Merchant Privacy Notice

Last updated: August 2024

This website is operated and provided by Volt Technologies Holdings Limited (“Volt“, “we“, “us“, “our“) having its registered office at 42 Berners Street, London W1T 3ND.

1. INTRODUCTION

Welcome to Volt’s general privacy notice (“Privacy Notice“). Volt respects your privacy and is committed to protecting your personal data.

This Privacy Notice explains what personal data Volt collects from you, or that you provide to us, what we will use it for and with whom we share that information. The notice also sets out your rights and who you can contact for more information. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. Where you are a consumer/end-user of Volt’s payment services, we process your data in accordance with our End User Privacy Notice.

In this Privacy Notice the term “Data Protection Legislation” means all applicable legislation relating to privacy or data protection in force from time to time, including the EU General Data Protection Regulation (“GDPR“) and the GDPR as it forms part of the domestic law of the United Kingdom. Please note that some privacy rights and obligations may differ in certain locations based on applicable local data protection laws. We have included supplemental information for certain jurisdictions as addendums to this Privacy Notice.

2. WHO DOES THIS PRIVACY NOTICE APPLY TO?

This Privacy Notice applies to:

Website Users: individual visitors to the Volt website.
Volt Partners and Merchants: employees or other representatives of Volt Partners and Merchants with whom we have a business relationship.
Any other individuals with whom we may have a business relationship: which may include suppliers of Volt, or employees or other representatives of Volt suppliers with whom we have a business relationship.

References to “you“, and “your” are references to Volt’s Website Users, Partners or Merchants or any other individual with whom we may have a business relationship (each as applicable in the circumstance).

3. CHANGES TO THIS PRIVACY NOTICE

Any changes we make to this notice in the future will be posted on this page of the Volt website. We strongly encourage users to check our Privacy Notice each time they use the Volt website. However, any material changes to this Privacy Notice will be notified through an appropriate method.

4. CONTROLLER

Volt is a controller of your personal data, which means we decide how to process your personal data and have certain responsibilities in relation to your personal data. Personal data means any information that can be directly or indirectly related to you.

5. HOW WE COLLECT YOUR PERSONAL DATA

We may collect your data in different ways as follows:

Information you give to us:

When you, or your employer, applies for Volt’s products or services you may provide us with information about you by completing and submitting your application form, or providing your authentication details for our digital products such as copies of identity documentation. You or your employer may also provide us with information when you contact us, subscribe for marketing purposes or give us feedback (including when you report a problem with our website).

Information we automatically collect about you:

As you interact with our website or digital product, we automatically collect technical data about your equipment, browsing/usage and patterns. This includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies. Please see our Cookies Policy, which explains what cookies are, which cookies we use and what information they collect, for further information on this.

Information provided to us by third parties:

We may receive personal data about you from various third parties and public sources including:

where you are an employee of a Volt Partner or Merchant, we may receive information from your employer relating to your role, responsibilities and access permissions for the Volt products and services we provide;
technical data such as internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website from analytics providers and advertising networks;
identity data including first name, last name, title, date of birth; and contact information including your current residential address, previous addresses, email address and telephone numbers from brokers, aggregators and publicly available sources (such as Companies House and the Electoral Register); and
where you are an owner or director of a Volt Partner or Merchant we may collect commercial data including percentage ownership of the company (including beneficial ownership), financial details including source of funds, political exposure and any information that is relevant to sanctions as part of our anti-money-laundering and know your customer checks.

6. PERSONAL DATA WE COLLECT

The personal data we process may include:

Website Users
Communication Data	Personal data that you, or your employer, provide to us when you contact us, for example your name, job title, contact details (residential address, email address and telephone number), details of your query and any extra information that you choose to tell or provide to us.
Device and Web Data	Online identifiers (including IP address), device information and information about your visit to our website (including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page).
Partners, Merchants and other individuals with whom we have a business relationship
Business Contact Data	Your name, job title, work contact details and any other details that you may choose to provide to us.
Identification Data	Copies of identity documents and proof of address and date of birth. To the extent you are an owner or director of a Volt Partner of Merchant, information relating to corporate ownership, background check results (including criminal offence data) and any other information that may be required for AML or KYC purposes.
Business Financial Data	Bank account information.

