We use cookies. See our Cookies Policy.

Privacy Policy

Last updated: 1 January 2026

1. Introduction

OnlyVistar ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit onlyvistar.com ("Website"), in compliance with the UK GDPR and the Data Protection Act 2018.

2. Data Controller

OnlyVistar is the data controller. For privacy queries: [email protected]

3. Data We Collect

  • Usage Data: IP addresses, browser type, pages visited, time on site — collected via server logs and analytics.
  • Cookie Data: Preferences stored via cookies and localStorage (see our Cookies Policy).
  • Correspondence Data: Information you provide when contacting us by email.
  • Affiliate Tracking Data: Click-through data collected for commission tracking by affiliate partners.

We do not collect sensitive personal data or payment card information.

4. How We Use Your Data

  • To operate, maintain, and improve the Website
  • To analyse traffic using aggregated, anonymised analytics
  • To respond to enquiries and provide customer support
  • To comply with legal obligations
  • To track affiliate referrals and manage commission arrangements
  • To protect the Website against fraud and security threats

5. Legal Basis for Processing

  • Legitimate Interests (Art. 6(1)(f)): For analytics and security monitoring.
  • Consent (Art. 6(1)(a)): For non-essential cookies, where you have given informed consent.
  • Legal Obligation (Art. 6(1)(c)): Where required by applicable laws.
  • Contract (Art. 6(1)(b)): To respond to your direct enquiries.

6. Cookies and Tracking

We use cookies and localStorage to enhance your experience and collect usage data. We use localStorage to remember your age verification and cookie consent. See our Cookies Policy for full details.

7. Sharing Your Data

We do not sell or rent your personal data. We may share anonymised data with analytics providers (e.g. Google Analytics), affiliate networks for commission tracking, hosting providers, and legal authorities where required by law.

8. Data Retention

We retain personal data only as long as necessary. Server log data: up to 12 months. Correspondence: up to 3 years. Anonymised analytics data may be retained longer for trend analysis.

9. Your Rights Under UK GDPR

You have the right to: access your data, rectification, erasure, restrict processing, data portability, object to processing, and withdraw consent. To exercise rights, contact [email protected]. We respond within 30 days. You may also complain to the ICO at ico.org.uk.

10. Children's Privacy

This Website is strictly for users aged 18+. We do not knowingly collect data from minors. If you believe we have collected data from someone under 18, contact [email protected] and we will delete it promptly.

11. Security

We implement appropriate technical and organisational measures to protect your data, including HTTPS connections and access controls. No method of internet transmission is 100% secure.

12. Changes & Contact

We may update this policy periodically. Changes are reflected in the "Last updated" date. For all privacy enquiries: [email protected]