Voltx Power Ltd Privacy Policy

Last Updated: 11 June 2025

Voltx Power Ltd and its Affiliates (“Voltx Power”, “we”, “us”, or “our”) is committed to protecting the privacy and security of the personal data of the individuals (“you”, “your”, or “user”) who engage with our services. This Privacy Policy explains how we collect, use, process, disclose, preserve and safeguard personal data when you interact with us, as well as your rights and choices regarding that data.

1. Who We Are

Voltx Power Ltd is an energy supplier company registered in Great Britain (company number 11042718) with its registered office at Luminous House, 300 South Row, Milton Keynes, England, MK9 2FR. This Privacy Policy applies to all users of our services, including customers, prospects, partners, employees, and job applicants.

Data Protection Officer (DPO) and Contact Details
Our appointed DPO oversees compliance with data protection laws. For questions, concerns, or to exercise your rights regarding personal data, you may contact:

  • Email: jeevan.salke@voltxpower.co.uk
  • Mail: Data Protection Officer, Voltx Power Ltd, Luminous House, 300 South Row, Milton Keynes MK9 2FR.

If you remain unsatisfied after contacting our DPO, you may lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

2. Scope and Applicability

This Privacy Policy applies to:

  1. Business customers and their representatives, including procurement managers, finance contacts, and operations leads.
  2. Individual users of our online portals, including usernames, passwords, and multi-factor authentication tokens.
  3. Prospective customers, including those requesting quotes via our website or through third-party platforms.
  4. Employees, job applicants, contractors, and temporary workers (where applicable).
  5. Suppliers, vendors, and subcontractors who provide services to us.

3. Personal Data We Collect

We collect and process various categories of personal data as needed to operate our business and deliver services. These categories include:

  1. Business Contacts & Account Representatives
    • Names, job titles, business email addresses, telephone numbers, and postal addresses of individuals acting on behalf of customer organisations.
    • Login and authentication details for our online portals (usernames, passwords, MFA tokens).
  2. Customer Account Information
    • Customer company name, first & last name, email id, phone number, correspondence address, contract details, billing account numbers,
    • Bank account information to process direct debit payments.
    • Invoicing and payment history, including amounts charged and received.
  3. Energy Usage & Meter Data
    • Automated and manual meter readings, half-hourly consumption data (for advanced tariffs), load profile information, and any smart meter data from third-party operators.
    • meter point reference numbers (s/MPANs).
    • Aggregated usage reports and analytics derived from meter data.
  4. Customer Correspondence & Support Records
    • Emails, notes from face-to-face meetings, and other records documenting inquiries, complaints, or general support interactions.
  5. Vulnerability & Special Requirements Information
    • Information about vulnerable circumstances (e.g., sites providing care to vulnerable persons), to support continuity of supply and emergency response.
  6. Supplier, Vendor, & Contractor Information
    • Contact details, company registration numbers, invoicing information, and compliance or accreditation data (e.g., ISO certifications, health and safety information).
  7. Website & Online Platform Usage Data
    • IP addresses (in anonymised or pseudonymised form), device types, browser types and versions, operating systems, cookie identifiers, pages visited, session duration, and clickstream behaviour.
  8. Regulatory & Compliance Data
    • Proof of identity documents (passport or driver’s licence numbers), proof of address (utility bills, bank statements), and corporate ownership structure (e.g., for anti-money laundering, UK anti Bribery checks).
  9. Other Data Provided Voluntarily
    • Any additional information you provide.

4. How and Why, We Use Your Personal Data

We process your personal data for the following primary purposes, relying on applicable legal bases under UK data protection law (UK GDPR and Data Protection Act 2018).

4.1 Performing the Energy Supply Contract (Contract & Legitimate Interest)

  • Setting up new accounts or transferring supply
  • Issuing invoices, processing payments, and managing credit/debit controls
    • Data Used: Business contact details, account & billing information, energy usage & meter data.
    • Legal Basis: Contract (necessary to perform the contract); Legitimate Interest (credit checks, invoicing, collections, internal record-keeping).

