Close Cookie Popup
Cookie Settings
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage and assist in our marketing efforts. View our Cookie Policy and Privacy Policy.
Decline
Accept
Manage

Our privacy policy

Contents

Vista Group is comprised of seven group companies, as set out in more detail at the link here: Vista Group Brands. Vista Group takes its data protection and privacy responsibilities seriously.

This Privacy Notice explains how the certain of the Vista group companies set out in the table below (“Vista”, “Vista Group”, “we”, “us” or “our”) as controller of your personal data, collect, use, and share personal information in relation to our website at vista.co as set out below and in the course of our business activities.

This Privacy Notice also describes your data protection rights, including the right to object to some of the processing which Vista carries out. More information about your rights, and how to exercise them, is set out in the “Legal Rights Available for Residents of the European Economic Area and in the UK” section.

Vista Group BrandVista Group CompanyAddress
Vista Group InternationalVista Group International LimitedShed 12, City Works Depot, 90 Wellesley Street West, Auckland, 1010 New Zealand
Vista, Vista Cloud or MovieXchangeVista Group (NZ) LimitedShed 12, City Works Depot, 90 Wellesley Street West, Auckland, 1010 New Zealand
MovioVista Group (NZ) LimitedShed 12, City Works Depot, 90 Wellesley Street West, Auckland, 1010 New Zealand
NumeroNumero (Aust) Pty Limited311 Musk Creek Road, Flinders, Victoria, 3929, Australia
MaccsMaccs International B.V.Leonard Springerlaan 359727 KB Groningen, The Netherlands

The following brands and companies are also part of Vista Group, but they do not come under this Privacy Notice. Please navigate to the brand’s specific website to find their Privacy Notice:

  • Veezi (Vista Group (NZ) Limited) located at Shed 12, City Works Depot, 90 Wellesley Street West, Auckland, 1010 New Zealand.
  • Flicks Limited located at Shed 12, City Works Depot, 90 Wellesley Street West, Auckland, 1010 New Zealand).
  • Powster Limited located at Unit G, Bagel Factory, 24 White Post Lane, London, E9 5SZ.

This Privacy Notice also does not apply to information collection activities by our clients or on their behalf (Client Data). For example, Vista, Veezi, and Movio provide cinema software to its clients, and may process information on their behalf to provide those services. This Privacy Notice does not describe the processing of Client Data, and we invite you to visit the applicable client’s Privacy Notice for information about their privacy practices. Any questions you have relating to such information and your rights under data protection law should be directed to the client, as the controller of that information, and not to Vista or Movio.

This Privacy Notice will also not apply to any information we collect about you when you apply for a job with us. For our job candidate privacy notice, please click the link here.

Updates

We may amend this Privacy Notice from time to time to keep it up to date with legal requirements and the way we operate our business, and we will place any updates on this webpage. This Privacy Notice was last updated on the date set out at the end of this Privacy Notice. Please regularly check these pages for the latest version of this notice. If we make fundamental changes to this Privacy Notice, we will seek to inform you by notice on our website or email.

Third party websites

Occasionally, at our discretion, we may include or offer external links to other company’s products or services on our websites. These sites have separate and independent privacy policies, and this Privacy Notice does not apply to your use of any other entity’s site. We therefore have no responsibility or liability for the content and activities of these linked sites.

Data Privacy Framework

With respect to personal information processed in the scope of this Privacy Notice, Vista Group (US), Inc, located at 335 N. Maple Dr, Ste 150, Beverly Hills, CA 90210, USA, acts as a service provider for Vista Group with regard to its handling of EU, UK, and Swiss data, and complies with the EU-U.S. Data Privacy Framework (and its UK Extension) and the Swiss-U.S. Data Privacy Framework (the Data Privacy Framework) as adopted and put forward by the U.S. Department of Commerce regarding the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Vista Group (US), Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles,” and, collectively with the EU- U.S. DPF Principles, the “Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

References in this Privacy Notice to “Vista” will include Vista Group (US), Inc, as service provider for Vista Group, where applicable. Vista commits to upholding and has certified to the Department of Commerce that it adheres to, the Data Privacy Framework Principles for the processing of all personal information received from the EU, UK, and Switzerland in reliance on the Data Privacy Framework.

To learn more about the Data Privacy Framework, and to view Vista’s certification, please visit https://www.dataprivacyframework.gov/s/ and https://www.dataprivacyframework.gov/s/participant-search, respectively.

What personal information we collect

When we collect information

We collect information about you if you register with or use our website or services, work with us as a business partner, register or attend an event organised or hosted by us, subscribe to our newsletter or other forms of marketing communications, respond to a survey or fill out a form created or sent by us, or if you otherwise contact us (together, Services).