7. HOW WE USE YOUR PERSONAL DATA

Data Protection Legislation requires that we process your personal data for purposes that we tell you about and only where we have a lawful basis to do so. The below table sets out our purposes of processing, the lawful basis of processing we rely on, and the personal data processed for that purpose.

Purpose of processing	Lawful basis of processing	Personal Data
Website Users
To provide you with a safe, smooth, efficient, and customised experience on our website	Our legitimate interests (to provide, run and administer our website)	Communication Data, Device and Web Data
To ensure that the content on our website is presented in the most effective manner for you and your device	Our legitimate interests (to provide you with content relevant to you in the most optimum format)	Device and Web Data
To provide you with the information and services that you request from us	Our legitimate interests (to run and administer our business, to provide you with information you have requested or to respond to queries from you)	Communication Data
To monitor use of our website and use your information to help us monitor, improve and protect our services, including asking you to leave reviews or take surveys related to our products or services	Our legitimate interests (to run and administer our website and to evaluate, develop and improve our services)	Communication Data, Device and Web Data
To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes	Our legitimate interests (to run and administer our website and to evaluate, develop and improve our services)	Device and Web Data
As part of our efforts to keep our website safe and secure	Our legitimate interests (to maintain the security of our website)	Device and Web Data
To place cookies or use similar technologies to read information on your device for non-essential purposes as further set out in our Cookies Policy	Where you have provided us with your consent to do so	Device and Web Data
Partners and Merchants
To maintain our relationship with you or your employer (including to communicate with you, enter into a contract with you, provide customer service and respond to complaints)	Our legitimate interests (to be able to administer our relationship with individuals with whom we have a business relationship and for the operation of our business) Necessary for performance of a contract with you	Business Contact Data, Identification Data
To manage payments, fees and charges	Necessary for performance of a contract with you	Business Contact Data, Business Financial Data
To collect and recover money owed to us	Necessary for performance of a contract with you	Business Contact Data, Identification Data, Business Financial Data
To confirm your identity for the purposes of security and fraud prevention	Necessary for performance of a contract with you	Business Contact Data, Identification Data, Business Financial Data
To send you marketing communications in line with your specified preferences.	Our legitimate interests (to market our services to you) where your consent is not required	Business Contact Data
To assess and improve our services	Our legitimate interests (to evaluate, develop and improve our services)	Business Contact Data
To defend or establish legal claims	Our legitimate interests (to defend or establish legal claims) Where we are required to do so to comply with our legal obligations	Business Contact Data, Identification Data, Business Financial Data
To discharge our obligations as a regulated financial service provider including ‘know your customer’ checks, anti-money-laundering checks, politically exposed persons checks, sanctions checks	Where we are required to do so to comply with our legal obligations	Business Contact Data, Identification Data, Business Financial Data
Tax and financial reporting	Where we are required to do so to comply with our legal obligations	Business Contact Data
To respond to requests by government or law enforcement authorities conducting an investigation	Where we are required to do so to comply with our legal obligations	Business Contact Data, Identification Data, Business Financial Data
Other individuals with whom we have a business relationship
To maintain our relationship with you or your employer	Our legitimate interests (to be able to administer our relationship with individuals with whom we have a business relationship and for the operation of our business)	Business Contact Data
To issue or pay invoices	Necessary for performance of a contract with you	Business Financial Data
Tax and financial reporting	Where we are required to do so to comply with our legal obligations	Business Contact Data
To respond to requests by government or law enforcement authorities conducting an investigation	Where we are required to do so to comply with our legal obligations	Business Contact Data, Identification Data, Business Financial Data

