convert free users to paid) and measurable
Real and present: Zeal's business model depends on demonstrating platform value
Beneficial: Creates value for Zeal (revenue) and merchants (free analytics)

4.2.2 Secondary Interest: Building Network Effects

Legitimate Interest #2 Building a comprehensive dataset of aggregated, anonymised transaction patterns to improve analytics quality and generate industry benchmarks that benefit all platform participants.

This interest supports Zeal's long-term business sustainability by creating network effects where more data improves service quality for all participants.

4.3 Third-Party Legitimate Interests

4.3.1 Merchant Interest: Understanding Business Performance

Third-Party Legitimate Interest #1 (Merchants) Merchants have a legitimate interest in understanding their business performance through analytics derived from their own transaction data. This includes understanding customer patterns, peak trading periods, average transaction values, and comparative performance.

This interest is central to the legitimate interest justification because:

Transaction data is the merchant's own operational data - they have a natural interest in understanding it
Business intelligence is a standard commercial practice in retail and hospitality sectors
Analytics help merchants make better business decisions (staffing, inventory, marketing)
Free access to analytics that would otherwise require expensive software or consultancy

4.3.2 PSP Interest: Enhancing Merchant Relationships

Third-Party Legitimate Interest #2 (PSPs) Payment Service Providers have a legitimate interest in enhancing their service offering to merchants, reducing merchant churn, and generating new revenue streams through value-added services partnerships.

PSPs increasingly compete on service quality rather than price alone. Offering analytics services through partners like Zeal helps PSPs differentiate their offering and strengthen merchant relationships.

4.4 Purpose Test Outcome

Criterion	Assessment	Outcome
Purpose Test	Multiple legitimate interests identified: (1) Zeal's commercial interest in demonstrating platform value; (2) Zeal's interest in building network effects; (3) Merchants' interest in understanding their business; (4) PSPs' interest in enhancing merchant relationships. All interests are lawful, clearly articulated, real, and beneficial.	PASS

5. NECESSITY TEST: IS PROCESSING NECESSARY?

5.1 Framework for the Necessity Test

The second limb of the legitimate interest test requires demonstration that the processing is 'necessary' for the identified purpose. The ICO guidance clarifies that 'necessary' means more than merely convenient but does not require that processing be absolutely essential. The test is whether processing is a reasonable and proportionate way to achieve the identified interest.

Key questions in the necessity test include:

Is there a less intrusive way to achieve the same purpose?
Is the scope of processing proportionate to the purpose?
Is processing the minimum required to achieve the purpose?

5.2 Assessment by Data Element

5.2.1 Transaction Amounts

Question	Answer
Why is this data necessary?	To calculate average transaction values, daily/weekly revenue trends, and performance metrics
Could the purpose be achieved without it?	No - transaction value analytics cannot exist without transaction amounts
Is processing proportionate?	Yes - amounts are aggregated and reported at summary level, not individual transaction level
Less intrusive alternative?	None identified - even sampling would require processing actual amounts

Criterion	Assessment	Outcome
Transaction Amounts	Necessary and proportionate for business analytics purpose	PASS

5.2.2 Transaction Dates and Times

Question	Answer
Why is this data necessary?	To identify peak trading periods, day-of-week patterns, seasonal trends
Could the purpose be achieved without it?	No - time-based analytics require temporal data
Is processing proportionate?	Yes - used to generate aggregated patterns, not track individual transactions
Less intrusive alternative?	None identified for genuine time-based analytics

Criterion	Assessment	Outcome
Transaction Dates/Times	Necessary and proportionate for temporal analytics	PASS

5.2.3 Payment Card Tokens

🔴 CRITICAL
Token processing is the most sensitive element of Free Tier processing and requires careful justification.

Question	Answer
Why is this data necessary?	To identify new vs returning customers - a key business metric for retail analytics
Could the purpose be achieved without it?	No - without a unique identifier, repeat visits cannot be distinguished from new customers
Is processing proportionate?	Yes - tokens are pseudonymised; Zeal cannot identify individuals; used only for aggregate metrics
Less intrusive alternative?	Tokens are ALREADY the less intrusive alternative to PANs. Further reduction not possible without losing functionality.

Additional justification for token processing:

Tokens are pseudonymised identifiers - they cannot be reversed to obtain the PAN
Zeal cannot use tokens to identify consumer names, addresses, or contact details
Tokens are used solely to generate aggregate metrics (e.g., '35% returning customers')
Individual token-level data is not shared with merchants - only percentages and trends
Token processing represents standard practice in retail analytics (Square, Stripe, SumUp all offer similar features)

Criterion	Assessment	Outcome
Payment Card Tokens	Necessary for new/returning customer analytics; proportionate due to pseudonymisation and aggregate-only reporting	PASS

5.2.4 Merchant Contact Details

Question	Answer
Why is this data necessary?	To deliver service notifications, account management, and support
Could the purpose be achieved without it?	Partially - terminal-based services could work, but support/notifications require contact details
Is processing proportionate?	Yes - limited to business contact details; no processing of personal (home) contact information
Less intrusive alternative?	Terminal-only communication would be more intrusive (interrupting business operations)

Criterion	Assessment	Outcome
Merchant Contact Details	Necessary for service delivery; proportionate to B2B context	PASS

5.3 Consideration of Alternatives

5.3.1 Alternative: Consent-Based Processing

Could Zeal rely on consent instead of legitimate interest?

