GDPR Compliance
VISTRA GROUP HOLDINGS LIMITED
GENERAL DATA PROTECTION REGULATION (GDPR) CREDENTIALS STATEMENT
1. Who we are and what services we are providing
Vistra Group Holdings Limited
Registered office: P.O Box 31119, Grand Pavilion, Hibiscus Way, 802 West Bay Road, Grand Cayman, KY1-1205, Cayman Islands
Designated contact: Data Privacy Office [email protected]
Services provided: Those services Vistra has undertaken to provide to you.
2. Personal data being processed and processing activities
The personal data being processed by Vistra as Processor is that which the Controller has supplied to Vistra or which Vistra has obtained or created in order to provide the services in accordance with, and as notified in, the applicable standard terms.
The processing activities undertaken by Vistra are as set out in those standard terms.
As further detailed in our standard terms, there are circumstances in which Vistra will be acting as Controller in relation to the personal data.
3. Quality management and data security
Vistra holds the following certification:
- Information security - Our ISO27001 certificates can be viewed here and here, and can be verified here (Certificate No: GB18/961203)
This certification demonstrates that we have established and will maintain and continually improve our information security and quality management systems.
Our published information relating to its data security measures may be viewed here.
4. Confidentiality
Our employees are bound by contractual confidentiality provisions in their contracts of employment. In addition, employees are required to complete an annual declaration confirming their awareness of Vistra’s confidentiality and security procedures. Compliance with any group policies relating to data protection and confidentiality of information is mandatory.
5. Use of Sub-Processors
Vistra is in the process of seeking and obtaining similar Credentials Statements or equivalent from Sub-Processors who process the personal data which is the subject of our contract.
6. Privacy Notice
The Privacy Notice explains the types of personal data we collect, how we collect and use it, as well as your rights with respect to such personal data.
You may find our Privacy Notice here.
In Summary
Vistra believes that a strong business reputation depends on a robust data protection and information security framework. We view data protection and information security as fundamental components of doing business. We are committed to protecting information assets, personal data, and client information. You may find out more information about our Global Data Protection framework here