8. SHARING YOUR PERSONAL DATA

Personal Data	Who we share it with	Our reason for sharing
Website Users
Communication Data	Our affiliates, subsidiaries and business partners Third party service providers	To ensure your request is processed by the appropriate party in accordance with your reasonable expectations
Communication Data	Regulators or other authorities	Where we are required to do so to comply with our legal obligations
Device and Web Data	Our affiliates, subsidiaries and business partners Third party service providers	To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
Device and Web Data	Regulators or other authorities	Where we are required to do so to comply with our legal obligations
Volt Partners and Merchants
Business Contact Data	Our affiliates, subsidiaries and business partners	To provide joint content and services
		To improve our products and services
		To send you marketing communications in line with your specified preferences
	Third party service providers	To provide our services
		To improve our products and services
		Where you have indicated that you wish for us to receive communications from third party service providers
	Professional advisors, such as accountants, lawyers or auditors Regulators or other authorities	Where we are required to do so to comply with our legal obligations or to defend or protect our rights
	Third parties as part of a corporate transaction	As part of a corporate transaction, for example if it is proposed that we are to merge with or be acquired by another business in the future
Identification Data	Our affiliates, subsidiaries and business partners	To provide joint content and services
	Third party service providers	To complete “Know Your Customer” services and anti-money laundering checks
	Third party service providers	To provide our services
	Professional advisors, such as accountants, lawyers or auditors Regulators or other authorities	Where we are required to do so to comply with our legal obligations or to defend or protect our rights
Business Financial Data	Our affiliates, subsidiaries and business partners Third party service providers	To provide our services
Business Financial Data	Professional advisors, such as accountants, lawyers or auditors Regulators or other authorities	Where we are required to do so to comply with our legal obligations or to defend or protect our rights
Other individuals with whom we may have a business relationship
Business Contact Data and Financial Data	Our affiliates, subsidiaries and business partners Third party service providers	To maintain our relationship with you
	Professional advisors, such as accountants, lawyers or auditors Regulators or other authorities	Where we are required to do so to comply with our legal obligations or to defend or protect our rights
	Third parties as part of a corporate transaction	As part of a corporate transaction, for example if it is proposed that we are to merge with or be acquired by another business in the future

9. INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA

We may transfer your personal data to a recipient based in a country outside of the UK and/or European Economic Area (“EEA“).

Where we do so, we will ensure that such transfer is in accordance with our obligations under Data Protection Legislation. For example, a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is in place.

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission and/or equivalent authorities in the United Kingdom as applicable, or with whom we have put in place appropriate measures to ensure that data is adequately protected. These measures will usually include use of approved standard contractual clauses.

In case we actually initiate such a transfer the information about it will be here, we will indicate, among other things, its purpose and recipient of the data.

Please contact us if you want further information on the topic.

10. HOW LONG WILL WE KEEP YOUR PERSONAL DATA FOR?

We will only keep your personal data for as long as it is required for the purposes for which it was collected, or as required to comply with applicable law or to defend or enforce our legal rights.

11. LINKS TO OTHER SITES

The Volt website may contain links to other websites. Volt is not responsible for the privacy policies of third party websites to which links are provided. You should check the privacy policies on these sites before providing any personal data.

12. HOW WE PROTECT YOUR PERSONAL DATA

We take your online security seriously and maintain appropriate physical, organisational and technical measures so as to prevent any loss, misuse, unauthorised access, disclosure or modification of your personal data.

Please note, however, that the transmission of information via the Internet is not completely secure and we cannot guarantee the security of your personal data transmitted to us or provided though the Volt website.

13. YOUR LEGAL RIGHTS

You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine-readable format.

Where we have asked for your consent, you may withdraw consent at any time, although this will not affect any processing which has already taken place at that time and we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests.

In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing). You can ask us to stop sending you marketing messages at any time by following the unsubscribe links on any marketing message sent to you or by contacting us. Where you opt out of receiving these marketing messages, this will not affect our processing of data for other purposes (see above).

