07380 347857
View Services
Roof Monitoring Programme

Legal

Privacy Policy

VistaFly – Commercial Roof & Asset Inspections by Drone (United Kingdom).

1. Introduction

1.1 This Privacy Policy explains how VistaFly (“we”, “us”, or “our”) collects, uses, stores, and protects personal data when you use our website, request a quote, or engage us for commercial roof and asset inspections by drone in the UK.

1.2 We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Any personal data we process is handled lawfully, fairly, and transparently.

1.3 By using our website or services, you accept this Privacy Policy. If you do not agree with it, you should not use our services.

2. What personal data we collect

2.1 We may collect the following information from you:

  • Identity and contact details: name, job title, company name, email address, phone number, and postal address.
  • Business information: details about your property or site (e.g., site address, building type, purpose of inspection).
  • Technical and usage data: IP address, browser type, device information, and how you use our website (e.g., pages visited, enquiry forms completed).
  • Audio-visual data: images and videos captured by our drones during inspections, which may include incidental views of people or private property.

2.2 Any personal data captured by our drones (such as images or videos of identifiable individuals or private property) is also treated as personal data under UK GDPR and is subject to the principles below.

3. How we use your personal data

3.1 We use your personal data for the following purposes:

  • To provide, plan, and carry out roof and asset inspection services (including communication, site planning, and report delivery).
  • To respond to enquiries, quotes, and bookings.
  • To send service-related information (e.g., inspection updates, reports, or reminders).
  • To manage invoices, payments, and financial records.
  • To improve our website and services, including analysing usage patterns.
  • To comply with legal and regulatory obligations, including aviation and safety requirements.

3.2 For audio-visual data captured during inspections, we use such data solely for:

  • Delivering the inspection service and producing the report.
  • Internal quality assurance, training, and system improvement (where privacy-protective measures are applied, such as anonymisation or blurring where appropriate).

4. Legal basis for processing

4.1 We rely on the following lawful bases for processing your personal data under UK GDPR:

  • Performance of a contract: to provide our inspection services and related communications.
  • Legitimate interests: to manage our business, improve our services, and maintain security and fraud prevention, provided your rights do not override our interests.
  • Compliance with legal obligations: to meet regulatory, tax, insurance, and safety requirements.
  • Consent: where we obtain your explicit consent for additional uses (e.g., marketing or sharing anonymised case studies).

4.2 Where drone-captured images or videos include personal data, we will only process that data where it is necessary, proportionate, and compatible with the purpose of the inspection, and where appropriate safeguards are in place.

5. How we share your data

5.1 We may share your personal data with:

  • Service providers who assist us (e.g., payment processors, cloud-storage providers, or specialist software providers), under written data-processing agreements.
  • Regulators, authorities, or courts where required by law (e.g., tax, insurance, or safety investigations).
  • Insurance or legal advisors when necessary for claims, disputes, or compliance.

5.2 We do not sell or rent your personal data to third parties for marketing or unrelated commercial purposes.

5.3 Any third parties receiving your data must protect it in line with UK GDPR and only use it for the purposes we specify.

6. Data security and retention

6.1 We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, or damage. This includes:

  • Limiting access to staff and contractors who need it for their role.
  • Using secure storage and transmission methods (e.g., encrypted cloud storage where applicable).
  • Regularly reviewing our security and data-protection practices.

6.2 We retain your personal data only for as long as necessary:

  • For contract and financial records, typically up to 6 years to meet accounting, insurance, and legal requirements.
  • For inspection reports and drone-captured data, only as long as required by the contract or your instructions, unless legal or regulatory reasons require longer retention.

6.3 When data is no longer required, we will securely delete or anonymise it in line with our data-retention policies.

7. Your data protection rights

7.1 Under UK GDPR, you have the right to:

  • Request access to the personal data we hold about you.
  • Require correction of inaccurate or incomplete data.
  • Request erasure of your data in certain circumstances (also known as “right to be forgotten”).
  • Request restriction of processing or objection to processing where it is based on legitimate interests.
  • Withdraw consent for any purpose where consent is the legal basis.

7.2 To exercise any of these rights, please contact us using the details set out in Section 10. We will respond within one month, or as otherwise required by law.

7.3 We may ask you to verify your identity and, where applicable, charge a reasonable fee or refuse excessive or unfounded requests in line with UK-data-protection regulations.

8. Drone-capture and privacy safeguards

8.1 We aim to minimise incidental capture of personal data during drone operations and only record areas necessary for the inspection. Where unavoidable, we apply reasonable privacy-protective measures, such as:

  • Avoiding unnecessary filming of people or private property.
  • Blurring or anonymising identifiable individuals in reports or shared materials where appropriate.

8.2 We may carry out Data Protection Impact Assessments (DPIAs) for high-risk or unusual drone-inspection projects, in line with ICO guidance.

8.3 If you believe that drone-captured footage or images of you or your property have been used inappropriately, you may contact us to raise a concern or request deletion or restriction of that data, where permissible.

9. Transfers and international data

9.1 Data may be stored or processed in the UK or within the European Economic Area (EEA), using providers that comply with UK GDPR-equivalent standards.

9.2 If data is transferred outside the UK/EEA, we will ensure appropriate safeguards are in place (e.g., standard contractual clauses) unless exceptions apply under UK-data-protection law.

10. Contact details and changes to this policy

10.1 For any questions about this Privacy Policy or your data-protection rights, please contact:

  • Name/Company: VistaFly
  • Email: info@vistafly.co.uk
  • Postal address: 82A James Carter Road, Mildenhall, United Kingdom, IP28 7DE

10.2 We may update this Privacy Policy from time to time to reflect changes in law, our services, or our practices. When we do so, we will publish the updated version on our website and, where required, notify you of significant changes.