Privacy Policy

Get In Touch

WARMER ENERGY SOLUTIONS LTD  &  VOLTFLOW (UK) LTD 

Joint Privacy Policy 

Effective date: May 2025     |     Covers both data controllers named below 

This Joint Privacy Policy is issued by two separate but related companies who share infrastructure, systems and staff, and who process personal data for related purposes. Both companies are data controllers in their own right. 

Company Registered name Company no. Registered address 
Warmer Energy Solutions Warmer Energy Solutions Ltd 12839578 300 St Mary’s Road, Garston, Liverpool, L19 0NQ 
Voltflow Voltflow (UK) Ltd 17052607 300 St Mary’s Road, Garston, Liverpool, L19 0NQ 

Throughout this policy, “we”, “us” or “our” refers to whichever of the two companies is collecting and processing your personal data, or both where the context applies. Voltflow is the consumer-facing brand through which Warmer Energy Solutions delivers home energy installations. The two companies share the same registered office, operating systems and staff. 

This policy explains what personal data we collect, why, how long we keep it, who we share it with, and what rights you have. It covers data collected through: 

  • Our websites at www.warmerenergysolutions.co.uk and voltflow.co.uk 
  • Enquiries, quotes and consultations submitted online, by phone or in person 
  • Marketing and engagement communications sent by email (via Mailchimp) or SMS (via Twilio) 
  • Our customer management and quoting systems (Reonic, Monday.com) 
  • Automated workflows connecting our systems (Make.com) 

1.  Data we collect 

1a.  Contact and account data 

  • Name, email address, telephone number and home address 
  • Preferred contact method and details of your enquiry or request 
  • Your communications with us, including email correspondence, form submissions and call recordings where applicable 

1b.  Property and home energy data 

If you request a quote, consultation or system design, we may collect: 

  • Your property address and postcode 
  • Roof type, size, orientation, pitch and available space 
  • Satellite imagery or mapping data relating to your property, used in system design and solar modelling 
  • Current electricity usage, estimated spend and existing tariff details 
  • Whether you have or are considering solar panels, battery storage, EV charging or a heat pump 
  • Whether you own or plan to purchase an electric vehicle 
  • Your energy goals (e.g. reducing bills, storing solar energy, reducing carbon emissions, grid independence) 
  • Photographs, measurements and survey notes taken during a property visit 
  • System design and installation plans specific to your property 

1c.  Customer and transaction data 

  • Quote and proposal details, product preferences and consultation notes 
  • Installation records, warranty and compliance documentation 
  • Payment and invoicing information 
  • Aftercare and customer service records 
  • Reviews, referrals and feedback you provide 
  • Financial information where required to process a government grant or scheme application 

1d.  Data we collect automatically 

  • IP address, browser type and version, and operating system 
  • Website usage data — pages visited, referral source, time on site — collected via cookies and analytics tools 
  • Device type and identifiers 

1e.  Data we receive from third parties 

  • Lead data received from third-party lead generation partners (including Media Den and Sales Fuel) where those partners have collected your details and shared them with us as an energy installation company you may be interested in hearing from 
  • Property data from publicly available databases used to assist in preparing energy system quotes 

2.  How we use your data 

We use your personal data for the following purposes, each supported by a lawful basis under UK GDPR. 

Responding to enquiries and providing quotes 

When you contact us or submit a quote request, we use your data to respond, prepare a tailored proposal and manage the consultation process. Lawful basis: steps prior to entering a contract. 

Delivering and managing installations 

We use your data to arrange and carry out the services you have contracted with us, and to provide ongoing aftercare. Lawful basis: performance of a contract. 

Processing grant and scheme applications 

Where your installation is funded through a government scheme (such as ECO4, Warm Homes Local Grant or Warm Homes Social Housing), we share relevant data with scheme administrators. Lawful basis: legal obligation and/or performance of a contract. 