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where it would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in both the GDPR and in the Data Protection Act 2018. We will inform you of relevant exemptions we rely upon when responding to any request you make.

To exercise any of these rights, you can get in touch with us, or make a complaint, by emailing dpo@volt.io.

Where we process your data for the purpose of entering or performing a contract with you, certain data is mandatory for that purpose. Any information provided to facilitate a payment you have requested is therefore mandatory, as well as any information which we are required to collect for regulatory reasons, for example, for anti-money laundering checks. Where provision of data is mandatory, if relevant data is not provided, then we will not be able to fulfil your requests to register, initiate payments or otherwise engage with Volt. All other provision of your information is optional.

14. RIGHT TO COMPLAIN

You also have the right to complain to the regulator about Volt’s information rights procedures. In the UK, the relevant regulator is the ICO and you can make your complaint via the ICO’s website here. Alternatively, where you are in the EU, you may contact our lead Supervisory Authority – the UODO – and you can make your complaint via their website here. Where you are in Brazil, you may contact the ANPD using the contact details listed in the Brazil Addendum. Where you are in Australia, you may contact the Office of the Australian Information Commissioner using the contact details listed in the Australia Privacy Policy.

We would, however, appreciate the chance to deal with your concerns directly so please contact us in the first instance.

15. CONTACT DETAILS

If you have any questions, comments or requests regarding this Privacy Notice, including any requests to exercise your legal rights, please contact us using the details set out below. You may also use these contact details if you wish to make a complaint to us relating to your privacy.

Our contact details are as follows:

Full name of legal entity: Volt Technologies Holdings Limited
Email: dpo@volt.io
Postal address: 12 Melcombe Place, London, England, NW1 6JJ

Addendum 1: Australia Addendum

Last updated: May 2024

1. APPLICABILITY

This Australia Addendum (“Australia Addendum”) supplements Volt Technologies Holdings Limited’s (“Volt”, “we”, us” and “our”) Staff Privacy Notice (”Privacy Notice”), to the extent that the Privacy Act 1988 (Cth) (”Australian Privacy Act”) applies in relation to our processing of personal data. In case of any inconsistences between this Australia Addendum and the Privacy Notice, this Australia Addendum prevails.

2. PERSONAL DATA UNDER THE AUSTRALIAN PRIVACY ACT

In this Australia Addendum and in the Privacy Notice, in relation to the processing of personal data governed by the Australian Privacy Act, “personal data” has the same meaning as “personal information” as defined in the Australian Privacy Act.

The concept of a “controller” does not exist under the Australian Privacy Act.

3. SHARING OF PERSONAL DATA OVERSEAS

We generally collect and store your personal data in Australia. However, we may share your personal data with our service providers and related bodies corporate located overseas, including in the United Kingdom, Netherlands, Poland, Germany and Brazil.

We only ever share your personal data outside of Australia where we are permitted to do so under applicable personal data protection laws. Generally this means we will take reasonable steps to ensure your personal data is treated securely and in accordance with applicable privacy laws, or with your consent.

4. HOW TO ACCESS OR SEEK CORRECTION TO YOUR PERSONAL DATA

Some of the rights set out in the Privacy Notice only apply under the GDPR or other foreign privacy laws, and do not apply under the Australian Privacy Act.

However, you are entitled to request access to any of your personal data that we collect, or to request that any of the personal data that we hold about you is corrected. To make such a request, please contact us at dpo@volt.io.

We may decline your request to access or correct your personal data in certain circumstances in accordance with the Australian Privacy Act. If we do decline your request, we will provide you with a reason for our decision.

5. HOW TO MAKE AN ENQUIRY OR COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL DATA

If you have any questions or concerns about this Australia Addendum or how we have handled your personal data, you may contact us at dpo@volt.io.

