This page was last updated on the date identified here

VIALTO PARTNERS PRIVACY STATEMENT

Vialto Partners is strongly committed to protecting personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights in relation to the personal data that we collect and use. It applies to personal data provided to us, both directly by individuals themselves and indirectly by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection of the personal data.

As used in this privacy statement, the terms “Vialto Partners”, “us”, and “we” refer to the Vialto Partners network and/or one or more of the entities within the Vialto Partners Network (collectively, “Vialto Entities” and each individually, a “Vialto Entity”) that may process your personal data. Each Vialto Entity in the Vialto Partners network is a separate legal entity. The “data controllers” of your personal data may be one or more of the Vialto Entities or, with respect to individuals associated with our corporate clients, may be your employer. For purposes of this Privacy Statement, “data controller(s)” refers to the entity (or entities) that determine the purposes and means for processing your personal data, or that have a similar role or status under your applicable local privacy laws and regulations (“Applicable Local Law”).

To see a list of Vialto Entities and the countries and regions in which Vialto Entities operate, please refer to the list of Vialto Entities available at www.vialto.com/about.

Vialto Partners processes personal data for numerous purposes. Our policy is to be transparent about why and how we process personal data.

To find out more about our specific processing activities, please refer to the “Our processing activities” section of this privacy statement. In addition to the information contained in the main body of this privacy statement, please refer to the section of Appendix A (Categories of Individuals about Whom We May Process Personal Data) of this privacy statement applicable to you for additional information about our collection, use and retention of your personal data. Additionally, if relevant to you, please refer to Appendix B (Jurisdiction Specific Provisions) of this privacy statement for additional information that may apply to you based on the jurisdiction in which you reside.

Your Applicable Local Law may require us to set out in this privacy statement the legal grounds on which we rely in order to process your personal data. In such cases, we may rely on one or more of the following legal grounds (in each case, to the extent it is a valid legal ground under the Applicable Local
Law):

• our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses and the legitimate interests of our clients in receiving professional services from us as part of running their organisation (provided these do not interfere with your rights);
• our legitimate interests in developing and improving our businesses, services and offerings and in developing new Vialto Partners technologies and offerings (provided these do not interfere with your rights);
• to satisfy any requirement of law, regulation or professional body of which we are a member (for example, for some of our services, we have a legal obligation to provide the service in a certain way);
• to perform our obligations under a contractual arrangement with you or to takes steps at your request prior to entering into a contractual arrangement with you;
• if you have consented to us processing your personal data for the relevant purpose. Given that Vialto can typically rely on another legal basis for the processing of personal data, we do not generally process personal data on the basis of consent. Consent will only serve as the legal basis for processing of personal data where (i) no other legal basis can be relied on, or (ii) where Applicable Local Law requires explicit consent to be obtained for the processing of personal data for the relevant purpose to be permitted; or
• other legal grounds for processing as defined by Applicable Local Laws.

If we process your personal data, your personal data may be transferred to, and stored outside of, the country where you are located. The country(ies) to which your personal data is transferred or in which your personal data is stored may not have laws that provide specific protections for personal data or may not have laws that provide an equivalent level of protection for personal data as the Applicable Local Laws of the country in which you are located, and your personal data may be subject to access by the courts, law enforcement or national security authorities of such jurisdiction.

For details of Vialto Entity locations, please see  www.vialto.com/about.

We may share personal data with other Vialto Entities where necessary in connection with the purposes described in this privacy statement. For example, when providing professional services to a client, we may share personal data with Vialto Entities in different territories that are involved in providing services to that client.

We may transfer or disclose the personal data that we collect to third party vendors, contractors, subcontractors, and/or their subsidiaries and affiliates. Third parties support the Vialto Partners network in providing our services and help provide, run and manage our IT systems. Examples of third parties that we may use include, without limitation, providers of: identity management, data hosting and storage services, email hosting, website hosting and management, cookie management, SMS and email communication tools and platforms, data analysis, data backup, security, cloud storage services, customer service request management, document management, secure file transfer services, customer relationship management services and vendor management services. The servers powering and facilitating our IT infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.

Our third party providers may use their own third party subcontractors or vendors that have access to personal data (sub-processors). It is our policy to use only third party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal data only as instructed and/or agreed in writing by Vialto Partners, and to flow those same obligations down to their sub-processors.

