Privacy Policy

Version 1.1 - Effective September 2025

VistaLink Technologies Ltd ("VistaLink," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with our products, including our AI-powered hotel search engine, Caladan voice infrastructure, and Parley consumer application.

VistaLink Technologies Ltd is a company registered in England and Wales. We act as the data controller for the personal data we process. If you have any questions about this policy, please contact us at the details provided below.

1. Information We Collect

We may collect the following categories of personal data:

• Contact Information: Name, email address, and any other details you provide when contacting us through our website forms or by email.
• Usage Data: Information about how you access and use our website and services, including IP address, browser type, operating system, referring URLs, pages viewed, and the dates and times of your visits.
• Device Information: Information about the device you use to access our services, including device type, unique device identifiers, and mobile network information.
• Search and Interaction Data: Queries, preferences, and interactions with our hotel search engine and related services.
• Cookies and Tracking Technologies: Data collected through cookies, web beacons, and similar technologies as described in the Cookies section below.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain our website and services.
• To improve, personalise, and expand our services, including our AI search algorithms and voice infrastructure.
• To communicate with you, respond to enquiries, and provide customer support.
• To send you updates, marketing communications, and other information related to our services, where you have consented to receive such communications.
• To monitor and analyse usage trends to improve user experience.
• To detect, prevent, and address technical issues, fraud, and security concerns.
• To comply with legal obligations and enforce our terms of use.

3. Legal Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR), we process your personal data on the following legal bases:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
• Contractual Necessity: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legitimate Interests: Where processing is necessary for our legitimate interests, such as improving our services and ensuring security, provided these interests are not overridden by your rights.
• Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

• Service Providers: With third-party vendors and service providers who perform services on our behalf, such as hosting, analytics, and email delivery. These providers are contractually obligated to protect your data.
• Legal Requirements: If required to do so by law, regulation, or legal process, or if we believe disclosure is necessary to protect the rights, property, or safety of VistaLink, our users, or the public.
• Business Transfers: In connection with any merger, acquisition, or sale of assets, your personal data may be transferred as part of the transaction.

5. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. When personal data is no longer required, it will be securely deleted or anonymised.

7. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request correction of inaccurate or incomplete personal data.
• Right to Erasure: You may request deletion of your personal data, subject to certain legal exceptions.
• Right to Restriction: You may request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You may object to the processing of your personal data where we are relying on legitimate interests as the legal basis.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us using the details in the Contact section below. We will respond to your request within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.

8. Cookies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse site traffic. Cookies are small data files stored on your device.

• Essential Cookies: Necessary for the website to function properly. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously.
• Functional Cookies: Enable enhanced functionality and personalisation, such as remembering your preferences.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom. Where such transfers occur, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the relevant authorities, to protect your personal data in accordance with applicable data protection laws.

10. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete that information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website with a revised effective date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

VistaLink Technologies Ltd
Email: [email protected]