We may also collect personal information from third parties, such as your employer, public databases, websites, or social media networks.

Legal bases for using your personal information

We will only collect, use, and share your personal information where we are satisfied that we have an appropriate legal basis to do this because the legal bases we may rely on include:

Consent – sometimes we ask for your consent to use your data.

Contract – if we have a contract in place with you, the terms of that contract may require us to process personal data necessary for that contract, or because you’ve asked us to take specific steps before entering into a contract.

Legitimate interest – we can process your data when this is necessary for us to achieve a business purpose, or where this is necessary for someone else to achieve their purpose. We explain below what interests we, or others, are trying to achieve when we process your data. Where we process personal data on the basis of a legitimate interest, then – as required by data protection law – we have carried out a balancing test to document our interests, to consider what the impact of the processing will be on individuals and to determine whether individuals’ interests outweigh our interests in the processing taking place. You can obtain more information about this balancing test by using the contact details at the end of the notice.

Legal obligation – we have obligations to comply with legal and regulatory requirements under the laws applicable to us in each of the territories that we operate in. In certain cases, we have to use your data to meet these obligations.

If you would like to find out more about the legal basis for which we process personal information, please contact our Data Protection Officer at [email protected] or the Vista privacy team at [email protected].

Personal information we collect from you and use if you use our website or services

  • Contact information (consent or contract) – We collect and use your contact information such as your title, name, email address, phone number, address.
  • Usage – We use this information to operate, maintain and provide the Services to you. We also use this information to communicate with you, including sending service-related communications and marketing communications in accordance with your preferences.
  • Location information (consent) – other than information you choose to provide us; we do not collect information about your precise location..
  • Usage – Your device’s IP address may help us determine an approximate location to ensure content made available to you through our Services or marketing channels is relevant to the city or country you are using your device in.
  • Troubleshooting information (consent or contract) – we may require your personal details in order to address issues with our Services, such as your username and user ID.
  • Usage - should you require assistance from our Services Team in relation to issues or security threats with our Services, website, your account etc. we may process the above-mentioned personal information.
  • Preferences (consent) – such as preferences set for notifications, marketing communications and how our website is displayed.
  • Usage – We use this information to provide notifications, send news, alerts and marketing communications and provide our Services in accordance with your choices and also to ensure that we comply with our legal obligation to send only those marketing communications to which you have consented.
  • Information provided by third parties (legitimate interests) - from time to time, we may receive information about you from third parties and other users.
  • Usage – We may obtain information from third parties to understand how you are interacting with our content.
  • Service Use Data (consent) – such as information about features you use, pages you visit, emails you view, products and services you view and purchase, the time of day you browse, and when you are referring and exiting pages.
  • Usage – We use this information to deliver a more personalised experience during your visit to our pages, and to develop smarter and more personalised service for users in general.
  • Device Data (consent) - such as information about the type of device or browser you use, your device’s operating software, your internet service provider, your device’s regional and language settings, and device identifiers such as IP address.
  • Usage – We use the information to make enhancements to our website to ensure it operates efficiently and effectively for all users.

Notwithstanding the above, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we use information about you, please see the Legal Rights section below.

Your provision of personal data is a requirement necessary to enter into a contract to use our Services and Websites. You are not obliged to provide the personal data to us but where you do not provide us with such data, the full functionality of our Services and Website may not be available to you.

How we share personal information

We share your personal information in the manner and for the purposes described below:

  • with other companies within our group, where such disclosure is necessary to provide you with our products and services or to manage our business.
  • with service providers who help manage our business and deliver services. These service providers have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These include IT service providers who help manage our IT and back-office systems;
  • with vendors and other parties for business and commercial purposes, including analytics companies. Vendors may act as our service providers, or in certain contexts, independently decide how to process your information;
  • for facilitating requests made at your direction;
  • with government organisations and agencies, law enforcement and regulators, to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies, and to protect the rights, property, life, health, security, and safety to us, the Services, or anyone else; and/or
  • we may share in aggregate, statistical form, information that does not identify you regarding the visitors to our website, traffic patterns, and website usage with our affiliates or advertisers.

If, in the future, we sell or transfer some of or all of our business or assets to a third party, we may disclose information to a potential or actual third-party purchaser of our business or assets.

Direct marketing

How we use personal information to keep you up to date with our products and services

If you have provided your consent, we may use personal information to let you know about our products and services that we believe will be of interest to you. We may contact you by email, post, or telephone or through other communication channels that we think you may find helpful. In all cases and with your consent, we will respect your preferences for how you would like us to manage marketing activity with you.

