VistaConnect

    Privacy Policy

    Last updated: January 2026

    1. Introduction

    This Privacy Policy explains how Data HQ Limited ("we", "us", or "our") collects, uses, and protects your personal information when you use the VistaConnect and related services.

    Data HQ Limited is a company registered in England and Wales. We are committed to protecting your privacy and handling your data in an open and transparent manner.

    2. Data Controller

    Data HQ Limited is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us:

    • Email: info@datahq.co.uk
    • Phone: 01245 807470
    • Address: Data HQ Limited, 46-54 High Street, Ingatestone, Essex, CM4 9DW
    • Company Registration: 04193862 (England and Wales)

    3. Information We Collect

    3.1 Account Information

    When you create an account on the VistaConnect, we collect:

    • Email address
    • Company name
    • Password (stored securely using industry-standard encryption)

    3.2 API Usage Data

    When you use our API services, we automatically collect:

    • API request timestamps and endpoints accessed
    • Credit usage and transaction history
    • IP addresses for security and rate limiting purposes
    • Error logs for troubleshooting

    3.3 Data You Submit

    When using our matching and enrichment services, you may submit company names, addresses, and other business information. This data is processed to provide the requested services and is not retained beyond the immediate API response unless part of a bulk enrichment job.

    4. How We Use Your Information

    We use your personal information for the following purposes:

    • Service Delivery: To provide access to the Vista API and process your requests
    • Account Management: To manage your account, authenticate access, and track credit usage
    • Billing: To process payments and maintain accurate billing records
    • Support: To respond to your enquiries and provide technical assistance
    • Security: To detect and prevent fraud, abuse, and security incidents
    • Improvement: To analyse usage patterns and improve our services
    • Legal Compliance: To comply with applicable laws and regulations

    5. Legal Basis for Processing

    We process your personal data on the following legal grounds:

    • Contract: Processing necessary for the performance of our contract with you
    • Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention and service improvement
    • Legal Obligation: Processing necessary to comply with legal requirements
    • Consent: Where you have given specific consent for marketing communications

    6. Data Security

    We implement appropriate technical and organisational measures to protect your personal data, including:

    • Encryption of data in transit (TLS/SSL) and at rest
    • Secure password hashing using industry-standard algorithms
    • API key authentication for all API requests
    • Regular security audits and vulnerability assessments
    • Access controls limiting data access to authorised personnel
    • Data hosted on secure UK-based infrastructure meeting ISO 27001 standards

    7. Data Retention

    We retain your personal data for as long as necessary to fulfil the purposes for which it was collected:

    • Account data: Retained while your account is active and for 7 years after closure for legal compliance
    • API usage logs: Retained for 12 months for analytics and security purposes
    • Bulk enrichment jobs: Results retained for 30 days, then automatically deleted
    • Billing records: Retained for 7 years in accordance with legal requirements

    8. Your Rights

    Under data protection law, you have the following rights:

    • Access: Request a copy of the personal data we hold about you
    • Rectification: Request correction of inaccurate or incomplete data
    • Erasure: Request deletion of your personal data in certain circumstances
    • Restriction: Request restriction of processing in certain circumstances
    • Portability: Request transfer of your data in a machine-readable format
    • Objection: Object to processing based on legitimate interests
    • Withdraw Consent: Withdraw consent for marketing communications at any time

    To exercise any of these rights, please contact us at info@datahq.co.uk.

    9. Third Party Sharing

    We do not sell, transfer, or otherwise disclose your personal data to third parties except:

    • To service providers who assist in operating our services (under strict data processing agreements)
    • When required by law or legal process
    • To protect our rights, safety, or property

    Our service providers include Stripe (payment processing) and Microsoft Azure (cloud hosting). These providers process data only on our instructions and are subject to strict data processing agreements.

    10. Cookies

    The VistaConnect portal uses essential cookies for authentication and session management. These cookies are strictly necessary for the operation of the service and do not track your browsing activity across other websites.

    When you make a payment, Stripe may set cookies to facilitate secure payment processing. For details on Stripe's cookie usage, please refer to Stripe's Privacy Policy.

    11. Complaints

    If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

    12. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date.

    For questions about this Privacy Policy, please contact info@datahq.co.uk