INTRODUCTION

Welcome to VOLT’s consumer privacy notice. VOLT respects your privacy and is committed to protecting your personal data.

This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you. It also describes your data protection rights, including a right to object to some of the processing which VOLT carries out. More information about your rights, and how to exercise them, is set out in the “Your legal rights” section.

This notice applies to people who use Volt to purchase goods and services. The data processing described in this notice may be limited as required by applicable law. Where you are a visitor to Volt.io or are, or work for, a partner or merchant of Volt, we process your data in accordance with our Merchant and Website Privacy Policy.

1. Important information and who we are

PURPOSE OF THIS PRIVACY NOTICE

This privacy notice aims to give you information on how VOLT collects and processes your personal data when you use our payment services, including any data you may provide through our payment portal. 

It is important that you read this privacy notice together with any other policies we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

CONTROLLER

VOLT Technologies Holdings Limited is the controller and responsible for your personal data (collectively referred to as “VOLT”, “we”, “us” or “our” in this privacy notice).

If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us at legal@volt.io.

CONTACT DETAILS

Our full details are:

Full name of legal entity: VOLT Technologies Holdings Limited

Email: legal@volt.io

Postal address: Fora, 42 Berners Street, London W1T 3ND

VOLT Technologies Holdings Limited is registered with the Information Commissioner’s Office (ICO). You have the right to make a complaint at any time to the ICO, the UK’s independent authority for data protection issues (www.ico.org.uk), or to any EU supervisory authority where you live, work or believe a breach to have taken place. We would, however, appreciate the chance to deal with your concerns directly so please contact us in the first instance.

CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

2. The data we collect about you

We use different methods to collect data from and about you, in particular:

Merchants and Banks. 

We will receive personal data about you from merchants and providers of technical, payment and delivery services based inside or outside the EU, as well as from your bank, when you make a payment using our services. In particular, this will involve information about your transaction with the merchant or provider, including a unique order reference, transaction date and the beneficiary, amount and currency of your payment. If you have provided your IBAN to the merchant, we will often be sent this. We will receive information from your bank relating to the status of this payment, including any decision to decline a payment, and your IBAN. We may also process account information provided by merchants and banks including your email address, bank name, account details including sort code, account number, whether a business or personal account, balance and currency, transaction history and analysis.

Merchants who make use of our fraud services may also share the details of individuals who they ask us to prevent using the payment services on our site and suspicious payments data. 

Direct interactions 

In order to make a payment, we ask you to provide the details of your bank, including the country of that bank. Often, we will also need to ask you for your IBAN (your international bank account number) or other unique bank details to allow us to request the payment from your bank. We also ask you to confirm transaction information passed to us by the merchant or provider.

You may also give us your name and contact details by corresponding with us by post, phone, email or otherwise, alongside the contents of your correspondence. We may also process technical data such as device ID/fingerprint or IP address.

3. How we use your personal data

We will use your personal data in the following circumstances:

  • Where we need to take steps related to the contract we are about to enter into with you or have entered into with you. This includes:
    • taking payments; 
    • communicating with you;
    • providing information about the progress of your payment to merchants, to allow them to verify that payment has been made
    • providing customer service; and
    • confirming your identity for the purposes of security and fraud prevention.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. In particular, we:
    • monitor use of our website and use your information to help us monitor, improve and protect our services;
    • personalise our services for you, such as remembering your preferred bank;
    • use your information to help us assess and improve the Volt services 
    • respond to any correspondence you may send us;
    • use information you provide as well as information which we have collected about you to investigate any complaints received from you, or from others, about our website, products or services;
    • use data in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation); and
    • use the personal data you have provided to assist our merchant customers in enforcing fraud rules they set to protect their business.
  • Where we need to comply with a legal or regulatory obligation. For example in response to requests by government or law enforcement authorities conducting an investigation.
  • Where we have obtained your consent, for example we place cookies or use similar technologies to read information on your device for non-essential purposes. On other occasions, where we ask you for consent, we will use the data for the purposes we explain at that time. Wherever we rely on your consent, you will always be able to withdraw that consent – see “Your legal rights”’ section for further information on this.  

4. Cookies and similar technologies

For information about how we use cookies and similar technologies, please refer to our Cookies Policy.

5. Disclosures of your personal data

We may have to share your personal data with the parties below for the purposes described above.

  • Other companies in the VOLT Group, who provide IT and system administration and product support services and undertake leadership reporting.
  • Third party service providers (e.g. providing fraud prevention, IT and admin support services) acting as processors who process the data under our instructions.
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities or law enforcement bodies based in the United Kingdom, the EU or elsewhere if required for the purposes above, or if mandated by law or if required for the legal protection of our or third-party legitimate interests in compliance with applicable laws.