Consideration	Analysis
Merchant consent	Impractical in B2B2C model - merchants don't actively engage pre-deployment; requiring affirmative consent would prevent platform demonstration purpose
Consumer consent	Impossible - Zeal has no relationship with consumers; cannot obtain consent at transaction time without disrupting payment flow
Validity of consent	Even if obtainable, consent could be withdrawn, creating data gaps that undermine analytics quality

Conclusion: Consent is not a viable alternative to legitimate interest for Free Tier Services.

5.3.2 Alternative: Contract-Based Processing

Could Zeal rely on contract performance as the legal basis?

Consideration	Analysis
Merchant contract	No contract exists with merchants at Free Tier stage - that is the entire point of the free demonstration model
PSP contract	PSP Authorisation Agreement exists, but merchants are not party to it; cannot extend contractual basis to merchant/consumer data
Indirect contractual relationship	ICO guidance does not support using indirect contractual chains as legal basis for processing third-party data

Conclusion: Contract is not a viable alternative as there is no direct contract with the relevant data subjects (merchants and consumers).

5.3.3 Alternative: Anonymised-Only Processing

Could Zeal achieve its purposes using only anonymised data?

Consideration	Analysis
Initial collection	To anonymise data, it must first be collected in identifiable form - the collection itself is processing requiring legal basis
New vs returning analytics	Impossible without token or other identifier - anonymised transactions cannot distinguish repeat visits
Merchant-level reporting	Impossible without merchant identifiers - cannot attribute transactions to specific businesses
Real-time dashboard	Impossible - terminal must know which merchant to display data for

Conclusion: Fully anonymised processing would not achieve any of the identified legitimate interests. The processing Zeal conducts is already the minimum necessary.

5.4 Necessity Test Outcome

Criterion	Assessment	Outcome
Necessity Test	Processing of transaction data (amounts, times), payment tokens, and merchant data is necessary and proportionate to achieve the identified legitimate interests. No less intrusive alternative exists that would achieve equivalent outcomes. Processing scope is limited to what is required for analytics generation.	PASS

6. BALANCING TEST: MERCHANT DATA SUBJECTS

6.1 Framework for Balancing

The third limb of the legitimate interest test requires balancing the identified interests against the rights and freedoms of data subjects. This section assesses the balance in relation to merchant data subjects (specifically, merchant representatives whose business contact details are processed).

The balancing test considers:

Nature and source of the relevant interest and the impact on the data subject
Reasonable expectations of the data subject
Status of the data subject (vulnerable individuals, children)
Whether an opt-out mechanism is available
What safeguards can mitigate any negative impact

6.2 Nature of Processing and Impact

6.2.1 Type of Data Processed

For merchant data subjects, Zeal processes:

Business contact details (email, phone): Used for service notifications and support
Business identifiers (MID, TID): Used to attribute analytics to correct business
Transaction data: Merchant's own operational data, processed for merchant benefitThis is business-context data, not sensitive personal information. The merchant representatives are data subjects in their professional capacity only.

6.2.2 Impact Assessment

Impact Factor	Assessment	Severity
Privacy intrusion	Minimal - processing limited to business context; no private life information	Low
Security risk	Low - business contact details widely available; robust security measures in place	Low
Financial impact	None - Free Tier Services are provided at no cost	None
Reputational impact	None - data not shared externally; used only for service delivery	None
Decision-making impact	Positive - analytics enable better business decisions	Beneficial

6.3 Reasonable Expectations

6.3.1 What Would Merchants Reasonably Expect?

Assessment of merchant expectations:

Expectation Factor	Analysis
PSP relationship context	Merchants expect their PSP to offer value-added services; payment platform partnerships are common
Industry practice	Transaction analytics are standard offerings from payment providers (Square, Stripe, SumUp, Toast)
Nature of data	Transaction data is the merchant's own operational data - they expect it to be used for their benefit
Existing disclosures	PSP merchant agreements typically permit value-added services and service provider sharing

✓ OUTCOME: Merchants would reasonably expect their transaction data to be used for analytics purposes, particularly when such analytics are provided for their benefit at no cost.

6.3.2 B2B2C Model Considerations

⚠ IMPORTANT: The B2B2C deployment model creates a gap between expectations and reality: merchants receive Zeal services without actively choosing them. However, this is mitigated by: (1) the beneficial nature of the service; (2) the low-risk nature of the data; (3) the robust opt-out mechanism.

The key question is whether merchants would object to receiving free analytics services. The evidence suggests they would not:

Free Tier conversion rates demonstrate merchant appreciation of analytics value
Low opt-out rates indicate merchant acceptance of the service
Competitor services (Square Capital analytics, Stripe Radar insights) operate similarly

6.4 Data Subject Status

Merchant representatives are:

Adults acting in professional/business capacity
Not in a vulnerable position relative to Zeal
Sophisticated business users who understand transaction data
Able to exercise opt-out rights effectivelyNo special protection considerations apply.

