Privacy Policy
This Privacy Policy explains how Vista Consultancy collects, uses, discloses, and protects personal data in compliance with GDPR, UK Data Protection Act, and other global privacy regulations.
1. Introduction
Vista Consultancy ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy outlines our practices regarding the collection, use, and disclosure of personal data when you use our services, and explains your privacy rights.
We operate as a Data Processor for our hospitality clients, managing guest data, booking information, and operational data on their behalf. As a Data Controller for our own business operations, we collect data from website visitors, prospective clients, and business partners.
Key Definitions
- Personal Data: Any information relating to an identified or identifiable natural person.
- Data Processing: Any operation performed on personal data, such as collection, storage, or use.
- Data Controller: Determines the purposes and means of processing personal data.
- Data Processor: Processes personal data on behalf of the Data Controller.
2. Data We Collect
We collect several types of information for different purposes to provide and improve our services to you.
From Our Website
- Contact form submissions
- Newsletter sign-ups
- Website usage analytics
- Cookies and tracking data
From Client Operations
- Guest reservation data
- Guest communication records
- Payment information (PCI-compliant)
- Guest preferences and requests
Types of Personal Data
| Data Category | Examples | Purpose |
|---|---|---|
| Identity Data | Name, title, date of birth | Service delivery, communication |
| Contact Data | Email, phone, address | Guest communication, support |
| Transaction Data | Booking details, payments | Reservation management |
| Technical Data | IP address, browser type | Website analytics, security |
| Usage Data | Website interaction data | Service improvement |
3. How We Use Your Data
We use personal data only for specified, explicit, and legitimate purposes. We will not use your data for purposes incompatible with those for which it was originally collected.
Lawful Bases for Processing
For Client Operations (Data Processor)
-
Contractual Obligation
Processing necessary to fulfill service agreements with our hospitality clients
-
Legitimate Interests
Processing necessary for efficient hospitality operations management
-
Legal Obligation
Processing required by law (e.g., tax, regulatory requirements)
For Our Business (Data Controller)
-
Consent
Where you have given clear consent for specific processing
-
Legitimate Interests
Business development, marketing (with opt-out options)
-
Contractual Necessity
Processing necessary for agreements with business partners
Specific Purposes
Managing reservations, guest communications, and operational support
Providing updates, reports, and operational insights
Protecting data, preventing fraud, meeting legal obligations
Analyzing usage patterns to enhance our services
4. Data Sharing and Disclosure
We do not sell, rent, or trade your personal data. We only share data as described below and with appropriate safeguards in place.
Who We Share Data With
Hospitality Clients
As a Data Processor, we share guest data with the relevant hotel or property that is our client, under strict data processing agreements.
Service Providers
Trusted third parties who provide services such as cloud hosting, payment processing, and communication tools, all bound by strict data protection agreements.
Legal & Regulatory Authorities
When required by law, regulation, legal process, or governmental request, or to protect our rights, property, or safety.
Cross-Border Transfers
When we transfer personal data outside the European Economic Area (EEA) or the UK, we ensure adequate protection through Standard Contractual Clauses (SCCs), UK International Data Transfer Agreements, or other approved transfer mechanisms.
5. Data Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.
Technical Measures
-
Encryption
AES-256 encryption for data at rest and in transit
-
Access Controls
Role-based access, multi-factor authentication
-
Network Security
Firewalls, intrusion detection, VPN access
-
Regular Testing
Vulnerability assessments and penetration testing
Organizational Measures
-
Staff Training
Regular data protection and security training
-
Policies & Procedures
Documented security policies and incident response plans
-
Confidentiality Agreements
All employees sign strict confidentiality agreements
-
Regular Audits
Internal and external security audits
Data Breach Notification
In the event of a personal data breach, we will notify affected individuals and relevant authorities within 72 hours of becoming aware of the breach, where required by law.
6. Your Data Protection Rights
Depending on your location and applicable data protection laws, you may have certain rights regarding your personal data.
Request copies of your personal data
Request correction of inaccurate data
Request deletion of your data ("right to be forgotten")
Request restriction of processing
Object to processing based on legitimate interests
Request transfer of data to another organization
How to Exercise Your Rights
To exercise any of these rights, please contact us using the details in Section 8. We may need to verify your identity before processing your request.
We will respond to all legitimate requests within one month. If your request is particularly complex or you have made multiple requests, we may extend this period by an additional two months.
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data infringes data protection laws. For EU residents, this would be your national data protection authority. For UK residents, this would be the Information Commissioner's Office (ICO).
7. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to track activity on our website and hold certain information to improve and analyze our service.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Necessary for website functionality | Session |
| Analytics Cookies | Track website usage and performance | 2 years |
| Preference Cookies | Remember your settings and preferences | 1 year |
Cookie Management
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept essential cookies, you may not be able to use some portions of our website.
For detailed information about the cookies we use and your choices regarding cookies, please visit our Cookie Policy.
8. Contact Information
If you have any questions about this Privacy Policy, our data practices, or wish to exercise your data protection rights, please contact us:
Data Protection Officer
Vista Consultancy
Mangalore, Karnataka
India
For EU Representative
As required by GDPR Article 27, we have appointed an EU representative for data subjects in the EU:
[Name of EU Representative]
[Address of EU Representative]
Email: [EU Representative Email]
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
Update Notification
-
We will notify you of any material changes
Through email or prominent notice on our website
-
Review the "Last Updated" date
Check the top of this policy for the most recent version
-
Continued use constitutes acceptance
Using our services after changes means you accept the updated policy
This Privacy Policy was last updated on February 15, 2026.
Questions About Our Privacy Practices?
Our team is here to help you understand how we protect your data and respect your privacy rights.