How you can manage your marketing preferences

To protect privacy rights and to ensure you have control over how we manage marketing with you:

  • we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you and only if you have consented to receiving those communications;
  • you can ask us to stop direct marketing at any time.  You can also ask us to stop sending email marketing by following the "unsubscribe" link you will find on all the email marketing messages we send you. Alternatively, you can contact us [email protected]. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email);
  • You can change your cookies preferences via the cookies banner that appears on our website.
  • you can change the way your browser manages cookies, which may be used to deliver online advertising, by following the settings on your browser as explained in our Cookie Policy.

Please note that you cannot opt-out of non-promotional emails, such as those about your transactions, servicing, or Vista’s ongoing business relations. Your right to opt-out is limited to the email address, device, and phone number used and will not affect subsequent subscriptions.

We recommend you routinely review the privacy policies and preference settings that are available to you on any social media platforms as well as your preferences within your account with us.

When and how we undertake profiling and analytics

We may use performance cookies like Google Analytics to recognise and count the number of visitors/users of our website and to see how such visitors/users move around our website when they are using it.

For more information about how we use profiling and analytics, please visit our Cookie Policy. We do not undertake any profiling activities which will lead to automated decision-making which produces legal effects concerning you, or similarly significantly affects you.

Choice

By default, we limit the use and disclosure of your personal information by only deploying strictly necessary cookies required to enable basic website functionality. If you choose to share additional information with us for marketing, personalization, or analytics purposes, you must actively opt-in (i.e. consent) to sharing that information via your cookie preference settings. We will also only ever collect sensitive data about you with your express consent.

Furthermore, if you would like to opt-out of sharing your personal information with us, any third party, or for any purpose that is materially different from the purpose(s) for which is was originally collected, you can also ask us to do so by emailing [email protected]. We will process any opt-out requests as promptly as we can.

Transferring personal information globally

We operate on a global basis. Accordingly, your personal information may be transferred and stored in countries outside of the country you are located in, including the EU, UK, New Zealand, and the United States of America, that are subject to different standards of data protection.

We will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:

To this end:

  • we ensure transfers within our group of companies will be covered by an agreement entered into by members of our group of companies (Intra Group Data Transfer Agreement) which contractually obliges each member to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within our group of companies;
  • where we transfer your personal information outside our group of companies or to third parties who help provide our products and services, we may rely on an EU commission adequacy decision or the UK Government adequacy decision (where applicable), or we will obtain contractual commitments from them (such as EU Standard Contractual Clauses or the UK International Data Transfer Agreement/UK addendum to the EU Standard Contractual Clauses (the UK equivalent to the EU standard contractual clauses) to protect your personal information. Some of these assurances are well recognized certification schemes like the EU US Data Privacy Framework, its UK Extension, or the Swiss-U.S. Data Privacy Framework for the protection of personal information transferred from within the EU to the United States; or
  • where we receive requests for information from public authorities, law enforcement or regulators (e.g. to meet legal national security or law enforcement requirements), we carefully validate these requests before any personal information are disclosed.

You have a right to contact our Data Protection Officer at [email protected] or the Vista privacy team at [email protected] for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.

Vista Group remains liable for the protection of your personal information that we transfer to third parties, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.

If we must disclose your personal information in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your personal information will maintain the privacy or security of your personal information.

How we protect and store your information

Security

We have implemented and continue to maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned.

Measures we take include:

  • placing confidentiality requirements on our employees and service providers;
  • ensuring that only authorised devices and authorised relevant employees with a work-related need for data processing have access to personal information and that any employee who changes roles within Vista does not retain access to personal information unless such personal information is required for their new role;
  • when an employee leaves Vista, ensuring they do not have access to, or take with them, any personal information. Vista will ensure that no previous employees or external consultants have access rights to the Vista systems holding personal information;
  • destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected;
  • following strict security procedures in the storage and disclosure of your personal information to prevent unauthorised access to it;
  • keeping our networks and systems up to date with regards to new versions, updates, and patches on an ongoing basis;
  • using secure/encrypted transfer of personal information on the internet;
  • ensuring appropriate physical security of personal information, including:
  • fitting appropriate locks or other physical controls to the doors and windows of rooms where computers are kept;
  • destroying or removing all personal information from media such as CDs before disposing of them; and
  • ensuring that all personal information is removed from the hard drives of any used computers before disposing of them;
  • implementing best practice access controls, including:
  • that best practise password procedures must be in place, including using strong passwords; and
  • having industry standard hard drive encryption for internal or external hard drives;
  • ensuring suitable firewall and infrastructure logging to ensure the ongoing logging of failed login attempts or attacks on Vista systems, including log of time, user, etc. and block access after a certain number of failed login attempts for each user;
  • protecting our networks, systems, and logs against tampering
  • having a vulnerability management program, including regular monitoring of potential vulnerabilities and performance of penetration tests of networks and Vista systems;
  • having a Security Incident Response Plan in place in the event of a serious security incident;
  • using secure communication transmission software (known as "secure sockets layer" or "SSL") that encrypts all information you input on our website before it is sent to us. SSL is an industry standard encryption protocol, which ensures that the information is reasonably protected against unauthorized interception; and
  • monitoring and keeping up to date with all security measures, processes, and risk analyses.

