Vista Entertainment Solutions Limited (“Vista”"we""us" or “our”) based at Level 3, 60 Khyber Pass Road, Newton, Auckland 1023, New Zealand is responsible for your personal information and we take our data protection and privacy responsibilities seriously.
Please note that other companies in the Vista group may collect, use and share personal information, such as Movio and Powster. These companies may have their own privacy policies, which are generally available from the relevant websites for those products and services.
Third party websites
When we collect information
We collect information about you if you register with or use our website or services, work with us as a business partner, register or attend an event organised or hosted by us, apply for a job with us, subscribe to our newsletter or other forms of marketing communications, respond to a survey or fill out a form created or sent by us, or if you otherwise contact us (together, “Services”).
We may also collect personal information from third parties, such as your employer, public databases or social media networks.
Personal information we collect from you and use if you use our website or services
- Contact information – such as your title, name, email address, phone number, address. We use this information to operate, maintain and provide the Services to you. We also use this information to communicate with you, including sending service-related communications, employment-related communications and marketing communications in accordance with your preferences.
- Location information – other than information you choose to provide us, we do not collect information about your precise location. Your device’s IP address may help us determine an approximate location to ensure content made available to you through our Services or marketing channels is relevant to the city or country you are using your device in.
- Troubleshooting information – should you require assistance from our Services Team in relation to issues with our Services, website, your account etc., we may require your personal details in order to address the issue, such as your user name and user ID.
- Preferences – such as preferences set for notifications, marketing communications and how our website is displayed. We use this information to provide notifications, send news, alerts and marketing communications and provide our Services in accordance with your choices and also to ensure that we comply with our legal obligation to send only those marketing communications to which you have consented.
- Information provided by third parties - from time to time, we may receive information about you from third parties and other users. We may obtain information from third parties to enhance or supplement our existing user information. We may also collect information about you that is publicly available.
We will use the personal information we collect to operate, maintain and provide to you the features and functionality of the Services, to communicate with you, to monitor and improve the Services and business, and to help us develop new products and services.
Legal basis for using your personal information
We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this (namely, that the processing is necessary for our legitimate interests and/or for compliance with a legal obligation to which we are subject). This is because:
- we need to use your personal information to perform a contract or take steps to enter into a contract with you;
- we need to use your personal information for our legitimate interest as a commercial organisation. For example, we may use your email address to send you invites or inform you of events that we host globally for example our biennial customer conference or trade show meetings. In all such cases, we will look after your information always in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the Legal Rights section below;
- we need to use your personal information to comply with a relevant legal or regulatory obligation that we have; or
- we have your consent to using your personal information for a particular activity.
If you would like to find out more about the legal basis for which we process personal information, please contact us.
We share your personal information in the manner and for the purposes described below:
- with other companies within our group, where such disclosure is necessary to provide you with our products and services or to manage our business. Click here for a list of the other companies within our group companies;
- with third parties who help manage our business and deliver services. These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These include IT service providers who help manage our IT and back office systems;
- with government organisations and agencies, law enforcement and regulators, to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
- we may share in aggregate, statistical form, non‑personal information regarding the visitors to our website, traffic patterns, and website usage with our affiliates or advertisers.
If, in the future, we sell or transfer some of or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or assets.
How we use personal information to keep you up to date with our products and services
We may use personal information to let you know about our products and services that we believe will be of interest to you. We may contact you by email, post, or telephone or through other communication channels that we think you may find helpful. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you.
How you can manage your marketing preferences
To protect privacy rights and to ensure you have control over how we manage marketing with you:
- we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you;
- you can ask us to stop direct marketing at any time ‑ you can ask us to stop sending email marketing, by following the "unsubscribe" link you will find on all the email marketing messages we send you. Alternatively, you can contact us at email@example.com. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email); and
We recommend you routinely review the privacy policies and preference settings that are available to you on any social media platforms as well as your preferences within your account with us.
When and how we undertake profiling and analytics
We use performance cookies like Google Analytics to recognise and count the number of visitors/users of our website and to see how such visitors/users move around our website when they are using it.
We operate on a global basis. Accordingly, your personal information may be transferred and stored in countries outside the EU, including New Zealand and the United States of America, that are subject to different standards of data protection.
We will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights. To this end:
- we ensure transfers within our group of companieswill be covered by an agreement entered into by members of our group of companies (an intra‑group agreement) which contractually obliges each member to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within our group of companies;
- where we transfer your personal information outside our group of companies or to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information. Some of these assurances are well recognized certification schemes like the EU ‑ US Privacy Shield for the protection of personal information transferred from within the EU to the United States; or
- where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are disclosed.