6.5 Opt-Out Mechanism

6.5.1 Merchant Opt-Out Options

Merchants may opt out of Zeal Free Tier Services through multiple mechanisms per PSP Authorization Agreement Section 7.1(f):

Direct Opt-Out Portal

URL: https://getzeal.io/optout
Mechanism: Web form with MID/TID lookup
Process: Merchant enters Terminal ID or Merchant ID, submits request
Confirmation: Email acknowledgment within 2 Business Days

Email Request

Dedicated opt-out email: optout@getzeal.io
Subject line: "Merchant Opt-Out Request"
Required info: Business name, MID/TID, contact email
Confirmation: Email acknowledgment within 2 Business Days

PSP Request

Contact: Merchant contacts their PSP/acquirer to request Zeal opt-out
PSP obligation: PSP must notify Zeal within 5 Business Days (per PSP Agreement Section 7.1(f)(vi))
Zeal processing: Same timeline as direct requests

6.5.2 Opt-Out Processing

When a merchant submits an opt-out request via any mechanism in Section 6.5.1, Zeal processes as follows per PSP Agreement Section 7.1(f)(iv):

Step	Timeframe	Action
Acknowledge	Within 2 Business Days	Confirm receipt of opt-out request via email to merchant
Cease Collection	Within 5 Business Days	Stop collecting new Transaction Data from merchant's terminal(s); Zeal Software ceases data transmission to Zeal Platform
Data Deletion	Within 30 days	Delete or anonymize previously collected Personal Data (except where retention required by law or for legitimate business purposes - maximum retention 12 months from opt-out date)
Confirm Completion	Within 2 Business Days of processing	Send email confirmation of opt-out completion to merchant, confirming: (1) data collection stopped, (2) data deletion completed (or retention justification if applicable), (3) Free Tier access terminated

Key Points:

✓ 5-Day Opt-Out: The 5 Business Day opt-out processing timeline (faster than 30-day standard) demonstrates Zeal's commitment to merchant choice

✓ 30 days to delete data: Standard under UK GDPR Article 17

✓ Clear communication at each stage: Merchant always informed

✓ Payment processing completely unaffected: Zeal is separate from payment authorization

✓ Records maintained: Zeal logs all opt-out requests, processing dates, and completion confirmations for audit purposes (retention: Agreement duration + 6 years)

6.6 Safeguards

The following safeguards protect merchant interests:

Transparency: Privacy notices explain Zeal's data processing
Data minimisation: Only business-context data processed
Security: Technical measures per DPA Annex 2 (encryption, access controls, monitoring)
Retention limits: Data retained only as long as necessary
No external sharing: Merchant data not shared with third parties for marketing
Non-competition covenant: Zeal contractually prohibited from using data to compete with PSPs

6.7 Merchant Balancing Outcome

Criterion	Assessment	Outcome
Merchant Balancing Test	The legitimate interests of Zeal and merchants are not overridden by merchant data subjects' rights. Merchants receive tangible benefits (free analytics), processing is limited to business context, robust opt-out exists, and appropriate safeguards are in place. The B2B2C deployment model is adequately addressed by email-based transparency mechanisms.	PASS

7. BALANCING TEST: CONSUMER DATA SUBJECTS

7.1 Special Considerations for Consumers

Consumer data subjects require separate analysis because:

They have no direct relationship with Zeal
They may not be aware that Zeal processes any data about them
They have no practical opportunity to object before processing
They may include individuals acting in personal capacity (not business)These factors create a higher bar for legitimate interest justification.

7.2 Nature of Consumer Data Processing

7.2.1 What Consumer Data Is Processed

🔴 CRITICAL Zeal processes ONLY payment card tokens for consumer-related analytics. No consumer names, addresses, contact details, or other directly identifying information is processed.

Token characteristics:

Pseudonymised: Token is a surrogate value that replaces the PAN
Non-reversible: Zeal cannot derive the PAN from the token
Non-identifying: Zeal cannot use the token to identify consumer name or contact details
Limited linkability: Token links transactions at the same merchant only (cross-merchant linking not performed for Free Tier)

7.2.2 Purpose of Token Processing

Tokens are processed solely to:

Calculate new vs returning customer percentages for merchant analytics
Generate customer visit frequency distributions
Identify patterns in repeat customer behaviour (aggregate level)Individual token-level data is NOT shared with merchants. Merchants receive only aggregate statistics (e.g., '35% returning customers', 'average visit frequency 2.3x per month').

7.3 Impact Assessment for Consumers

Impact Factor	Assessment	Severity
Privacy intrusion	Minimal - no identifying information collected; pseudonymised tokens only	Low
Profiling concern	Low - no individual profiling; data used only for aggregate statistics	Low
Cross-context tracking	None for Free Tier - tokens not linked across different merchants	None
Financial impact	None - processing has no effect on consumer finances or creditworthiness	None
Decision-making impact	None - no automated decisions made about individual consumers	None
Security risk	Low - even if breached, tokens cannot be used to identify or contact consumers	Low

7.4 Reasonable Expectations of Consumers

7.4.1 What Would Consumers Expect?

Assessment of consumer expectations:

Factor	Analysis
Payment context	Consumers understand that payment transactions generate data
Retail analytics	General awareness that retailers analyse customer patterns
Loyalty programmes	Familiarity with businesses tracking repeat visits for loyalty purposes
Invisible processing	May NOT expect third-party (Zeal) involvement in analytics generation

⚠ IMPORTANT: The 'invisible processing' concern is the primary challenge for consumer legitimate interest. Consumers transacting at a terminal would not necessarily expect Zeal (as opposed to the merchant or their bank) to observe the transaction.