4.2 Meter Installation, Operation & Maintenance (Contract & Legal Obligation)

  • Coordinating third-party meter operators for installation
  • Scheduling maintenance visits and reading services
    • Data Used: Business contact details, meter point reference numbers, scheduling & location data (e.g., premises address).
    • Legal Basis: Contract (necessary to perform the requested service); Legal Obligation (compliance with Ofgem licensing conditions, Retail Energy Code (REC)).

4.3 Customer Support & Dispute Resolution (Contract & Legitimate Interest)

  • Responding to inquiries, complaints, and billing disputes
    • Data Used: Correspondence records, customer account information, transaction & payment history.
    • Legal Basis: Contract (necessary to handle disputes); Legitimate Interest (ensure high-quality service, continuous improvement).

4.4 Fraud Prevention, Credit Control & Debt Recovery (Legitimate Interest)

  • Conducting anti-fraud checks
  • Reporting to credit reference agencies (for large corporate customers)
    • Data Used: Business contact details, financial & payment history, credit check results, transaction information.
    • Legal Basis: Legitimate Interest (prevent fraud, manage credit risk, recover debts).

4.5 Strategic Account Management & Tailored Solutions (Legitimate Interest & Contract)

  • Developing custom energy plans (e.g., renewable packages, demand response)
  • Conducting usage analysis
    • Data Used: Energy usage & consumption patterns, business contact details, customer account history, sustainability preferences.
    • Legal Basis: Legitimate Interest (optimise service delivery, design tailored offerings, advise on energy efficiency); Contract (where analysis is needed to perform requested service).

4.6 Marketing & Communications (Legitimate Interest & Consent)

  • Sending service updates, billing reminders
  • Occasional direct marketing of new tariffs, products, sustainability initiatives
    • Data Used: Business contact details (email, phone, postal address), account usage & payment history, marketing preferences.
    • Legal Basis: Legitimate Interest (essential service communications such as billing notifications); Consent (for promotional marketing materials not strictly required to perform the contract). You may withdraw consent at any time.

4.7 Website & Portal Operation, Analytics & Security (Legitimate Interest & Consent)

  • Maintaining and improving online services
  • Monitoring for and mitigating cyber threats
    • Data Used: Website usage data (IP address, device, pages visited), login credentials, security event logs.
    • Legal Basis: Legitimate Interest (ensure site functionality, improve user experience, maintain security); Consent (when strictly required for certain cookies or tracking beyond necessary cookies).

4.8 Regulatory Compliance & Legal Obligations (Legal Obligation)

  • Complying with Ofgem, HMRC, FCA, and other regulatory reporting
  • Responding to law enforcement or legal requests
    • Data Used: Customer identification data (where required), account usage data, financial transaction records.
    • Legal Basis: Legal Obligation (comply with laws, regulations, licence conditions, e.g., anti-money laundering, UK Anti-Bribery act, energy industry codes).

4.9 Business Continuity & Vulnerability Support (Legitimate Interest & Legal Obligation)

  • Identifying sites with critical functions or vulnerable populations
  • Ensuring uninterrupted supply in emergencies
    • Data Used: Vulnerability indicators, contact details, premises information.
    • Legal Basis: Legitimate Interest (protect life, safety, critical operations); Legal Obligation (respond to emergencies under health and safety regulations).

4.10 Staff Administration & HR (Contract & Legal Obligation & Legitimate Interest)

  • Payroll, onboarding, performance management (for employees and contractors)
    • Data Used: Identity documents, bank and tax information, performance records, contact details, emergency contacts.
    • Legal Basis: Contract (employment/contractor agreement obligations); Legal Obligation (payroll and tax compliance); Legitimate Interest (effective human resource management).