Please also contact us if you have a complaint about privacy. If you make a complaint about privacy, the following will occur:

No.	Step
1.	We will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve it. We will generally respond to your complaint within a week.
2.	If your complaint requires more detailed consideration or investigation: we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly; and we may ask you to provide further information about your complaint and the outcome you are seeking.
3.	We will then typically gather relevant facts, locate and review relevant documents and speak with the individuals involved.
4.	In most cases, we will respond to your complaint within 30 business days from when we receive your complaint. If the matter is more complex or our investigation may take longer, we will let you know.

If you are not satisfied with our response to a complaint, or you consider that we may have breached the Australian Privacy Act (including the Australian Privacy Principles), you are entitled to make a complaint to the Office of the Australian Information Commissioner (the Australian privacy regulator).

The Office of the Australian Information Commissioner can be contacted by telephone on 1300 363 992, or you can fill out this form to make a complaint about our handling of your personal data. Full contact details for the Office of the Australian Information Commissioner can be found online here.

Addendum 2: Brazil Addendum

1. APPLICABILITY

This section will apply for personal data processing activities performed by Volt for the Brazilian market, which includes any processing activity (i) carried out in Brazil, (ii) aimed at offering or providing goods or services or processing data of individuals located in Brazil, or (iii) collected in Brazil. In this context, any personal data processing activities will be carried out in accordance with the laws of Brazil, including the Marco Civil da Internet, Federal Law No. 12.965/2014 (“MCI”) and the General Data Protection Law, Federal Law No. 13.709/2018 (“LGPD”).

For the avoidance of doubt, matters not addressed in this section should be referred to the general Privacy Notice above.

2. INTERNATIONAL TRANSFERS

Some of the third parties who will receive your data are based outside Brazil. The countries receiving the data that we transfer may not offer adequate levels of personal data protection under applicable regulations. In such cases, Volt will take appropriate steps to ensure that recipients of your personal data are bound to duties of confidentiality and implement appropriate measures to ensure your personal data will remain protected in accordance with Volt Consumer Privacy Notice, such as standard contractual clauses or other mechanisms provided for in the applicable law.

The services provided by Volt require the support of a technological infrastructure, such as servers and cloud services, which may be provided by third parties. Some of this infrastructure may be established outside Brazil.

3. YOUR LEGAL RIGHTS

You have the following data protection rights, which you can exercise at any time by contacting us by email (dpo@volt.io) or postal address (Rua Dr. Virgílio de Carvalho Pinto, No. 306, apt. 121, Zip Code 05415-020, São Paulo).

The right to access your personal data and confirm the existence of processing.
The right to correct, update or request anonymisation, blocking or deletion of your personal data.
The right to object to the processing of your personal data where it is based on our legitimate interests or in case of non-compliance with LGPD.
The right to ask us, in some situations, to restrict the processing of your personal data or to request portability of your personal data.
If we collect and process your personal data with your consent, you have the right to withdraw your consent at any time and request deletion of your personal data. Withdrawing your consent will not affect the lawfulness of any processing carried out prior to your withdrawal, nor will it affect processing of your personal data carried out on a legal basis other than consent.
The right to request a review of decisions based solely on automated processing, which may affect your interests.
The right to petition the National Data Protection Authority – ANPD about our collection and use of your personal data.
The right to request portability of your personal data to another service provider.
The right to request information about with whom your personal data has been shared.

We respond to all requests we receive from individuals who wish to exercise their data protection rights in accordance with applicable data protection laws. If you are aware of changes or inaccuracies in your information, you must inform us of such changes so that our records can be updated or corrected.

To exercise your rights, you or your authorised legal representative may contact us using the contact details provided above. Once we receive your request, we may verify it by requesting sufficient information to confirm your identity.

Where we process your data for the purpose of entering or performing a contract with you, certain data is mandatory for that purpose. Any information provided to facilitate a payment you have requested is therefore mandatory. Where provision of data is mandatory, if relevant data is not provided, then we will not be able to fulfil your requests to register, make a purchase or otherwise engage with Volt. All other provision of your information is optional.