Email and SMS marketing 

We send marketing communications by email and SMS using the legitimate interests basis under UK GDPR, subject to the stricter requirements of PECR (see Section 7). We rely on the ‘soft opt-in’ under PECR Regulation 22, which permits electronic marketing to existing customers about similar products and services provided a clear opportunity to opt out was given and is available at all times. We do not send unsolicited marketing to cold contacts on a legitimate interests basis. See Section 7 for full detail. 

Improving our websites and services 

We analyse website usage data to understand how our sites are used and where they can be improved. Lawful basis: legitimate interests. 

Compliance and legal obligations 

We may process your data to comply with applicable law, respond to regulatory requests, resolve disputes and enforce our contracts. Lawful basis: legal obligation and/or legitimate interests. 

3.  Third-party processors and data sharing 

We do not sell your personal data. We use trusted third-party platforms to deliver our services, each engaged under a data processing agreement and required to process your data only on our instructions. 

Processor Purpose Data shared Location 
Reonic Solar/energy quoting and system design Name, contact details, address, energy usage data, property details EEA 
Monday.com CRM and project management Name, contact details, enquiry and job details, communication history USA – see §5 
Make.com (Integromat) Automated workflows routing data between connected systems Name, email, phone, job status as routed between systems USA/EU – see §5 
Twilio SMS communications: job updates, appointment confirmations, marketing (soft opt-in only) Mobile number, message content USA – see §5 
Mailchimp (Intuit Inc.) Email marketing and transactional email Name, email address, email engagement data USA – see §5 
Google Analytics Website traffic and usage analytics Anonymised/pseudonymised usage data, anonymised IP address USA – see §5 
Website/IT hosting providers Secure hosting of websites and business systems Technical data; personal data submitted via web forms UK/EEA 

We may also share your data with: 

  • Legal or regulatory authorities (e.g. HMRC, ICO) where required by law 
  • Grant scheme administrators and network operators where required to process a funded installation 
  • Professional advisers (lawyers, accountants, insurers) under obligations of confidentiality 
  • A purchaser or successor entity in the event of a business sale or merger, in which case you would be notified in advance 

4.  Data received from lead generation partners 

We receive enquiry data from third-party lead generation companies including Media Den and Sales Fuel. These companies collect your personal data directly and share it with energy installation companies where you have indicated interest in home energy products. 

When we receive your data from a lead partner, we will: 

  • Contact you in relation to the enquiry or interest you expressed 
  • Handle your data in accordance with this Privacy Policy from the point we receive it 
  • Treat you as a prospective customer; you become an existing customer once a contract is formed, at which point our soft opt-in marketing basis may apply 

If you are unsure how a lead partner originally collected or shared your data, you should refer to their own privacy policy. 

5.  International transfers of personal data 

Monday.com, Make.com, Twilio, Mailchimp and Google Analytics are based in or route data through the United States, which does not benefit from a UK adequacy decision. Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, specifically: 

  • UK International Data Transfer Agreements (IDTAs): We rely on IDTAs — the UK equivalent of Standard Contractual Clauses — with US-based processors where required. 
  • EU-US Data Privacy Framework: Where applicable, processors hold DPF certification. 
  • Processor contractual safeguards: All processors are required by contract to maintain appropriate security and limit onward transfers. 

You can request a copy of the relevant safeguards by contacting us at the details in Section 12. 

6.  How long we keep your data 

Data category Retention period Reason 
Enquiry / lead data (no installation) 12 months from last contact Follow-up window; deleted if no contract is formed 
Customer contract and installation records 6 years from completion Statute of limitations; warranty and legal obligations 
Grant and scheme application data 7 years from completion HMRC and scheme administrator requirements 
Marketing suppression / opt-out records Indefinitely To prevent re-contact of individuals who have opted out 
Email engagement data (Mailchimp) Duration of active relationship + 1 year Analytics; suppression list management 
SMS opt-out records (Twilio) Indefinitely Compliance with PECR; prevent re-contact 
Website analytics data 26 months (Google Analytics default) Performance analysis; anonymised thereafter 
Call recordings (where applicable) 6 months from recording date Quality assurance and dispute resolution 
Accounting and financial records 6 years from financial year end Legal and HMRC obligation 

When data is no longer required, we securely delete or anonymise it. 

