GDPR Compliance

VISTRA GROUP HOLDINGS (BVI) LIMITED

GENERAL DATA PROTECTION REGULATION (GDPR) CREDENTIALS STATEMENT

1. Who we are and what services we are providing

  • Vistra Group Holdings (BVI) Limited
  • Registered office: Vistra Corporate Services Centre, Wickhams Cay II, Road Town, Tortola, VC1110, British Virgin Islands
  • Designated contact: General Counsel: privacy@vistra.com 
  • Services provided: Those services Vistra has undertaken to provide to you. 

2. Personal data being processed and processing activities

The personal data being processed by Vistra as Processor is that which the Controller has supplied to Vistra or which Vistra has obtained or created in order to provide the services in accordance with, and as notified in, the applicable standard terms.

The processing activities undertaken by Vistra are as set out in those standard terms.

As further detailed in our standard terms, there are circumstances in which Vistra will be acting as Controller in relation to the personal data.

3. Quality management and data security

Vistra holds the following certification:

  • Information security - Our ISO27001 certificate can be viewed here (Certificate No: GB18/961203)

This certification demonstrates that we have established and will maintain and continually improve our information security and quality management systems. 

Our published information relating to its data security measures may be viewed here.

4. Confidentiality  

Our employees are bound by contractual confidentiality provisions in their contracts of employment. In addition, employees are required to complete an annual declaration confirming their awareness of Vistra’s confidentiality and security procedures. Compliance with any group policies relating to data protection and confidentiality of information is mandatory.

5. Use of Sub-Processors

Vistra is in the process of seeking and obtaining similar Credentials Statements or equivalent from Sub-Processors who process the personal data which is the subject of our contract.

Privacy Notice

The Privacy Notice explains the types of personal data we collect,  how we collect and use it, as well as your rights with respect to such personal data.

You may find our Privacy Notice here.