As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect User IDs and passwords, please take appropriate measures to protect this information. Nevertheless, transmission of information via the internet is not completely secure and we cannot guarantee the security of information.

Storing your personal information

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this Privacy Notice. Where your information is no longer needed, we will ensure that it is disposed of in a secure manner within twenty (20) business days. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements.

In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

Children

Our Services are intended for a general audience and are not directed at children under (16) years of age or under (18) years of age in the UK.

We do not knowingly gather personal information (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) in a manner not permitted by COPPA. If you are a parent or guardian and you believe we have collected information from your child in a manner not permitted by law, contact us at [email protected]. We will remove the data to the extent required by applicable laws.

We do not knowingly “sell,” as that term is defined under the CCPA, the personal information of minors under 16 years old who are California residents. For more information, please review the Additional Disclosures for California Residents section below.

Cookies

A cookie is a small text file containing small amounts of information which is downloaded to / stored on your computer (or other internet enabled devices, such as a smartphone or tablet) when you visit a website.

Cookies may collect personal information about you. Cookies help us remember information about your visit to our website, like your country, language, and other settings. Cookies allow us to understand who has seen which webpages and advertisements, to determine how frequently particular pages are visited and to determine the most popular areas of our website. They can also help us to operate our website more efficiently and make your next visit easier. Cookies can allow us to do various other things, as explained further in our Cookie Policy.

For more information about the types of cookies we use, how they work and information about how to manage your cookie settings, please visit our Cookie Policy. Please be aware that if you disable or remove tracking technologies some parts of the Service may not function correctly.

Legal rights available to help manage your privacy

Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking and where your personal information originates from, you have certain rights in relation to your personal information.

Legal rights available for residents of the European Economic Area and the UK

If you are resident in the European Economic Area or in the UK, under European law or UK law (where applicable) you have the following rights in respect of your personal information:

  • Access personal information
  • Rectify / erase personal information
  • Restrict the processing of your personal information
  • Transfer your personal information (data portability)
  • Object to the processing of personal information
  • Object to how we use your personal information for direct marketing purposes
  • Obtain a copy of personal information safeguards used for transfers outside your jurisdiction
  • Withdraw your consent from processing you previously consented to
  • Lodge a complaint with your local supervisory authority

If you wish to access any of the above rights, where necessary, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you. We reserve the right to charge a fee where it is permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting our Data Protection Officer at [email protected] or the Vista privacy team at [email protected].

Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

Right to access personal information

You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of: (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; (d) the entities or categories of entities to whom your personal information may be transferred; (e) the categories of personal data concerned; (f) the retention period(s) of your personal data and (g) where your personal data are transferred to a third country, the appropriate safeguards pursuant to Article 46 relating to the transfer; (h) the existence of the right to request from the controller rectification or erasure of personal information or restriction of processing of personal information concerning the data subject or to object to such processing; (i) the right to lodge a complaint with a supervisory authority; (j) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Right to rectify or erase personal information

You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.

You can also request that we erase your personal information in limited circumstances where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent); or
  • following a successful right to object (see right to object); or
  • it has been processed unlawfully; or
  • to comply with a legal obligation to which Vista is subject.

We are not required to comply with your request to erase personal information if, among others, the processing of your personal information is necessary:

  • for compliance with a legal obligation; or
  • for the establishment, exercise, or defence of legal claims.

Right to restrict the processing of your personal information

You can ask us to restrict your personal information, but only where:

  • its accuracy is contested, to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal information following a request for restriction, where:

  • we have your consent; or
  • to establish, exercise or defend legal claims; or
  • to protect the rights of another natural or legal person.

Right to transfer your personal information (data portability)

With respect to the personal information that you have provided to us, you can ask us to provide that personal information to you in a structured, commonly used, machine readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:

  • the processing is based on your consent or on the performance of a contract with you; and
  • the processing is carried out by automated means.

Right to object to the processing of your personal information

You can object to any processing of your personal information which has our legitimate interests as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests.

If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Right to object to how we use your personal information for direct marketing purposes

You can request that we change the manner in which we contact you for marketing purposes, or you can request that we stop direct marketing to you in full.

You can request that we do not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.

Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.

We may redact data transfer agreements to protect commercial terms.