5. Legal Bases for Processing

Depending on the processing activity, we rely on one or more of the following lawful bases under UK data protection law:

  1. Contract: Processing is necessary to fulfil our contractual obligations when you enter into a supply agreement or related ancillary services.
  2. Legal Obligation: Processing is necessary to comply with legal requirements, such as Ofgem licence conditions, anti-money laundering regulations, or HMRC reporting.
  3. Legitimate Interests: Processing is necessary for our legitimate interests (or those of a third party), provided these interests are not overridden by your rights and freedoms. Examples include credit checks, tailored energy solutions, website improvements, and fraud prevention.
  4. Consent: In cases such as non-essential marketing communications, certain analytics cookies, or processing special categories of data (e.g., vulnerability indicators). You have the right to withdraw consent at any time (without affecting processing conducted prior to withdrawal).

6. Disclosure & Sharing of Personal Data

We may share your personal data with the following categories of recipients for the purposes outlined, ensuring all sharing is consistent with data protection laws and subject to appropriate safeguards:

6.1 Within the Voltx Group

  • Affiliate Companies (e.g., Voltx Energy Limited, Ampergia Ltd., Helios Distribution) for integrated energy services, streamlined account management, and group-wide product, pricing, and sustainability initiatives.

6.2 Third-Party Service Providers & Processors

We engage carefully vetted third parties under strict contractual obligations and data processing agreements. These include:

  • Meter Operators & Data Aggregators (Ofgem-authorised to install, read, and maintain meters; may process meter reading and consumption data).
  • Billing & Payment Processors (banks, payment gateways, credit reference agencies) for direct debits, corporate card transactions, and credit checks.
  • IT & Cloud Service Providers (e.g., Microsoft Azure) for customer portals, email infrastructure, data storage, and analytics platforms.
  • CRM & Marketing Platforms (e.g., Our IT vendors).
  • Debt Collection Agencies & Legal Advisers for recovering outstanding balances or pursuing legal remedies.
  • Professional Services (accountants, auditors, legal advisers) for statutory audits, compliance, or dispute resolution.

6.3 Regulators & Law Enforcement

  • Regulatory Bodies (e.g., Ofgem, ICO, HMRC, Industry Code Bodies) or law enforcement agencies when required to comply with licence conditions, statutory obligations, lawful requests, or to assist with investigations into fraud, theft of energy, or other illegal activities.

6.4 Industry Bodies & Market Operators

  • National Grid, ELEXON, Distribution Network Operators (DNOs), Independent Distribution Network Operators (IDNOs), and Energy Clearing Houses for balancing services, capacity auctions, or renewable certificate issuance.

6.5 Third-Party Intermediaries (TPIs) & White Label Partners

We may share your data with authorised TPIs and white-label suppliers when:

  • You engage the intermediary to act on your behalf (e.g., negotiate energy contracts, switch suppliers, manage billing queries).
  • A white-label brand (operated with Voltx Power) delivers energy services under a distinct or co-branded arrangement.
  • Sharing is necessary to facilitate onboarding, pricing, supply transfers, billing, and service provision.
  • Disclosure is legally permitted and subject to appropriate contractual safeguards, such as Data Processing Agreements requiring compliance with UK GDPR standards.
    Examples of shared data include account reference numbers, meter details (MPANs), tariff and contract information, billing and consumption history, contact information for authorised representatives, and site/supply point information relevant to quotes or energy management services.


TPIs and white-label suppliers must:

  • Demonstrate appropriate registration or accreditation (e.g., Ofgem’s TPI Code of Practice).
  • Enter into a data sharing or processing agreement with Voltx Power.
  • Process personal data only as necessary to deliver agreed services or fulfil contractual obligations.
  • Implement technical and organisational measures to ensure confidentiality and integrity of shared data.
    If you no longer wish us to share your data with a specific TPI or white-label provider, contact our DPO (Section 1). Restricting such sharing may affect service provision.

