How Vistoplex collects, uses, stores and protects your personal data — including how we may use submitted contact details to contact you through Vistoplex and First Elite Global — and the rights you have over it under UK GDPR, the Data Protection Act 2018, and (where applicable) the UAE Personal Data Protection Law.
This privacy policy explains how Vistoplex ("Vistoplex", "we", "us" or "our") collects and uses your personal data when you visit vistoplex.com, request a quote, subscribe to our newsletter, engage us as a client, or otherwise interact with our services.
For the purposes of UK data protection law, Vistoplex is the data controller of the personal data described in this policy.
| Legal entity | Vistoplex, a company registered in England & Wales under company number 12194096 |
|---|---|
| Registered office | 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom |
| UAE office | Vistoplex MEA, Downtown, Dubai, United Arab Emirates |
| Associated contact partner | First Elite Global, which may contact you where you submit contact details and agree to be contacted by both Vistoplex and First Elite Global. |
| Data protection contact | privacy@vistoplex.com |
Depending on how you interact with us, we may collect the following categories of personal data:
Your name, business name, role/title, email address, telephone number, postal address, and (where applicable) the country and city of your business operations.
Information you provide when requesting a quote, booking a discovery call, or engaging us — including the nature of your enquiry, project requirements, budget indicators, and any documents or files you choose to share with us.
For paying clients: invoicing details, billing address, VAT number (where applicable), and payment reference data. We do not store full card details — payments are processed by Stripe (see Section 5).
Your preferences for receiving marketing communications, your interaction with our newsletter (open/click data via MailPoet), and your communication preferences generally.
Internet protocol (IP) address, browser type and version, device type, operating system, time-zone setting, location at country/region level, and other technology used to access this website.
Information about how you use our website and services — pages visited, time on page, referral source, and similar analytics data.
We do not knowingly collect special-category personal data (e.g. data revealing racial or ethnic origin, political opinions, religious beliefs, health data, biometric data). Please do not submit special-category data through our forms or in unsolicited correspondence.
We collect personal data through the following routes:
Under UK GDPR we must have a lawful basis for processing your personal data. The lawful bases we rely on are set out below alongside each purpose.
| Purpose | Lawful basis |
|---|---|
| Responding to enquiries — handling quote requests, discovery calls, contact form submissions, free audit requests. | Steps taken at your request prior to entering a contract; legitimate interests (running our business). |
| Contacting you after contact-detail submission — where you provide an email address, phone number, or other contact detail, Vistoplex and First Elite Global may contact you about your enquiry, requested service, audit, quotation, consultation, or related business services. | Consent where you submit contact details and agree to be contacted; legitimate interests where the contact relates to your business enquiry or requested service. |
| Delivering services — managing client relationships, performing the engagement, invoicing, and project communication. | Performance of a contract with you (or with the legal entity you represent). |
| Newsletter & marketing — sending the Vistoplex weekly newsletter and other marketing communications. | Consent (you opted in). You may withdraw consent at any time using the unsubscribe link in any email. |
| B2B marketing to existing clients — informing existing clients about related services we offer. | Legitimate interests (the "soft opt-in" under PECR Reg. 22(3)) — you may object at any time. |
| Website analytics — measuring traffic, conversions, and how visitors use the site. | Consent (where cookies are required) — managed via our cookie banner. |
| Legal & regulatory compliance — accounting records, tax compliance, fraud prevention, responding to lawful requests. | Compliance with a legal obligation; legitimate interests. |
| Security & fraud prevention — protecting our website and clients from abuse, attacks, and fraudulent activity. | Legitimate interests (operating a secure platform). |
Some of our service providers (notably Google, Meta, Stripe, and where relevant First Elite Global) process personal data outside the UK and the European Economic Area (EEA). When we transfer personal data outside the UK we ensure that an appropriate safeguard is in place, namely:
If you operate from the UAE, the same safeguards apply to transfers of your data into the UK and onward to the providers listed in Section 5. We treat UAE residents' data in accordance with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) where applicable.
We retain personal data only for as long as we need it for the purpose for which it was collected, or for as long as we are legally required to keep it. Our default retention periods are:
| Data type | Retention period |
|---|---|
| Quote requests & enquiries that did not become engagements | 24 months from last contact |
| Active client records | Duration of engagement plus 7 years (UK accounting record retention) |
| Newsletter subscribers | Until you unsubscribe, plus a suppression record indefinitely so that we do not re-contact you |
| Website analytics data | 14 months (Google Analytics 4 default), aggregated |
| Server access logs | 30 days |
| Invoicing & accounting records | 7 years (HMRC requirement) |
At the end of the applicable retention period we will securely delete or anonymise your personal data. Where data has been backed up, deletion may take place within the next routine backup cycle.
We apply technical and organisational measures appropriate to the risk of the processing, including:
Despite these measures, no internet transmission or storage system can be guaranteed to be 100% secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of it, and we will notify you directly where the breach is likely to result in a high risk.
Under UK GDPR you have the following rights in relation to the personal data we hold about you. Most of these rights are not absolute — exceptions apply, and we will explain any exception we rely on if it is relevant to your request.
To exercise any of these rights, contact us at privacy@vistoplex.com. We will respond within one calendar month, extendable by a further two months for complex requests (we will tell you if we need the extension).
You will not normally have to pay a fee, but we may charge a reasonable fee or refuse the request if it is manifestly unfounded or excessive, in line with UK GDPR Article 12(5).
Our services are directed at businesses and business owners, not children. We do not knowingly collect personal data from anyone under the age of 13. If you believe we have inadvertently collected such data, contact us at privacy@vistoplex.com and we will delete it.
We may update this privacy policy from time to time. The "Last updated" date at the top of this page indicates when the latest revision came into effect. Material changes will be communicated by a notice on this page or, where appropriate, by direct email to subscribers and clients. Continuing to use our services after the change date constitutes acceptance of the revised policy.
For any question about this privacy policy, or to exercise any of your rights:
Email: privacy@vistoplex.com
Post: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ · United Kingdom
If you are unhappy with how we have handled your personal data, you have the right to complain to the UK Information Commissioner's Office. We would be grateful for the opportunity to address your concerns first, but you may complain directly without coming to us.
If you are based in the UAE, you may additionally raise a complaint with the UAE Data Office under the Personal Data Protection Law.