Privacy Notice

Effective Date: from 21 April 2021

The Privacy Notices included below explain how particular companies in the Vistra Group collect, use and disclose your personal data, and your rights in relation to the personal data they hold. 

Please select which Vistra office and location is applicable to you:  

Australia | Belgium | Brazil | British Virgin Islands – Vistra Licence Holdings (BVI) LimitedBritish Virgin Islands – Vistra Trust (BVI) Limited | Bulgaria | Canada | Cayman Islands | People's Republic of China | Cyprus | Czech Republic | Eumetra AG, Switzerland | Vistra Geneva SA, SwitzerlandGermanyGuernsey | Hong Kong SAR | India | Indonesia | IrelandJapan | JerseyVistra Luxembourg S.à r.l.Vistra Luxembourg Fund Management S.A | Macau SAR | Malaysia | Malta | Marine and Aviation | MauritiusMonaco | Netherlands | PolandPoland Fund Services | Romania | Seychelles | Spain | Slovakia | Singapore | TaiwanUnited Arab EmiratesUSA | London (UK) | Vistra Depository Services (UK)  | Vistra Business Information (UK) |  Vistra Corporate Law (UK)  | Vistra Legalisation Services Limited (UK) | Vistra-Trustees GmbH, Switzerland | Bristol and Scotland (UK) | Vistra International Expansion (UK) | Vistra Zug AG, Switzerland | Vistra Zurich AG, Switzerland 

Please note that Vistra Group Holdings (BVI) Limited or its relevant Vistra group entity (“us”, “we” and “our”) is the controller of your personal data and is subject to applicable data protection laws and regulations, which may include, but not be limited to, the EU General Data Protection Regulation 2016/679 and the Personal Data Privacy Ordinance (Chapter 486 of the laws of Hong Kong) (collectively, the “Applicable Data Protection Laws”). 

In case of any question or comment in respect of this Privacy Notice, please contact:

By post:
General Counsel
Vistra Group, 19th Floor, Lee Gardens One, Causeway Bay, Hong Kong

By email: 
[email protected]

By telephone:
+852 2521 3661 

This Privacy Notice supersedes any previous Privacy Notice or equivalent which you may have been provided with or seen prior to the Effective Date stated above.  

Your rights

Under the Applicable Data Protection Laws, you may have (any of) the following rights:
•    To obtain access to, and copies of, the personal data that we hold about you;
•    To require that we cease processing your personal data if the processing is causing you damage or distress; 
•    To require us not to send you marketing communications;
•    To require us to erase your personal data;
•    To require us to restrict our data processing activities; 
•    To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller; and
•    To require us to correct the personal data we hold about you if it is incorrect.

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

To find out more about your rights, please refer to the relevant data protection governmental body or regulatory authority (as the case may be) in the place where you are located. 

If you have any questions about how we use your personal data, or you wish to exercise any of the rights set out above, please contact us via any of the contact details listed above.

If you are not satisfied with how we are processing your personal data, you can make a complaint with us directly via the contact details above, and/or to the relevant data protection governmental body or regulatory authority (as the case may be) in the place where you are located.

How we collect your data

We may collect your personal data in a number of ways, for example:

•    From the information you provide to us when you meet us;
•    From information about you provided to us by your company or an intermediary;
•    When you communicate with us by telephone, fax, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication;
•    When you complete (or we complete on your behalf) client on-boarding or application or other forms; 
•    From other companies in the Vistra Group; 
•    From your agents, advisers, intermediaries, and custodians of your assets; 
•    From publicly available sources or from third parties, most commonly where we need to conduct background checks or pre-employment screening about you;
•    During the recruitment process, you (as job applicant) may be required to provide sufficient personal data so that we may, as appropriate and/or applicable, assess your suitability for the position being applied for; and
•    From the information you provide to us when you contact us or when you make a job application with us.

The categories of personal data we collect

We may collect the following categories of personal data about you:

•    Your name and contact information such as your home or business address, email address and telephone number;
•    Biographical information which may confirm your identity including your date of birth, tax identification number and your passport number or national identity card details, country of domicile and/or your nationality; 
•    Information relating to your financial situation such as income, expenditure, assets and liabilities, sources of wealth, as well as your bank account details;
•    Information about your knowledge and experience in the investment field;
•    An understanding of your goals and objectives in procuring our services;
•    Information about your employment, education, family or personal circumstances, and interests, where relevant; 
•    Information to assess whether you may represent a politically exposed person or money laundering risk; and
•    Such other categories of personal data as may be the case.

