How Voltnir B.V. collects, uses, and protects your personal data across the Voltnir marketing site and the customer portal — and the rights you have over it under the EU General Data Protection Regulation (GDPR).
This policy explains what personal data we process when you visit our website or use the Voltnir customer portal, why we process it, who we share it with, how long we keep it, and how you can exercise your rights. We keep it deliberately plain — Voltnir is a business-to-business product and we collect only what we need to provide it.
The data controller responsible for your personal data is:
Voltnir B.V. is established in the Netherlands. We have not appointed a statutory Data Protection Officer, as we are not required to; privacy questions are handled by the contact above.
We collect personal data that you provide directly (when you register, manage your account, license the software, or contact support) and a limited amount that is generated automatically when you use the portal (such as security logs). We do not buy personal data, build advertising profiles, or track you across other websites.
| Category | What it includes | Why we process it |
|---|---|---|
| Account & identity | Email address, password (stored only as a salted hash — we never see it), company name, contact name, job role, and country. | To create and secure your account, authenticate you, and provide the portal. |
| Billing & company | VAT number, company registration number, and billing address; invoice records (amount, currency, status). | To issue licences and invoices and to meet our accounting and tax obligations. |
| Licensing | Licence keys, the legal entity a licence is issued to, licence type and environment, and the EPEX market identifiers (account/user IDs) tied to your entitlements. | To issue, sign, and manage the software licences you hold. |
| Security & audit logs | A record of security- and account-relevant events (sign-in, password and email changes, licence reveals and downloads, etc.), each stored with your IP address and a timestamp. | To keep the service secure, detect and investigate abuse, and maintain an auditable record. We deliberately redact passwords, tokens, and keys from these logs. |
| Support | The subject and body of support tickets and any files you attach, plus our replies. | To answer your questions and provide support. Please don't include sensitive personal data in a ticket — it isn't needed. |
| Technical | The strictly-necessary cookies described in section 4, and standard server logs. | To keep you signed in, protect forms against cross-site request forgery, and operate the site securely. |
Under the GDPR we rely on the following legal bases (Article 6):
We do not carry out automated decision-making or profiling that produces legal or similarly significant effects (Article 22).
We use only strictly-necessary cookies — the kind that, under the ePrivacy rules, do not require a consent banner because the service cannot function without them. We do not use advertising or tracking cookies. For website statistics we use a privacy-friendly, cookieless analytics tool (see section 5) that sets no cookies and collects no personal data — so it too needs no consent banner. We host our own fonts; apart from that analytics tool, loading a page sends your data to no third party.
| Cookie | Purpose | Lifetime |
|---|---|---|
VOLTNIR_SESSION | Keeps you signed in during a visit and protects forms. | Until you close your browser. |
REMEMBERME | Set only if you tick “remember me” at sign-in, so you stay signed in between visits. | 30 days. |
| CSRF token | Protects forms against cross-site request forgery. | Per session / request. |
We do not sell your personal data and we do not share it for anyone else's marketing. We share it only with the service providers that help us run Voltnir, each acting as our processor under a data-processing agreement, and only as far as needed:
We may also disclose data where we are legally required to (for example, in response to a valid request from a competent authority), or to establish, exercise, or defend legal claims.
We host and process your data within the European Union / European Economic Area. Where a processor we use is located outside the EEA — for example [ name any non-EEA processor, e.g. email provider ] — that transfer is protected by an adequacy decision or by the European Commission's Standard Contractual Clauses. If none of our processors are outside the EEA, this section does not apply.
We keep personal data only for as long as we need it for the purposes above:
Under the GDPR you have the right to:
To exercise any of these, email contact@voltnir.io. We will respond within one month. You also have the right to lodge a complaint with the Dutch data protection authority, the Autoriteit Persoonsgegevens, or with the supervisory authority in your country of residence.
Security is built into the product. Among other measures: passwords are stored only as strong salted hashes; all traffic is served over HTTPS with HSTS; the site enforces a strict Content-Security-Policy that permits only our own resources and our cookieless analytics provider; access to the portal is gated and role-based; and security-relevant events are audit-logged with secrets redacted. No system is perfectly secure, but we work to protect your data in line with the GDPR's “appropriate technical and organisational measures”.
Voltnir is a professional product for businesses and is not directed at children. We do not knowingly collect personal data from anyone under 16.
We may update this policy from time to time. When we make a material change we will update the “last updated” date above and, where appropriate, notify you. The current version is always available at this page.
Questions about this policy or your personal data? Email contact@voltnir.io or write to Voltnir B.V. at the address in section 1.