7.4.2 Mitigating the Expectations Gap

The expectations gap is mitigated by:

Data Minimisation: Only pseudonymised tokens processed - no identifying information
Aggregate Use Only: Individual consumer data not used for marketing, decisions, or profiling
Merchant Benefit: Processing serves to help the merchant understand their business - indirect consumer benefit through better service
Transparency Measures: Terminal notification, merchant signage, privacy policy disclosure (see Section 9)
Industry Standard: Similar processing occurs across payment ecosystem (Square, Stripe, SumUp, Toast)

7.5 Consumer Opt-Out Considerations

7.5.1 Practical Challenges

Consumer opt-out presents practical challenges:

No direct relationship: Zeal has no way to identify or contact individual consumers
Transaction flow: Interrupting payment for opt-out request would be disruptive
Token-based: Cannot exclude specific tokens without identifying the consumer

7.5.2 Available Consumer Rights

Despite practical challenges in providing consumer opt-out for Free Tier Services (no direct relationship with consumers, token-based processing), consumers may exercise their UK GDPR rights:

Contact Zeal's Privacy Team:

Primary contact: privacy@getzeal.io (for all data subject requests, access, deletion, information requests)
Post: Zeal IO Limited, Data Protection Officer, 85 Great Portland Street, First Floor, London, W1W 7LT, UKContact Zeal's DPO (escalation):
Email: dpo@getzeal.io (for complaints about data processing, escalation of unresolved requests)Available Rights:

✓ Right to Information (Article 13/14): Request information about what data Zeal processes about them (though Free Tier processes only pseudonymised tokens, not identifiable consumer data)

✓ Right to Access (Article 15): Request confirmation of whether Zeal holds any identifiable data about them (Zeal will confirm that Free Tier processes only tokens which cannot identify individuals)

✓ Right to Erasure (Article 17): Request deletion of any identifiable data (requires consumer to identify themselves and provide evidence linking them to specific token - technically challenging but Zeal will process in good faith)

7.5.3 Why Limited Opt-Out Is Acceptable

The limited consumer opt-out is acceptable because:

Processing is minimal (pseudonymised tokens only)
Impact on consumers is negligible (no individual decisions or marketing)
Alternative payment methods remain available (cash)
Data subject rights (access, erasure) remain exercisable via DPO
Processing benefits society through better merchant services

7.6 Consumer Status Considerations

Consumer status assessment:

Adults: Most consumers transacting at payment terminals are adults
Children: Possible that some transactions involve children's cards or children making purchases
Vulnerable individuals: No way to identify vulnerability from token alone

7.6.1 Child Data Protection

Article 6(1)(f) requires 'particular' protection for children. Zeal's processing is low-risk for children because:

No age-based profiling or targeting occurs
No marketing to individual consumers (including children)
No decisions made about individual children
Token processing is age-agnostic
Aggregate statistics do not identify or affect individual children

7.7 Safeguards for Consumers

The following safeguards specifically protect consumer interests:

Safeguard	Implementation	Consumer Benefit
Pseudonymisation	Tokens used instead of PANs or consumer identifiers	Cannot be identified from Zeal data
Aggregate reporting	Only percentages/statistics shared with merchants	Individual behaviour not exposed
No cross-merchant tracking	Free Tier does not link tokens across different merchants	Limited profiling capability
Data minimisation	Only transaction metadata collected; no consumer profile data	Minimal data footprint
Retention limits	Tokens retained 36 months then deleted	Data not held indefinitely
Security measures	Encryption, access controls per DPA Annex 2	Protected from breach
Transparency	Privacy Policy discloses consumer data processing	Right to be informed respected
DPO access	Consumers may contact DPO to exercise rights	Data subject rights preserved

7.8 Consumer Balancing Outcome

Criterion	Assessment	Outcome
Consumer Balancing Test	The legitimate interests of Zeal and merchants are not overridden by consumer data subjects' rights. Consumer data processing is limited to pseudonymised tokens used only for aggregate analytics. Individual consumers are not identified, profiled, marketed to, or subject to automated decisions. Practical opt-out limitations are offset by minimal processing impact and preserved data subject rights.	PASS

8. ICO GUIDANCE COMPLIANCE ANALYSIS

8.1 ICO Three-Part Test Summary

8.2 ICO Checklist: Can We Apply Legitimate Interests?

The ICO provides a checklist for assessing legitimate interests. Below is Zeal's self-assessment:

8.2.1 Purpose Test Checklist

ICO Question	Zeal Response
Have you identified a legitimate interest?	Yes - commercial interest in demonstrating platform value; third-party interest (merchants) in understanding business performance
Are you pursuing that interest, or is a third party?	Both - Zeal pursues commercial demonstration interest; merchants pursue business understanding interest
Are those interests recognised under UK GDPR?	Yes - commercial interests and third-party beneficiary interests are recognised in Recital 47
Is your legitimate interest vague, speculative, or too general?	No - interests are specific (platform demonstration, business analytics) and measurable

8.2.2 Necessity Test Checklist

ICO Question	Zeal Response
Is the processing actually necessary for your purpose?	Yes - analytics require transaction data; new/returning analysis requires tokens
Is the processing proportionate to the aims you want to achieve?	Yes - only minimum necessary data processed; aggregate reporting only
Can you achieve your purpose in another way?	No - consent impractical in B2B2C model; anonymisation would prevent analytics
Have you considered a less intrusive way?	Yes - tokens are already less intrusive than PANs; processing scope is minimised