We may also disclose personal data under the following circumstances:

• to our professional advisers (such as law firms, auditors, consultants or other professional advisors) as necessary to establish, exercise or defend our legal rights, obtain advice or as otherwise necessary or relevant in connection with the running of our business. Personal data may be shared with these advisers as necessary in connection with the services they have been engaged to provide;
• when explicitly requested by you;
• where your employer has retained Vialto to provide professional services to you, we may disclose personal data to your employer (or any affiliate thereof if requested by your employer);
• when required to deliver publications or reference materials requested by you;
• when required to facilitate conferences or events hosted by a third party;
• to law enforcement, regulatory and other government agencies and to professional bodies, as required by and/or in accordance with applicable law, regulation or our professional obligations. Vialto Partners may also review and use your personal data to determine whether disclosure is required or permitted;
• where our services are being transitioned to a new provider, to your employer to facilitate such transition or directly to such new provider; or
• in connection with a corporate reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or capital (a “Corporate Event”), we may disclose your information to the acquiring entity or the target entity, as applicable, and to our consultants, outside counsel and other advisors assisting in such Corporate Event.

To find out more about our processing activities, please go to the sections of Appendix A (Categories of Individuals about Whom We May Process Personal Data) and Appendix B (Jurisdiction Specific Provisions) to this privacy statement below that are relevant to you and your Applicable Local Law(s).

Marketing includes any communications about Vialto Partners products and services. If you opt into any subscriptions, you will receive automated emails when content is updated. If you opt into any newsletters, you will receive curated emails known as newsletters. If you select any preferences such as issues, topics, subjects or industries, you may receive email communications related to those self-selected topics.

Where we are legally required to obtain your explicit consent to send you marketing materials, we will only provide you with such marketing materials if you have provided consent for us to do so.

We retain contact information (including name and email address) on our mailing lists until an individual unsubscribes from our mailing lists. If you unsubscribe from our mailings, we may retain limited information sufficient to identify you so that we can honour your opt out request.

Vialto Partners does not sell personal information to third parties for consumer marketing purposes.

You can at any time contact us to request that we stop sending you email marketing communications. If you want to unsubscribe from mailing lists or any registrations, you should look for and follow the instructions we have provided in the relevant communications to you.

If you wish to no longer receive only certain communications, please identify such communications in your request.

We have implemented appropriate and generally accepted standards of technology and operational security designed to protect personal data from loss, misuse, alteration or destruction. Only authorised persons are provided access to personal data, and such individuals have agreed to maintain the confidentiality of personal data.

Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to or by us.

You may have certain rights under your Applicable Local Law in relation to the personal data we hold about you. Where applicable, for additional information on rights that may be available to you under your Applicable Local Law, please refer to the section of Appendix B (Jurisdiction Specific Provisions) applicable to you.

In particular, depending on your Applicable Local Law, you may have a legal right to:

• obtain confirmation as to whether we process personal data about you, receive a copy of your personal data and obtain certain other information about how and why we process your personal data;
• request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your address) and to have incomplete personal data completed;
• request deletion of your personal data;
• restrict the processing of your personal data;
• object to the processing of your personal data;
• data portability;
• withdraw consent.

Where we process personal data based on consent, individuals have a right to withdraw consent at any time by contacting us at [email protected]. If you consider that the processing of your personal data infringes the law, you may have certain rights available to you under your Applicable Local Law, including but not limited to the right to lodge a complaint with the applicable data protection regulatory authority responsible for enforcement of data protection law in the country where you normally reside or work, or in the place where the alleged infringement occurred.

To find out more about what legal rights you may have in relation to your personal data, please go to the section of Appendix B (Jurisdiction Specific Provisions) to this privacy statement below that is relevant to you, to the extent applicable to you.

To exercise the rights described above, to the extent applicable to you, please
submit a verifiable request to us at [email protected].

We may use artificial intelligence (“AI”) technology such as analytics, machine learning and generative AI (“AI Technologies”) (i) to improve and enhance our services, tools and offerings, (ii) to provide insights to our clients, (iii) for
content generation for marketing, (iv) for product development and research, (v) for time-saving tasks, or (v) for other legitimate activities. Any such use of AI Technologies shall adhere to and be in accordance with applicable laws and regulations and Vialto’s applicable policies and processes to ensure best practices for the use of such AI Technologies.

We may update this privacy statement at any time by publishing an updated version on this webpage. To make you aware of when changes to this privacy statement were made, we will amend the revision date at the top of this page when we make changes. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to review this privacy statement periodically to be informed about how we are protecting your information.

• Please submit requests (including requests to exercise the rights set forth under Section 7 of this privacy statement) or enquiries about your personal data to: [email protected]
• Depending on the jurisdiction in which you reside, you may also submit enquiries about your personal data to our Data Protection Officer (DPO) (or individual or entity serving in a similar role). Please refer to Appendix C (Data Protection Officer Details) for additional details regarding the jurisdictions in which we leverage a DPO (or similar role).

Please find Appendix A (Categories of Individuals About Whom We May Process Personal Data) here.
Please find Appendix B (Jurisdiction Specific Provisions) here.
Please find Appendix C (Data Protection Officer Details) here.