Right to withdraw your consent

You can request to withdraw your consent to any processing activity that you previously consented to. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint with your local supervisory authority

You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

Verification of Your Identity

In order to correctly respond to your privacy rights requests, we need to confirm that YOU made the request. Consequently, we may require additional information to confirm that you are who you say you are.

For requests submitted via password-protected accounts, your identity is already verified. For requests sent by other means, we will verify your identity via the following method: we will verify your identity via the same means you use to contact us to make the request, unless you specifically request that we contact you by another means. We will request the minimum amount of information from you required to verify your request and will only request information that we already hold pertaining to you – this is usually your full name, physical address, email address and telephone number.

We will only use the Personal Data you provide us in a request to verify your identity or authority to make the request.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. Unless the applicable data protection laws permit it, we will not:

  • Charge you different prices or rates for goods or Services, including through granting discounts or other benefits or imposing penalties;
  • Provide you a different level or quality of goods or Services;
  • Suggest that you may receive a different price or rate for goods or Services or a different level or quality of goods or Services.
  • Deny you goods or Services;

Regulatory Oversight

Vista Group is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

Dispute Resolution

With regard to personal information processed within the scope of the Data Privacy Framework, if a privacy complaint or dispute cannot be resolved through Vista Group’s internal processes, Vista Group has agreed to participate in the VeraSafe Data Privacy Framework Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here.

If your dispute or complaint cannot be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you pursuant to the Data Privacy Framework’s Recourse, Enforcement and Liability Principle and Annex I of the Data Privacy Framework.

Legal rights available for California residents

California residents have certain privacy rights under the California Consumer Privacy Act of 2018, also known as the CCPA. The CCPA requires additional disclosures, and provides rights to know, delete, and opt-out, which are detailed below.

Notice of Collection

In the past twelve (12) months, we have collected the following categories of personal information listed in the CCPA:

  • Identifiers, including name, email address, phone number account name, IP address, and an ID or number assigned to your account.
  • Customer records, billing and shipping address, and credit or debit card information.
  • Commercial information, including purchases and engagement with the Services.
  • Internet activity, including your interactions with our Services.
  • Geolocation data.
  • Inferences, including information about your interests, preferences, and favourites.

For more information on information we collect, including the sources we receive information from, review the What Personal Information We Collect section. We collect and use these categories of personal information for the business purposes described in the same section, including to provide and manage our Services.

Vista does not sell (as that term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out). We use and partner with different types of entities to assist with our daily operations and manage our Services. Please review the How We Share Personal Information section for more detail about the parties we have shared information with.

Roles

Our website and Services are intended to provide information to our clients. By using the website, Services or interacting with Vista offline, you represent and warrant that you will only provide information within the context of: (i) your role as a business contact, supplier, prospective customer, or customer; or (ii) Vista conducting due diligence regarding, providing, or receiving a product or service to or from your employer.

Our processing of Client Data is governed by the terms of our service agreements with our customers and their privacy policies, and not this Privacy Notice. We are not responsible for how our customers treat the information we collect on their behalf, and we recommend you review their own privacy policies.

We acknowledge that you may have rights in connection with Client Data. If you are a California resident and we, as a service provider, have processed your information behalf of a customer and you wish to exercise your CCPA rights, please inquire with our customer directly.

Right to Know and Delete

Consumers who are California residents (and not representatives of businesses, whether those businesses are our customers or others) have the right to know certain information about our data practices in the preceding twelve (12) months. In particular, they have the right to request the following:

  • The categories of personal information we have collected about them;
  • The categories of sources from which the personal information was collected;
  • The categories of personal information about them that we disclosed for a business purpose or sold;
  • The categories of third parties to whom the personal information was disclosed for a business purpose or sold; and
  • The business or commercial purpose for collecting or selling the personal information.

In addition, in certain circumstances California consumers have the right to delete the personal information we have collected from them.

To exercise any of these rights, California consumers should e-mail our Data Protection Officer at [email protected] or the Vista privacy team at [email protected] or the postal address below. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request to know or delete.

Authorized Agent

You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.

Shine the Light

California’s “Shine the Light” law permits residents of California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. We may share personal information as defined by “Shine the Light” with our affiliates for those their own direct marketing purposes. If you are a California resident and wish to obtain information about our compliance with this law, please e-mail our Data Protection Officer at [email protected] or the Vista privacy team at [email protected]. Please note that Vista is not required to respond to requests made by means other than through the provided e-mail address.

Legal rights available for Nevada residents

Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact our Data Protection Officer at [email protected] or the Vista privacy team at [email protected].