8.2.3 Balancing Test Checklist

ICO Question	Zeal Response
What is the nature of your relationship with the individual?	Merchants: Indirect via PSP. Consumers: No relationship
Is any of the data particularly sensitive or private?	No special category data. Tokens are pseudonymised. Business context only for merchants
Would people expect you to use their data this way?	Merchants: Yes (industry standard). Consumers: Possibly not - mitigated by transparency measures
Are you happy to explain it to them?	Yes - Privacy Policy, email notifications, and merchant signage explain processing
Are some people likely to object or find it intrusive?	Some may object - opt-out mechanism available for merchants; minimal impact on consumers
What is the possible impact on the individual?	Minimal - no adverse decisions, no marketing to individuals, no profiling for discrimination
Are you processing children's data?	Possibly - but processing is age-agnostic; no child-specific impact
Are any of the individuals vulnerable?	No means to identify vulnerability; processing applies equally regardless of status
Can you adopt any safeguards to minimise the impact?	Yes - pseudonymisation, aggregation, retention limits, security measures, transparency

8.3 ICO Sector-Specific Considerations

8.3.1 Financial Services Context

The ICO's approach to financial services data processing acknowledges:

Transaction data processing is inherent to payment services
Fraud prevention and analytics are recognised legitimate interests
B2B data processing in financial services carries lower risk than consumer-focused processingZeal's processing aligns with these sector norms while implementing additional safeguards.

8.3.2 Retail Analytics Context

The retail analytics industry operates on similar data processing models:

Footfall analytics (video-based counting): Processes more intrusive data than Zeal
Wi-Fi analytics: Tracks device identifiers with less pseudonymisation than Zeal
Loyalty card analytics: Collects more personal information than Zeal's token-based approachZeal's processing is less intrusive than many established retail analytics practices.

9. MANDATORY SAFEGUARDS AND IMPLEMENTATION REQUIREMENTS

🔴 CRITICAL This section sets out the safeguards that MUST be implemented to support the legitimate interest legal basis. Failure to implement these safeguards may invalidate the legitimate interest claim.

9.1 Transparency Requirements

9.1.1 Merchant Email Notification (MANDATORY)

🔴 CRITICAL This section sets out the PRIMARY transparency safeguard supporting the legitimate interest legal basis. Failure to implement email notification as specified will INVALIDATE the legitimate interest claim.

Technical Context:

Terminal screen notifications (as specified in LIA v1.0) are NOT technically feasible given Zeal's deployment architecture. Zeal Software operates as background middleware on payment terminals and cannot control terminal UI during idle periods without:

Displacing PSP/acquirer branding and notifications (contractually prohibited)
Interfering with merchant-facing terminal apps (e.g., till systems, inventory management)
Requiring custom terminal hardware/software configurations (not scalable across diverse terminal estate)However, email-based notification is SUPERIOR to terminal screen displays for transparency purposes because it provides a permanent record, enables merchant response/opt-out, and reaches the business decision-maker directly.

Requirement: 24-Hour Email Notification to Merchants

To address the ICO's 'invisible processing' concern and provide merchants with genuine opportunity to object under Article 21 UK GDPR, Zeal MUST implement email-based notification per PSP Authorization Agreement Section 7.1(f):

Email Delivery Requirements:

Requirement	Specification
Timing	Within 24 hours of Zeal Software activation on merchant's terminal(s)
Recipient	Merchant business email address (as provided in Merchant Data upload)
Sender	Zeal Notifications <noreply@getzeal.io>
Subject Line	Zeal Business Analytics Activated on Your Payment Terminal(s)
Format	HTML email with plain text fallback; mobile-responsive design
Delivery Confirmation	Track email delivery status; re-attempt failed deliveries up to 3 times over 72 hours

Mandatory Email Content:

✓ Clear identification of Zeal as the service provider

✓ Explanation of what services have been activated (Free Tier analytics)

✓ Description of what data is collected (transaction amounts, times, card tokens)

✓ Purpose of data processing (business analytics for merchant benefit)

✓ Prominent opt-out instructions with direct link to getzeal.io/optout

✓ Contact information for questions (support@getzeal.io)

✓ Link to full Privacy Policy (getzeal.io/privacy)

✓ Statement that payment processing is unaffected

✓ 30-day window to opt out before processing begins (or confirmation that merchant can opt out at any time with 5 Business Day processing)

Why Email Notification is Superior to Terminal Notifications:

Factor	Terminal Notification	Email Notification
Reaches decision-maker	No (terminal may be used by employees)	Yes (sent to business email)
Permanent record	No (disappears after display)	Yes (email can be saved/referenced)
Enables response	No (one-way display only)	Yes (reply or click opt-out link)
Proves delivery	Difficult to evidence	Delivery tracking available
Actionable opt-out	Requires separate action	One-click opt-out link
Regulatory preference	Not specified	ICO guidance favours written notice

9.1.2 Point-of-Sale Consumer Privacy Signage

Requirement Distinction: Free Tier vs Paid Tier

The signage requirements differ significantly between Free Tier (merchant analytics only) and Paid Tier (consumer-facing loyalty programs):

For FREE TIER Services (Merchant Analytics Only):

Status: RECOMMENDED (not mandatory)

Rationale: Free Tier processes only pseudonymised payment card tokens for aggregate analytics. Consumers are not directly impacted (no marketing, no profiling, no individual decisions). Article 13 UK GDPR requires privacy information to be provided to data subjects, but the minimal and pseudonymised nature of Free Tier processing means consumer-facing signage is recommended best practice rather than legal necessity.