6. International transfers

Some of the Volt Group companies and third parties who will receive your data are based outside the European Economic Area (EEA) or United Kingdom so their processing of your personal data will involve a transfer of data outside the EEA or United Kingdom.

Whenever we transfer your personal data out of the EEA or United Kingdom, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is in place.

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission and equivalent authorities in the United Kingdom, or with whom we have put in place appropriate measures to ensure that data is adequately protected. These measures will usually include use of approved standard contractual clauses.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK or EEA.

7. Data retention

Where we process information about you in connection with our contract with you and the transactions carried out through our services, including processing for verification and fraud purposes, then depending on the nature of the personal data involved, we process this data for five years from the date of the relevant transaction or five years from the date our business relationship with the relevant merchant came to an end, for legal and regulatory purposes.

Where we process your data for other purposes, such as complying with laws or defending our legal position, we process this data for as long as is necessary to fulfil that purpose.

8. Your legal rights

You have the right to ask us for a copy of your personal data; to correctdelete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine-readable format.

In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).

Where we have asked for your consent, you may withdraw consent at any time, although this will not affect any processing which has already taken place at that time and we may have other legal grounds for processing your data for other purposes, such as those set out above.

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where it would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in both the GDPR and in the Data Protection Act 2018. 

We will inform you of relevant exemptions we rely upon when responding to any request you make.

To exercise any of these rights, you can get in touch with us, or make a complaint at legal@volt.io. 

Where we process your data for the purpose of entering or performing a contract with you certain data is mandatory for that purpose. Any information provided to facilitate a payment you have requested is therefore mandatory. Where provision of data is mandatory, if relevant data is not provided, then we will not be able to fulfil your requests to register, make a purchase or otherwise engage with Volt. All other provision of your information is optional.

Brazil Privacy Notice

1. APPLICABILITY 

This section will apply for personal data processing activities performed by Volt for the Brazilian market, which includes any processing activity (i) carried out in Brazil, (ii) aimed at offering or providing goods or services or processing data of individuals located in Brazil, or (iii) collected in Brazil. In this context, any personal data processing activities will be carried out in accordance with the laws of Brazil, including the Marco Civil da Internet, Federal Law No. 12.965/2014 (“MCI”) and the General Data Protection Law, Federal Law No. 13.709/2018 (“LGPD”).

For the avoidance of doubt, matters not addressed in this section should be referred to the general Volt Consumer Privacy Notice above.

2. INTERNATIONAL TRANSFERS

Some of the third parties who will receive your data are based outside Brazil. The countries receiving the data that we transfer may not offer adequate levels of personal data protection under applicable regulations. In such cases, Volt will take appropriate steps to ensure that recipients of your personal information are bound to duties of confidentiality and implement appropriate measures to ensure your personal information will remain protected in accordance with Volt Consumer Privacy Notice, such as standard contractual clauses or other mechanism provided for in the applicable law.

The services provided by Volt require the support of a technological infrastructure, such as servers and cloud services, which may be provided by third parties. Some of this infrastructure may be established outside Brazil.

3. YOUR LEGAL RIGHTS

You have the following data protection rights, which you can exercise at any time by contacting us by email (legal@volt.io) or postal address (Rua Dr. Virgílio de Carvalho Pinto, No. 306, apt. 121, Zip Code 05415-020, São Paulo).

  • The right to access your personal data and confirm the existence of processing. 
  • The right to correct, update or request anonymization, blocking or deletion of your personal information. 
  • The right to object to the processing of your personal information where it is based on our legitimate interests or in case of non-compliance with LGPD. 
  • The right to ask us, in some situations, to restrict the processing of your personal information or to request portability of your personal information. 
  • If we collect and process your personal information with your consent, you have the right to withdraw your consent at any time and request deletion of your personal data. Withdrawing your consent will not affect the lawfulness of any processing carried out prior to your withdrawal, nor will it affect processing of your personal information carried out on a legal basis other than consent. 
  • The right to request a review of decisions based solely on automated processing, which may affect your interests. 
  • The right to petition the National Data Protection Authority – ANPD about our collection and use of your personal information. 
  • The right to request portability of your personal data to another service provider.
  • The right to request information about with whom your personal data has been shared.

We respond to all requests we receive from individuals who wish to exercise their data protection rights in accordance with applicable data protection laws. If you are aware of changes or inaccuracies in your information, you must inform us of such changes so that our records can be updated or corrected. 

To exercise your rights, you or your authorized legal representative may contact us using the contact details provided above. Once we receive your request, we may verify it by requesting sufficient information to confirm your identity.

Where we process your data for the purpose of entering or performing a contract with you, certain data is mandatory for that purpose. Any information provided to facilitate a payment you have requested is therefore mandatory. Where provision of data is mandatory, if relevant data is not provided, then we will not be able to fulfil your requests to register, make a purchase or otherwise engage with Volt. All other provision of your information is optional.