6.6 Prospective Buyers or Sellers

  • If Voltx Power (or any of its business units) is sold, merged, or reorganised, we may disclose personal data to prospective buyers or merger partners under confidentiality agreements and due diligence processes.

6.7 Other Disclosures with Consent

  • Where you explicitly authorise us, we may share your data with trade associations, consultancy firms, research partners (e.g., sustainability reports), or other authorised representatives or branches within your organisation.

7. International Transfers

Although Voltx Power is headquartered in the UK, some third-party providers, cloud services, or analytics platforms may operate servers or subcontractors outside the UK and EEA. When transferring personal data internationally, we ensure appropriate safeguards are in place:

  1. Adequacy Decisions: Transferring to countries approved by the UK government as providing adequate data protection (e.g., EU/EEA).
  2. Standard Contractual Clauses (SCCs): Contractual commitments between us and recipients to protect personal data subject to UK GDPR.
  3. Binding Corporate Rules (BCRs): Where applicable for intra-group transfers under approved schemes.

We do not otherwise transfer special category data outside the UK or EEA without your explicit consent, unless required by law.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy or to comply with legal, regulatory, or contractual obligations. Retention periods vary by data category:

Data Category

Retention Period

Customer Account & Billing Records

Minimum of 6 years from account closure (to satisfy tax, audit, and commercial record-keeping).

Meter Readings & Consumption Data

Up to 7 years for energy reporting and audit purposes; thereafter aggregated or anonymised indefinitely.

Correspondence & Support Tickets

2 years from resolution of the enquiry or complaint; longer if required for legal disputes.

Credit & Fraud Check Information

6 years from date of last transaction or until credit limits are closed, per FCA/industry guidance.

Website & Portal Logs, Security Logs

1 year (security logs), 3 years (access logs) unless longer retention is required for security audits.

Supplier & Vendor Records

6 years from contract termination (for tax and audit purposes).

Job Applicant & Recruitment Data

6 months from application decision, or up to 6 years if recruited (employee records retained per employment law).

Legal, Regulatory & Compliance Records

As required by applicable law (often up to 7 years or indefinitely for certain statutory obligations).

Marketing Consents & Preferences

Until withdrawn, plus a reasonable period to demonstrate proof of consent (up to 3 years).

After retention periods expire, we will securely delete or anonymise personal data.

9. Your Rights Under Data Protection Law

Under UK data protection legislation, you have certain rights regarding your personal data. To exercise any of these rights, contact our DPO using the details in Section 1. We will respond within one month (or longer if permitted by law) with any necessary clarifications. Your rights include:

  1. Right to Access (Subject Access Request)
    • You may request a copy of the personal data we hold about you and information on how we process it, provided free of charge in most cases.
  2. Right to Rectification
    • If you believe any personal data we hold is inaccurate or incomplete, you may request correction or completion.
  3. Right to Erasure (“Right to be Forgotten”)
    • Subject to legal and contractual constraints, you may request deletion of your personal data. We may retain certain information if required by law, necessary to defend legal claims, or maintain contractual performance.
  4. Right to Restrict Processing
    • You may ask us to suspend processing of your data in specific circumstances (e.g., while a dispute about accuracy is resolved, or if processing is unlawful but you oppose erasure).
  5. Right to Data Portability
    • Where processing is based on your consent or on contract and carried out by automated means, you may request that we provide your data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
  6. Right to Object
    • You may object to our processing of your data based on legitimate interests, direct marketing, or automated decision-making that has legal or similarly significant effects. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests or if processing is necessary to establish, exercise, or defend legal claims.
  7. Right to Withdraw Consent
    • Where processing relies on your consent (e.g., marketing emails, certain cookies), you may withdraw consent at any time. Withdrawal does not affect processing carried out before withdrawal.
  8. Right to Lodge a Complaint
    • If you believe we have not complied with data protection law, you may lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk. We encourage you to contact us first so we can address your concern directly.