Recommended Implementation:

Zeal provides free template signage to PSPs for distribution to Free Tier merchants
Template text: "This terminal uses Zeal for business analytics. Privacy: getzeal.io/privacy"
Formats: Printable PDF (A5 counter sign, window sticker)
Distribution: PSP includes in merchant onboarding materials or terminal deployment kits
Merchant discretion: Merchants may choose to display or not display (Zeal encourages but does not mandate)For PAID TIER Services (Consumer Loyalty Programs):

Status: MANDATORY (per Merchant Terms of Service Section 8.3 and PSP Agreement Section 8.5)

Rationale: Paid Tier services involve consumer-facing loyalty programs where consumers actively provide personal data (phone numbers) and receive marketing communications. This requires explicit consumer-facing transparency under both UK GDPR Article 13 and PECR.

Mandatory Implementation:

Merchants MUST display Zeal-provided signage at point of sale
Signage MUST be visible to consumers before they enter phone number
Signage MUST include: Zeal branding, data collection statement, privacy policy link, opt-out information
Zeal provides signage in multiple formats: counter cards, window decals, terminal stickers
Compliance verified: Zeal may audit merchant signage compliance

9.1.3 Privacy Policy Requirements (MANDATORY)

Zeal's Privacy Policy must clearly disclose:

That Zeal processes transaction data from payment terminals
The categories of data collected (transaction amounts, times, tokens)
The purposes of processing (analytics, new vs returning analysis)
The legal basis (legitimate interest with reference to this LIA)
Data subject rights and how to exercise them
Contact details for the DPOAdditional Privacy Policy Disclosures (MANDATORY for Paid Tier Services):

For Paid Tier Services involving cross-merchant consumer identification, Zeal's Consumer Privacy Policy (getzeal.io/privacy) MUST disclose:

✓ Cross-Merchant Recognition: That consumers who provide phone numbers will be recognized across multiple Zeal-powered merchants (not just the merchant where they first enrolled)

✓ Card Token Linkage: That payment card tokens are linked to phone numbers to create a unified consumer identity for cross-merchant loyalty program participation

✓ Independent Controller Status: That Zeal acts as INDEPENDENT controller (not joint controller) for the cross-merchant identification infrastructure, based on consumer consent (Article 6(1)(a) UK GDPR) obtained at the point of phone number entry

✓ Merchant Data Separation: That each merchant's loyalty program operates independently - Merchant A cannot see transaction data or loyalty data from Merchant B (data sharing prohibited unless consumer consents to specific cross-promotional campaign)

✓ Consumer Control Mechanisms: That consumers can manage cross-merchant identification at getzeal.io/account, including: viewing all linked loyalty programs, unlinking card tokens, deleting phone number linkage, deleting entire Zeal account (removes from all programs)

9.2 Data Minimisation Requirements

9.2.1 Token-Only Processing (MANDATORY)

Requirement: No PAN Processing Zeal must NOT process Primary Account Numbers (PANs) for Free Tier Services. Only tokens may be processed for consumer recognition purposes. This requirement must be technically enforced at the terminal software level.

Technical implementation:

Terminal software must extract tokens, not PANs, from transaction data
Technical controls must prevent PAN transmission to Zeal Platform
Regular audits must verify no PAN storage in Zeal systems

9.2.2 Aggregate Reporting Only (MANDATORY)

Requirement: No Individual-Level Consumer Data Sharing Zeal must NOT share individual consumer token data with merchants. Merchants may receive only aggregate statistics (percentages, distributions, trends). This requirement must be enforced in all reporting and dashboard functionality.

9.2.3 No Cross-Merchant Tracking for Free Tier (MANDATORY)

Requirement: Merchant-Scoped Token Processing for Free Tier For FREE TIER SERVICES (covered by this LIA): Zeal MUST NOT link payment card tokens across different merchants to build cross-merchant consumer profiles. Token-based recognition MUST be scoped to individual merchant level only.

Technical Implementation:

Token processing isolated per Merchant ID (MID)
Database queries scoped to single merchant (cannot join across merchant tables)
Analytics calculations performed per merchant independently
'New vs. returning customer' metric applies ONLY to visits at same merchant (not across merchant network)Why This Matters for Legitimate Interest:
Cross-merchant tracking would significantly increase consumer privacy impact
Consumers would not reasonably expect their transactions at Merchant A to inform analytics at Merchant B
Cross-merchant profiling would require stronger lawful basis (consent, not legitimate interest)
This limitation keeps Free Tier processing proportionate and within reasonable expectationsFor PAID TIER Services (NOT covered by this LIA):

Cross-merchant identification IS permitted for Paid Tier services, but operates under CONSUMER CONSENT (Article 6(1)(a) UK GDPR), not legitimate interest. When consumers provide their phone number to join a loyalty program, they consent to cross-merchant recognition. This consent-based processing is documented separately in Zeal's Consumer Privacy Policy and DPA Section 2.3(a), and is NOT covered by this Legitimate Interest Assessment.