Right to access personal information

You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of: (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; (d) the entities or categories of entities to whom your personal information may be transferred; (e) the categories of personal data concerned; (f) the retention period(s) of your personal data and (g) where your personal data are transferred to a third country, the appropriate safeguards pursuant to Article 46 relating to the transfer; (h) the existence of the right to request from the controller rectification or erasure of personal information or restriction of processing of personal information concerning the data subject or to object to such processing; (i) the right to lodge a complaint with a supervisory authority; (j) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Right to rectify or erase personal information

You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.

You can also request that we erase your personal information in limited circumstances where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent); or
  • following a successful right to object (see right to object); or
  • it has been processed unlawfully; or
  • to comply with a legal obligation to which Vista is subject.

We are not required to comply with your request to erase personal information if, among others, the processing of your personal information is necessary:

  • for compliance with a legal obligation; or
  • for the establishment, exercise, or defence of legal claims.

Right to restrict the processing of your personal information

You can ask us to restrict your personal information, but only where:

  • its accuracy is contested, to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal information following a request for restriction, where:

  • we have your consent; or
  • to establish, exercise or defend legal claims; or
  • to protect the rights of another natural or legal person.

Right to transfer your personal information (data portability)

With respect to the personal information that you have provided to us, you can ask us to provide that personal information to you in a structured, commonly used, machine readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:

  • the processing is based on your consent or on the performance of a contract with you; and
  • the processing is carried out by automated means.

Right to object to the processing of your personal information

You can object to any processing of your personal information which has our legitimate interests as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests.

If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Right to object to how we use your personal information for direct marketing purposes

You can request that we change the manner in which we contact you for marketing purposes, or you can request that we stop direct marketing to you in full.

You can request that we do not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.

Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.

We may redact data transfer agreements to protect commercial terms.

Right to withdraw your consent

You can request to withdraw your consent to any processing activity that you previously consented to. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint with your local supervisory authority

You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

Verification of Your Identity

In order to correctly respond to your privacy rights requests, we need to confirm that YOU made the request. Consequently, we may require additional information to confirm that you are who you say you are.

For requests submitted via password-protected accounts, your identity is already verified. For requests sent by other means, we will verify your identity via the following method: we will verify your identity via the same means you use to contact us to make the request, unless you specifically request that we contact you by another means. We will request the minimum amount of information from you required to verify your request and will only request information that we already hold pertaining to you – this is usually your full name, physical address, email address and telephone number.

We will only use the Personal Data you provide us in a request to verify your identity or authority to make the request.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. Unless the applicable data protection laws permit it, we will not:

  • Deny you goods or Services;
  • Charge you different prices or rates for goods or Services, including through granting discounts or other benefits or imposing penalties;
  • Provide you a different level or quality of goods or Services;
  • Suggest that you may receive a different price or rate for goods or Services or a different level or quality of goods or Services.

Regulatory Oversight

Vista Group is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

Dispute Resolution

With regard to personal information processed within the scope of the Data Privacy Framework, if a privacy complaint or dispute cannot be resolved through Vista Group’s internal processes, Vista Group has agreed to participate in the VeraSafe Data Privacy Framework Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here.

If your dispute or complaint cannot be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you pursuant to the Data Privacy Framework’s Recourse, Enforcement and Liability Principle and Annex I of the Data Privacy Framework.

Legal rights available for California residents

California residents have certain privacy rights under the California Consumer Privacy Act of 2018, also known as the CCPA. The CCPA requires additional disclosures, and provides rights to know, delete, and opt-out, which are detailed below.

Notice of Collection

In the past twelve (12) months, we have collected the following categories of personal information listed in the CCPA:

  • Identifiers, including name, email address, phone number account name, IP address, and an ID or number assigned to your account.
  • Customer records, billing and shipping address, and credit or debit card information.
  • Commercial information, including purchases and engagement with the Services.
  • Internet activity, including your interactions with our Services.
  • Geolocation data.
  • Inferences, including information about your interests, preferences, and favourites.

For more information on information we collect, including the sources we receive information from, review the What Personal Information We Collect section. We collect and use these categories of personal information for the business purposes described in the same section, including to provide and manage our Services.

Vista does not sell (as that term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out). We use and partner with different types of entities to assist with our daily operations and manage our Services. Please review the How We Share Personal Information section for more detail about the parties we have shared information with.

Roles

Our website and Services are intended to provide information to our clients. By using the website, Services or interacting with Vista offline, you represent and warrant that you will only provide information within the context of: (i) your role as a business contact, supplier, prospective customer, or customer; or (ii) Vista conducting due diligence regarding, providing, or receiving a product or service to or from your employer.

Our processing of Client Data is governed by the terms of our service agreements with our customers and their privacy policies, and not this Privacy Notice. We are not responsible for how our customers treat the information we collect on their behalf, and we recommend you review their own privacy policies.