10. Cookies & Online Tracking

When you visit our website (www.voltxpower.co.uk) or use our TPI or customer portals, we and our trusted partners use cookies and similar technologies to collect analytics and ensure optimal functionality. We categorise cookies as follows:

  1. Essential Cookies (Strictly Necessary)
    • Enable core site functionality (e.g., load balancing, session management, account login).
    • Cannot be disabled if you wish to browse our site, as these are fundamental to security and basic operations.
  2. Performance & Analytics Cookies
    • Collect anonymised data on how visitors interact with our site (pages viewed, time spent, error messages).
    • Help us improve site performance, fix bugs, and enhance user experience.
    • Require your consent. You may withdraw consent at any time via the cookies banner or browser settings—though disabling them may reduce functionality.
  3. Marketing & Personalisation Cookies
    • Track visitor behaviour across multiple sites to provide relevant ads and measure campaign performance.
    • May also remember your marketing preferences.
    • Only set if you opt in via our cookies banner.

Managing Cookies
You can manage or delete cookies through your browser settings. Note that disabling cookies may affect your ability to use certain site features.

11. Security & Confidentiality

Voltx Power takes appropriate technical and organisational measures to safeguard personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Measures include, but are not limited to:

  1. Encryption of personal data both in transit (using TLS/SSL) and at rest (using industry-standard encryption algorithms).
  2. Network Security Controls such as firewalls, intrusion detection/prevention systems, and secure VPNs for remote access.
  3. Access Controls based on least privilege, role-based access, and multi-factor authentication for systems containing personal data.
  4. Regular Security Audits & Penetration Testing conducted by certified third parties.
  5. Endpoint Protection on all corporate devices (anti-virus, anti-malware, full-disk encryption).
  6. Employee Training & Awareness on data protection principles, secure handling of personal data, phishing prevention, and incident reporting procedures.
  7. Incident Response Plan enabling rapid identification, containment, investigation, and notification (to impacted individuals and regulators, where required) in the event of a personal data breach.

Despite these measures, no system is entirely immune to risk. If you suspect any misuse or loss of your personal data, please contact us immediately at IT@voltxpower.co.uk.

12. Data Security for Third-Party Access

When granting third-party vendors or contractors access to personal data, we:

  1. Execute Data Processing Agreements requiring compliance with UK GDPR standards.
  2. Perform Due Diligence & Risk Assessments to confirm that third parties maintain adequate safeguards.
  3. Limit Access to only those categories of data necessary to fulfil the contracted service.
  4. Require Prompt Notification of any security incidents or data breaches.

13. Changes to This Privacy Policy

We review this Privacy Policy periodically (at least annually) to ensure it remains accurate and compliant with evolving laws and business practices. We will post any updates on this page with a revised “Last Updated” date. For significant changes affecting your rights or how we use your data, we will provide more prominent notice (e.g., email notification for affected customers).

14. Definitions

  • Affiliate: means any company or legal entity which controls a Party, or is controlled by a Party, or which is controlled by an entity which controls a Party. “Control” means the ownership, directly or indirectly, of more than fifty (50) percent of the voting rights in a company or other legal entity
  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on personal data, including collection, storage, use, disclosure, and destruction.
  • Data Controller: The entity that determines the purposes and means of processing personal data. For home energy customers, third-party TPIs, and white-label partners, Voltx Power is the data controller.
  • Data Processor: Any third party that processes personal data on behalf of the Controller (e.g., meter operators, billing processors).
  • Special Category Data: Personal data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic and biometric data, health data, or data about sex life/orientation. We do not normally collect these categories unless required for vulnerability support (e.g., health conditions).

15. Additional Information & Contact

Complaints or Questions
If you have any questions about this Privacy Policy or wish to exercise your rights, contact our DPO at Jeevan.salke@voltxpower.co.uk or by post at:

Data Protection Officer
Voltx Power Ltd.
Luminous House, 300 South Row, Milton Keynes MK9 2FR.

If you remain unsatisfied after contacting us, you may lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.