9.3 Security Requirements

9.3.1 Technical Security Measures (MANDATORY)

The following security measures must be implemented and maintained:

Measure	Requirement	Verification
Encryption in transit	TLS 1.2 minimum (TLS 1.3 preferred)	Annual penetration test
Encryption at rest	AES-256 for all personal data	Annual security audit
Access control	MFA for all administrative access	Quarterly access review
Logging	All data access logged and retained 12 months	Monthly log review
Incident response	Documented plan tested annually	Tabletop exercise annually

9.3.2 Organisational Security Measures (MANDATORY)

The following organisational measures must be implemented:

Security awareness training for all staff (annual minimum)
Background checks for personnel with access to personal data
Confidentiality agreements for all staff and contractors
Prompt access revocation upon termination

9.4 Data Subject Rights

9.4.1 Merchant Rights (MANDATORY)

Zeal must provide merchants with effective mechanisms to exercise their UK GDPR rights:

Right	Mechanism	Response Timeframe	Notes
Right to Object / Opt-Out (Article 21)	getzeal.io/optout (web), optout@getzeal.io (email), Via PSP, Merchant Portal	5 Business Days to cease collection; 30 days to delete data	Most important right for Free Tier merchants
Right to Access (Article 15)	Email privacy@getzeal.io with subject 'Merchant Data Access Request'	30 days (UK GDPR statutory deadline)	Zeal provides: copy of data, purposes, retention, recipients
Right to Rectification (Article 16)	Merchant Portal (update details) or email privacy@getzeal.io	30 days to correct inaccurate data	Merchants can update name, email, phone. MID/TID cannot change
Right to Erasure (Article 17)	Email privacy@getzeal.io (subject to legal retention)	30 days to delete data not subject to retention	Legal retention may apply: 7 years for financial records
Right to Data Portability (Article 20)	Email privacy@getzeal.io requesting CSV/JSON export	30 days to provide portable data export	No charge if requested once per 12 months
Right to Information (Articles 13/14)	Provided proactively via email notification within 24 hours of deployment	N/A (proactive disclosure)	Information provided automatically

Key Implementation Points:

✓ 5-Day Opt-Out: The 5 Business Day opt-out processing timeline (faster than 30-day standard) demonstrates Zeal's commitment to merchant choice and strengthens legitimate interest position

✓ Free Exercise: All rights exercisable at no cost to merchants (UK GDPR Article 12(5) - no fees unless requests manifestly unfounded or excessive)

✓ Clear Communication: All responses provided in plain language (not legal jargon), with explanations of any retention requirements or limitations

9.4.2 Consumer Rights (MANDATORY)

Zeal must provide consumers with mechanisms to exercise:

Right to access: Confirmation of what data (if any) is held
Right to erasure: Deletion of token data upon identification verification
Right to information: Explanation of processing activitiesConsumer rights requests must be directed to privacy@getzeal.io (primary) or dpo@getzeal.io (escalation) and responded to within statutory timeframes.

9.5 Retention Limits

9.5.1 Data Retention Schedule (MANDATORY)

Data Category	Retention Period	Post-Retention Action
Merchant account data	Duration of service + 7 years	Secure deletion
Transaction analytics	36 months rolling	Anonymisation
Payment card tokens	36 months rolling	Secure deletion (not anonymised)
Aggregated/anonymised data	Indefinite	N/A (no longer personal data)

9.6 Ongoing Compliance

9.6.1 Annual Review (MANDATORY)

This LIA must be reviewed at least annually or upon:

Material change to processing activities
New ICO guidance or enforcement action affecting the assessment
Significant complaint or objection from data subjects
Changes to the B2B2C deployment model

9.6.2 Monitoring and Documentation (MANDATORY)

Zeal must maintain documentation of:

Merchant opt-out requests and processing
Consumer data subject requests and responses
Complaints relating to Free Tier data processing
Security incidents affecting Free Tier data
Changes to safeguard implementation

10. CONCLUSION AND APPROVAL

10.1 Assessment Summary

This Legitimate Interest Assessment has evaluated Zeal IO Limited's reliance on Article 6(1)(f) of the UK GDPR for processing personal data in connection with Free Tier Value-Added Services.

10.1.1 Test Results

Test	Outcome	Key Finding
Purpose Test	PASS	Legitimate interests identified: platform demonstration, merchant benefit, PSP enhancement
Necessity Test	PASS	Processing necessary and proportionate; no less intrusive alternative available
Balancing Test (Merchants)	PASS	Merchant interests aligned; low-risk B2B processing; robust opt-out mechanism
Balancing Test (Consumers)	PASS	Minimal impact; pseudonymised tokens only; aggregate use; appropriate safeguards

10.1.2 Overall Conclusion

✓ OUTCOME: LEGITIMATE INTEREST BASIS: VALID Zeal may rely on legitimate interests as the lawful basis for Free Tier personal data processing, subject to implementation of all mandatory safeguards specified in Section 9, including email notification to merchants within 24 hours of deployment.

10.2 Conditions for Validity

This LIA is valid and Zeal may rely on legitimate interest as lawful basis for Free Tier processing ONLY IF Zeal:

✅ Implements email notification within 24 hours of deployment as specified in Section 9.1.1 (NOT terminal screen notifications - technically not feasible)
✅ Maintains Privacy Policy disclosures meeting requirements in Section 9.1.3, including: Free Tier processing explanation and lawful basis disclosure, link to this LIA at getzeal.io/legal/lia-free-tier, for Paid Tier: cross-merchant identification disclosures
✅ Processes only tokens (NOT PANs) for consumer recognition as specified in Section 9.2.1
✅ Shares only aggregate statistics (NOT individual consumer data) with merchants as specified in Section 9.2.2
✅ Does NOT perform cross-merchant token linking for Free Tier services as specified in Section 9.2.3
✅ Implements and maintains security measures as specified in Section 9.3
✅ Provides effective data subject rights mechanisms as specified in Section 9.4
✅ Adheres to retention limits as specified in Section 9.5
✅ Reviews this LIA annually and upon material change as specified in Section 9.6
✅ Publishes Joint Controller Arrangement Notice (Section 3.3) on Privacy Policy page for consumer data processing

10.3 Risk Acknowledgement

⚠ IMPORTANT: This LIA reflects Zeal's good faith assessment of the legitimate interest legal basis. The ICO retains authority to determine whether legitimate interest is appropriate in specific circumstances. Zeal should monitor ICO guidance and enforcement actions and update this assessment as necessary.