The basis for processing your personal data (other than with your consent), how we use that personal data and whom we share it with

(i) Performance of a contract with you 

We may process your personal data because it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

In this respect, we may use your personal data for the following:

•    To prepare a proposal for you regarding the services we offer;  
•    To provide you with the services as set out in our services agreement or terms of engagement with you or as otherwise agreed with you from time to time; 
•    To deal with any complaints or feedback you may have; 
•    For any other purpose for which you provide us with your personal data; and
•    For background checks and pre-employment screenings, including conducting such checks and screenings on job applicants and employees.

(ii) Legitimate interests

We may also process your personal data because it is necessary for our legitimate interests, or sometimes where it is necessary for the legitimate interests of another person.

In this respect, we may use your personal data for the following:

•    For marketing to you. In this respect, see the separate section on “Marketing” below;
•    Training our staff or monitoring their performance;
•    For the administration and management of our business, including recovering money you owe to us, and archiving or statistical analysis; 
•    To protect our rights or those of you and/or our clients and/or to prevent fraud;
•    To develop and improve our services or to strengthen our relationship with you;
•    Seeking advice on our rights and obligations, such as where we require our own legal advice; 
•    For security purposes, including by operating security cameras in various locations at Vistra’s premises, and conducting background checks and pre-employment screenings; and
•    Monitoring and recording telephone calls and emails and internet use in accordance with our IT policies.

(iii) Legal obligations

We may also process your personal data for our compliance with a legal obligation which we are under.

In this respect, we may use your personal data for the following:

•    To meet our legal, compliance and regulatory obligations, such as compliance with anti-money laundering laws; 
•    As required by tax authorities or any competent court or legal authority;
•    Monitoring and recording telephone calls and emails, and conducting background checks and pre-employment screenings for compliance with our regulatory obligations; and
•    For the prevention and detection of crime, and in order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities.

Data Sharing

We may share your personal data with or transfer it to the following parties:

•    Your agents, advisers, intermediaries, and custodians of your assets who you tell us about;
•    Third parties whom we engage to assist in delivering the services to you, including vendors and other companies in the Vistra Group;
•    Our professional advisers where it is necessary for us to obtain their advice or assistance, including lawyers, accountants, IT or public relations advisers; 
•    Other third parties such as intermediaries who we introduce to you. We will wherever possible tell you who they are before we introduce you; 
•    Competent authorities in order to comply with our legal and/or regulatory obligations; and
•    Our hosting partner and (cloud or server based) data storage providers. 


We may send you marketing communications about similar or related services we provide, as well as other information in the form of alerts, newsletters and invitations to events or functions which we believe might be of interest to you.

We may communicate this to you in a number of ways including by post, telephone, email, SMS or other digital channels. 

If you object to receiving marketing from us at any time, please click the “unsubscribe” button in the relevant email communication, or contact us via any of the contact details stated above.


Our website uses cookies to improve your experience on our website. For full details on how cookies are used, please see our Cookie Policy.

Transfer and processing of your personal data cross-border

We may transfer, store, or process your personal information in locations outside the jurisdiction in which you are based (“Jurisdiction”).  Where the countries to which your personal information is transferred do not offer an equivalent level of protection for personal information to the laws of the Jurisdiction, we will ensure that appropriate and reasonable safeguards and security measures are put in place.  

Where we transfer your personal information from the Jurisdiction, we will only do so in compliance with any applicable data protection laws and regulations.

To find out more about transfers by us of your personal data outside the Jurisdiction or any countries concerned, please contact us via any of the contact details stated above.

Retention of your data

We will retain your personal data for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). In particular:

•    where we have collected your personal data as required by anti-money laundering and counter-terrorist financing legislation, including for identification, screening and reporting, we will normally retain that personal data for five (5) years after the termination of our relationship, unless we are required to retain this information by another law or for the purposes of court proceedings; 
•    we will in most cases retain your personal data for a period of seven (7) years after the termination of our contractual or other relationship with you in case any claims arise out of the provision of our services to you; or
•    in the case of unsuccessful applicants who applied via Vistra’s V-Connect applicant portal, unless otherwise notified to you, we will retain and use the information you provided to us for a period of 365 days from the date you last logged into your V-Connect account.