Privacy Policy

Voltheia (“we”) is committed to protecting the personal data of those we work with. This Privacy Policy explains how we collect, use, store and protect your personal data when you interact with our website, services or business communications.

We operate primarily within the United Kingdom, the European Union (including France and Ireland), and are fully committed to compliance with:

• the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018
• the EU General Data Protection Regulation (EU GDPR) — Regulation (EU) 2016/679
• the Privacy and Electronic Communications Regulations (PECR) in the UK

Our UK supervisory authority is the Information Commissioner's Office (ICO). Our EU supervisory authority is the Commission Nationale de l'Informatique et des Libertés (CNIL) in France.

Voltheia is the data controller responsible for the personal data we collect and process.

• Registered name: Voltheia
• Registered address: 53 avenue Charles de Gaulle, 92200 Neuilly-sur-Seine, France
• Contact email: contact@voltheia.com

As a B2B services company, we collect and process the following categories of personal data:

3.1 Contact and Identity Data

• Full name
• Business email address
• Business telephone number
• Job title and company name
• Business postal address

3.2 Website and Technical Data

• IP address
• Browser type and version
• Pages visited and time spent
• Cookie identifiers (see Section 8)
• Referral source

Where you enter into a commercial relationship with us, we may also process billing and account data as necessary to perform our contract. We do not store full payment card details on this website.

We process your personal data for the following purposes and on the following lawful bases:

• Business communications: To send you information relevant to your enquiry or our services. Lawful basis: Consent (where obtained) or Legitimate Interests.
• Contract performance: To fulfil our contractual obligations to you or your organisation. Lawful basis: Contract.
• Billing and invoicing: To process payments and maintain financial records where applicable. Lawful basis: Contract and Legal Obligation.
• Legal compliance: To meet our obligations under applicable law. Lawful basis: Legal Obligation.

We do not sell your personal data. We may share it with trusted third parties only where necessary, including:

• IT and hosting service providers
• Email delivery platforms
• Professional advisers such as legal and financial consultants
• Regulatory and law enforcement authorities, where required by law

Our website is hosted by Vercel and contact form enquiries are delivered by Postmark. Both providers may process personal data in the United States under appropriate safeguards, including Standard Contractual Clauses.

All third parties are required to handle your data in accordance with applicable data protection law and are bound by appropriate data processing agreements.

Where we transfer personal data outside of the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission or the UK ICO
• Adequacy decisions recognised by the UK or EU
• Binding Corporate Rules, where applicable

Personal data submitted through this website may be processed in the United States by our hosting and email providers (Vercel and Postmark), under the safeguards described above.

We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by law. In general:

• Contact and communication data: 3 years from last contact
• Contract and billing records: 7 years (UK legal requirement)
• Account data: For the duration of the account, plus 2 years after closure

When data is no longer required, it is securely deleted or anonymised.

Our website uses cookies to improve your experience. Cookies are small text files stored on your device.

We use the following categories of cookies:

• Strictly necessary cookies: Required for the website to function. These cannot be disabled.

We do not currently use analytics, marketing or preference cookies on this website. If we introduce optional cookies in future, we will update this policy and seek your consent where required.

Users in France should note that we comply with CNIL guidelines on cookies and trackers, including requirements for a clear and equally accessible means of refusing consent where optional cookies are used.

Depending on your location, you have the following rights in relation to your personal data:

• Right of access — to request a copy of the data we hold about you
• Right to rectification — to ask us to correct inaccurate or incomplete data
• Right to erasure — to request deletion of your data in certain circumstances
• Right to restriction — to ask us to limit how we use your data
• Right to data portability — to receive your data in a structured, machine-readable format
• Right to object — to object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at contact@voltheia.com. We will respond within one month of receiving your request.

If you are not satisfied with our response, you have the right to lodge a complaint with your relevant supervisory authority:

• UK: Information Commissioner's Office (ICO) — www.ico.org.uk
• France: Commission Nationale de l'Informatique et des Libertés (CNIL) — www.cnil.fr
• Ireland: Data Protection Commission (DPC) — www.dataprotection.ie

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or disclosure. These include:

• Encrypted data storage and transmission (TLS/SSL)
• Access controls and role-based permissions
• Regular security assessments
• Staff training on data protection obligations

In the event of a data breach that is likely to affect your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay, as required by law.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. Where changes are significant, we will notify you directly by email or by a prominent notice on our website.

We encourage you to review this policy periodically.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

• Email: contact@voltheia.com
• Post: 53 avenue Charles de Gaulle, 92200 Neuilly-sur-Seine, France