10.4 Approval

Prepared By:
Data Protection Officer
Signature: _______________________
Date: _______________________

Approved By:
[Chief Legal Officer / Board]
Signature: _______________________
Date: _______________________

APPENDIX A: REGULATORY REFERENCE MATERIALS

A.1 UK GDPR Provisions

Article 6(1)(f): Legitimate Interests
Article 13: Information to be provided where personal data are collected from the data subject
Article 14: Information to be provided where personal data have not been obtained from the data subject
Article 21: Right to object
Recital 47: Legitimate interests balancing
Recital 69: Data minimisation

A.2 ICO Guidance Documents

ICO Guide to the UK General Data Protection Regulation (UK GDPR)
ICO Legitimate Interests Guidance
ICO Lawful Basis Interactive Guidance Tool
ICO Direct Marketing Guidance
ICO Anonymisation Guidance

A.3 Relevant Case Law and Enforcement

Fashion ID (CJEU C-40/17): Joint controller considerations
Google Spain (CJEU C-131/12): Balancing test principles
Rigas (CJEU C-13/16): Legitimate interest scope
ICO v Experian (2020): B2B2C transparency requirements

APPENDIX B: PROCESSING ACTIVITIES REGISTER EXTRACT

B.1 Free Tier Processing Activities

Activity	Purpose	Legal Basis	Data Categories	Recipients
Transaction observation	Generate analytics	Legitimate interest	Amounts, times, tokens	Zeal only
Token processing	New/returning analysis	Legitimate interest	Payment tokens	Zeal only
Dashboard generation	Display insights	Legitimate interest	Aggregated statistics	Merchant (terminal)
Benchmark creation	Industry comparison	Legitimate interest	Anonymised data	All merchants

B.2 Data Flow Summary

Terminal → Zeal Platform → Analytics Engine → Terminal Display / Aggregation Store

APPENDIX C: COMPARATIVE MARKET ANALYSIS

C.1 Competitor Processing Comparison

Provider	Analytics Offered	Data Collected	Legal Basis (Stated)	Transparency Mechanism
Square	Sales analytics, customer insights	Transaction data, card tokens	Contract / Legitimate interest	Dashboard disclosure
Stripe	Radar analytics, business insights	Transaction data, device fingerprints	Contract / Legitimate interest	Terms of Service
SumUp	Sales reports, peak hours	Transaction data	Contract	App disclosure
Toast	Guest analytics, repeat visits	Transaction data, table data	Contract / Legitimate interest	Restaurant disclosure
Zeal (Free Tier)	Transaction analytics, new/returning	Transaction data, tokens	Legitimate interest	Email + Privacy Policy

Zeal's processing is comparable to or less intrusive than industry competitors, supporting the reasonableness of the legitimate interest claim.

APPENDIX D: FREE TIER ACTIVATION EMAIL TEMPLATE

This appendix provides the mandatory email template for Free Tier activation notifications per Section 9.1.1. This template must be used for all Free Tier deployments (customization permitted only for PSP name, merchant details, and PSP contact information).

SUBJECT: Zeal Business Analytics Activated on Your Payment Terminal(s)
FROM: Zeal Notifications <noreply@getzeal.io>
TO: [Merchant Business Email Address]
Dear [Merchant Business Name],
Your payment service provider, [PSP Name], has authorized Zeal to provide you with free business analytics services via your payment terminal(s).
WHAT'S BEEN ACTIVATED:
• Transaction summaries and daily sales insights displayed on your terminal
• New vs. returning customer analysis
• Peak trading period identification
• Benchmarking against similar businesses (anonymised)
WHAT DATA WE COLLECT:
We observe transaction data from your terminal (amounts, times, payment card tokens) to generate these insights. We do NOT collect full card numbers, CVVs, or PINs. Your payment processing is completely unaffected.
YOUR CHOICES:
This service is provided at no cost to you. However, you have the right to opt out at any time:
• Online: Visit getzeal.io/optout
• Email: Send a request to optout@getzeal.io
• Via your PSP: Contact [PSP Name] and ask them to disable Zeal
If you opt out within 30 days, we will delete any data collected. You can also opt out at any time thereafter - we will stop collecting new data within 5 business days.
QUESTIONS?
• Email us: support@getzeal.io
• Read our Privacy Policy: getzeal.io/privacy
• Read our Legitimate Interest Assessment: getzeal.io/legal/lia-free-tier
Best regards,
The Zeal Team
Zeal IO Limited | 85 Great Portland Street, First Floor, London, W1W 7LT, UK

DOCUMENT CONTROL

Version	Date	Author	Changes
1.0	January 2026	DPO	Initial assessment
1.1	January 2026	DPO	Revised per legal review: email notification mechanism, updated opt-out procedures, cross-merchant clarifications, Paid Tier signage requirements

--- END OF DOCUMENT ---