We acknowledge that you may have rights in connection with Client Data. If you are a California resident and we, as a service provider, have processed your information behalf of a customer and you wish to exercise your CCPA rights, please inquire with our customer directly.

Right to Know and Delete

Consumers who are California residents (and not representatives of businesses, whether those businesses are our customers or others) have the right to know certain information about our data practices in the preceding twelve (12) months. In particular, they have the right to request the following:

  • The categories of personal information we have collected about them;
  • The categories of sources from which the personal information was collected;
  • The categories of personal information about them that we disclosed for a business purpose or sold;
  • The categories of third parties to whom the personal information was disclosed for a business purpose or sold; and
  • The business or commercial purpose for collecting or selling the personal information.

In addition, in certain circumstances California consumers have the right to delete the personal information we have collected from them.

To exercise any of these rights, California consumers should e-mail our Data Protection Officer at [email protected] or the Vista privacy team at [email protected] or the postal address below. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request to know or delete.

Shine the Light.

California’s “Shine the Light” law permits residents of California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. We may share personal information as defined by “Shine the Light” with our affiliates for those their own direct marketing purposes. If you are a California resident and wish to obtain information about our compliance with this law, please e-mail our Data Protection Officer at [email protected] or the Vista privacy team at [email protected]. Please note that Vista is not required to respond to requests made by means other than through the provided e-mail address.

Legal rights available for Nevada residents

Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact our Data Protection Officer at [email protected] or the Vista privacy team at [email protected].

Right to access personal information

You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of: (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; (d) the entities or categories of entities to whom your personal information may be transferred; (e) the categories of personal data concerned; (f) the retention period(s) of your personal data and (g) where your personal data are transferred to a third country, the appropriate safeguards pursuant to Article 46 relating to the transfer; (h) the existence of the right to request from the controller rectification or erasure of personal information or restriction of processing of personal information concerning the data subject or to object to such processing; (i) the right to lodge a complaint with a supervisory authority; (j) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Right to rectify or erase personal information

You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.

You can also request that we erase your personal information in limited circumstances where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent); or
  • following a successful right to object (see right to object); or
  • it has been processed unlawfully; or
  • to comply with a legal obligation to which Vista is subject.

We are not required to comply with your request to erase personal information if, among others, the processing of your personal information is necessary:

  • for compliance with a legal obligation; or
  • for the establishment, exercise, or defence of legal claims.

Right to restrict the processing of your personal information

You can ask us to restrict your personal information, but only where:

  • its accuracy is contested, to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal information following a request for restriction, where:

  • we have your consent; or
  • to establish, exercise or defend legal claims; or
  • to protect the rights of another natural or legal person.

Right to transfer your personal information (data portability)

With respect to the personal information that you have provided to us, you can ask us to provide that personal information to you in a structured, commonly used, machine readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:

  • the processing is based on your consent or on the performance of a contract with you; and
  • the processing is carried out by automated means.

Right to object to the processing of your personal information

You can object to any processing of your personal information which has our legitimate interests as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests.

If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Right to object to how we use your personal information for direct marketing purposes

You can request that we change the manner in which we contact you for marketing purposes, or you can request that we stop direct marketing to you in full.

You can request that we do not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.

Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.

We may redact data transfer agreements to protect commercial terms.

Right to withdraw your consent

You can request to withdraw your consent to any processing activity that you previously consented to. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint with your local supervisory authority

You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

Verification of Your Identity

In order to correctly respond to your privacy rights requests, we need to confirm that YOU made the request. Consequently, we may require additional information to confirm that you are who you say you are.

For requests submitted via password-protected accounts, your identity is already verified. For requests sent by other means, we will verify your identity via the following method: we will verify your identity via the same means you use to contact us to make the request, unless you specifically request that we contact you by another means. We will request the minimum amount of information from you required to verify your request and will only request information that we already hold pertaining to you – this is usually your full name, physical address, email address and telephone number.

We will only use the Personal Data you provide us in a request to verify your identity or authority to make the request.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. Unless the applicable data protection laws permit it, we will not:

  • Deny you goods or Services;
  • Charge you different prices or rates for goods or Services, including through granting discounts or other benefits or imposing penalties;
  • Provide you a different level or quality of goods or Services;
  • Suggest that you may receive a different price or rate for goods or Services or a different level or quality of goods or Services.

Regulatory Oversight

Vista Group is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

Dispute Resolution

With regard to personal information processed within the scope of the Data Privacy Framework, if a privacy complaint or dispute cannot be resolved through Vista Group’s internal processes, Vista Group has agreed to participate in the VeraSafe Data Privacy Framework Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here.

If your dispute or complaint cannot be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you pursuant to the Data Privacy Framework’s Recourse, Enforcement and Liability Principle and Annex I of the Data Privacy Framework.