You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.
We have implemented and maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned.
Measures we take include:
- placing confidentiality requirements on our employees and service providers;
- ensuring that only authorised devices and authorised relevant employees with a work-related need for data processing have access to personal information and that any employee who changes roles within Vista does not retain access to personal information unless such personal information is required for their new role.
- when an employee leaves Vista, ensuring they do not have access to, or take with them, any personal information. Vista will ensure that no previous employees or external consultants have access rights to the Vista systems holding personal information;
- destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected;
- following strict security procedures in the storage and disclosure of your personal information to prevent unauthorised access to it;
- keeping our networks and systems up to date with regards to new versions, updates and patches on an ongoing basis;
- using secure/encrypted transfer of personal information on the internet;
- ensuring appropriate physical security of personal information, including:
- fitting appropriate locks or other physical controls to the doors and windows of rooms where computers are kept;
- destroying or removing all personal information from media such as CDs before disposing of them; and
- ensuring that all personal information is removed from the hard drives of any used computers before disposing of them;
- implementing best practice access controls, including:
- that best practise password procedures must be in place, including using strong passwords; and
- having industry standard hard drive encryption for internal or external hard drives; and
- ensuring suitable firewall and infrastructure logging to ensure the ongoing logging of failed login attempts or attacks on Vista systems, including log of time, user, etc. and block access after a certain number of failed login attempts for each user;
- protecting our networks, systems and logs against tampering;
- having a vulnerability management program, including regular monitoring of potential vulnerabilities and performance of penetration tests of networks and Vista systems;
- having a Security Incident Response Plan in place in the event of a serious security incident;
- using secure communication transmission software (known as "secure sockets layer" or "SSL") that encrypts all information you input on our website before it is sent to us. SSL is an industry standard encryption protocol, which ensures that the information is reasonably protected against unauthorized interception; and
- monitoring and keeping up to date with all security measures, processes and risk analyses.
As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect User IDs and passwords, please take appropriate measures to protect this information
Storing your personal information
In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
A cookie is a small text file containing small amounts of information which is downloaded to / stored on your computer (or other internet enabled devices, such as a smartphone or tablet) when you visit a website.
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking and where your personal information originates from, you have certain rights in relation to your personal information. If you are resident in the European Economic Area, under European law you have the following rights in respect of your personal information:
- Access personal information
- Rectify / erase personal information
- Restrict the processing of your personal information
- Transfer your personal information
- Object to the processing of personal information
- Object to how we use your personal information for direct marketing purposes
- Obtain a copy of personal information safeguards used for transfers outside your jurisdiction
- Lodge a complaint with your local supervisory authority
If you wish to access any of the above rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us at firstname.lastname@example.org. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Residents in other jurisdictions may also have similar rights to the above. Please contact us at email@example.com if you would like to exercise one of these rights, and we will comply with any request to the extent required under applicable law.
Right to access personal information
You have a right to request that we provide you with a copy of your personal information that we hold, and you have the right to be informed of; (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.
Right to rectify or erase personal information
You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.
You can also request that we erase your personal information in limited circumstances where:
- it is no longer needed for the purposes for which it was collected; or
- you have withdrawn your consent (where the data processing was based on consent); or
- following a successful right to object (see right to object); or
- it has been processed unlawfully; or
- to comply with a legal obligation to which Vista is subject.
We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
- for compliance with a legal obligation; or
- for the establishment, exercise or defence of legal claims;
Right to restrict the processing of your personal information
You can ask us to restrict your personal information, but only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal information following a request for restriction, where:
- we have your consent; or
- to establish, exercise or defend legal claims; or
- to protect the rights of another natural or legal person.
Right to transfer your personal information
You can ask us to provide your personal information to you in a structured, commonly used, machine‑readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
- the processing is based on your consent or on the performance of a contract with you; and
- the processing is carried out by automated means.
Right to object to the processing of your personal information
You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to object to how we use your personal information for direct marketing purposes
You can request that we change the manner in which we contact you for marketing purposes.
You can request that we do not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.
We may redact data transfer agreements to protect commercial terms.
Right to lodge a complaint with your local supervisory authority
You have a right to lodge a complaint with your local data protection supervisory authority if you have concerns about how we are processing your personal information.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
To contact your data protection supervisory authority
You have a right to lodge a complaint with your local data protection supervisory authority (i.e. your place of habitual residence, place or work or place of alleged infringement) at any time. We ask that you please attempt to resolve any issues with us before your local supervisory authority.