Legal rights available for California residents

California residents have certain privacy rights under the California Consumer Privacy Act of 2018, also known as the CCPA. The CCPA requires additional disclosures, and provides rights to know, delete, and opt-out, which are detailed below.

Notice of Collection

In the past twelve (12) months, we have collected the following categories of personal information listed in the CCPA:

  • Identifiers, including name, email address, phone number account name, IP address, and an ID or number assigned to your account.
  • Customer records, billing and shipping address, and credit or debit card information.
  • Commercial information, including purchases and engagement with the Services.
  • Internet activity, including your interactions with our Services.
  • Geolocation data.
  • Inferences, including information about your interests, preferences, and favourites.

For more information on information we collect, including the sources we receive information from, review the What Personal Information We Collect section. We collect and use these categories of personal information for the business purposes described in the same section, including to provide and manage our Services.

Vista does not sell (as that term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out). We use and partner with different types of entities to assist with our daily operations and manage our Services. Please review the How We Share Personal Information section for more detail about the parties we have shared information with.

Roles

Our website and Services are intended to provide information to our clients. By using the website, Services or interacting with Vista offline, you represent and warrant that you will only provide information within the context of: (i) your role as a business contact, supplier, prospective customer, or customer; or (ii) Vista conducting due diligence regarding, providing, or receiving a product or service to or from your employer.

Our processing of Client Data is governed by the terms of our service agreements with our customers and their privacy policies, and not this Privacy Notice. We are not responsible for how our customers treat the information we collect on their behalf, and we recommend you review their own privacy policies.

We acknowledge that you may have rights in connection with Client Data. If you are a California resident and we, as a service provider, have processed your information behalf of a customer and you wish to exercise your CCPA rights, please inquire with our customer directly.

Right to Know and Delete

Consumers who are California residents (and not representatives of businesses, whether those businesses are our customers or others) have the right to know certain information about our data practices in the preceding twelve (12) months. In particular, they have the right to request the following:

  • The categories of personal information we have collected about them;
  • The categories of sources from which the personal information was collected;
  • The categories of personal information about them that we disclosed for a business purpose or sold;
  • The categories of third parties to whom the personal information was disclosed for a business purpose or sold; and
  • The business or commercial purpose for collecting or selling the personal information.

In addition, in certain circumstances California consumers have the right to delete the personal information we have collected from them.

To exercise any of these rights, California consumers should e-mail our Data Protection Officer at [email protected] or the Vista privacy team at [email protected] or the postal address below. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request to know or delete.

Shine the Light.

California’s “Shine the Light” law permits residents of California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. We may share personal information as defined by “Shine the Light” with our affiliates for those their own direct marketing purposes. If you are a California resident and wish to obtain information about our compliance with this law, please e-mail our Data Protection Officer at [email protected] or the Vista privacy team at [email protected]. Please note that Vista is not required to respond to requests made by means other than through the provided e-mail address.

Legal rights available for Nevada residents

Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact our Data Protection Officer at [email protected] or the Vista privacy team at [email protected].

Legal rights in other jurisdictions

Residents in other jurisdictions may also have similar rights to the above. Please contact us our Data Protection Officer at [email protected] or the Vista privacy team at [email protected] if you would like to exercise one of these rights, and we will comply with any request to the extent required under applicable law.

Contact us

The primary point of contact for all issues arising from this Privacy Notice is our Data Protection Officer at [email protected] or the Vista privacy team at [email protected].

We have appointed a representative in the EU: Vista Entertainment Solutions (NL) B.V., who can be contacted by email at [email protected] or in person / by post at TSH Collab Amsterdam City, Wibautstraat 131D, 1091 GL Amsterdam, Netherlands.

We have appointed a representative in the UK: Vista Group International (UK) Limited, who can be contacted by email at [email protected] or in person / by post at FORA, Thomas House, 84 Eccleston Square, London SW1V 1PX.

If you have any questions, concerns, or complaints regarding our compliance with this Privacy Notice, the information we hold about you or if you wish to exercise your rights, we encourage you to first contact our Data Protection Officer or Vista Privacy. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by applicable data protection laws.

If you experience any difficulties accessing the information here, please contact us via the details above to obtain this Privacy Notice in an alternate format.

To contact your data protection supervisory authority

You have a right to lodge a complaint with your local data protection supervisory authority (i.e. your place of habitual residence, place or work or place of alleged infringement) at any time.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

This Policy has been designed to be accessible to people with disabilities.  If you experience any difficulties accessing the information here, please contact us via the details above to obtain this Policy in an alternate format.

Issue date of Privacy Policy: 26 June 2025.

Cookie Preferences