7.  Marketing communications — email and SMS 

Important: The Privacy and Electronic Communications Regulations 2003 (PECR) govern unsolicited electronic marketing in the UK and are stricter than UK GDPR. Legitimate interest under UK GDPR does not override PECR. We comply with both. 

PECR compliance note: We rely on the ‘soft opt-in’ under PECR Regulation 22 for email and SMS marketing. This means we contact existing customers about similar products or services. We do not send electronic marketing to individuals who have not had a prior commercial relationship with us unless they have given explicit consent. If you received a marketing message from us and do not consider yourself an existing customer, please contact us immediately and we will remove you from our list. 

7a.  The soft opt-in basis (existing customers) 

Under PECR Regulation 22, we may send marketing by email or SMS to existing customers where: 

  • We collected your contact details in the course of a sale or enquiry for our products or services 
  • We are marketing similar products or services to those you enquired about or purchased 
  • We gave you a clear opportunity to opt out at the time we collected your details 
  • We include a clear and easy opt-out in every marketing communication 

Once you opt out, we will not send you further marketing and will add you to our suppression list. 

7b.  What marketing we send 

  • Information about home energy products and services similar to those you enquired about (solar, battery storage, EV charging, heat pumps) 
  • Seasonal or time-sensitive offers relevant to your property or prior enquiry 
  • Updates from Warmer Energy Solutions or Voltflow about new products, case studies or guides 

7c.  How to opt out 

You can opt out of marketing at any time by: 

  • Clicking the unsubscribe link in any email we send 
  • Replying STOP to any SMS we send 
  • Emailing us at info@warmerenergysolutions.co.uk 
  • Calling us on 0333 014 5890 

We will process opt-out requests promptly and you will not receive further marketing. Opt-outs are recorded permanently on our suppression list. 

7d.  Transactional messages 

SMS and email messages sent as part of delivering your contracted service — such as appointment confirmations, installation updates and aftercare communications — are not marketing. These are sent under our contract with you and are not affected by your marketing opt-out preferences. 

8.  Your rights 

Under UK GDPR and the Data Protection Act 2018, you have the following rights. We will respond to valid requests within one calendar month (extendable by up to two further months for complex requests, with notice). 

Right of access 

You can ask for a copy of the personal data we hold about you, along with information about how and why we process it. 

Right to rectification 

You can ask us to correct inaccurate or incomplete data. 

Right to erasure 

You can ask us to delete your data in certain circumstances, for example if we no longer need it for the purpose it was collected or if you successfully object to processing. This right is not absolute and may be overridden by legal obligations (e.g. we cannot delete financial records we are legally required to retain). 

Right to restriction 

You can ask us to pause processing of your data while a dispute about its accuracy or lawfulness is resolved. 

Right to data portability 

Where processing is based on contract or consent and carried out by automated means, you can ask us to provide your data in a structured, machine-readable format. 

Right to object 

You can object to processing based on our legitimate interests at any time. You have an absolute right to object to processing for direct marketing, which we will always honour immediately. 

Rights related to automated decision-making 

We do not currently use solely automated decision-making that produces legal or similarly significant effects on individuals. 

To exercise any of your rights, contact our Data Officer using the details in Section 12. We may need to verify your identity before acting on a request. 

9.  Cookies 

Our websites use cookies and similar technologies. When you first visit, a cookie consent banner allows you to accept, reject or manage non-essential cookies. You can update your preferences at any time via the cookie settings link in the footer. 

Category Examples Purpose and basis 
Strictly necessary Session, CSRF tokens Essential for the site to function. Cannot be disabled. No consent required. 
Analytics / performance Google Analytics (_ga, _gid) Understand how visitors use the site. Data is anonymised. Requires consent (or legitimate interests where anonymised). 
Marketing / tracking Facebook Pixel (if active) Track visits from adverts and measure campaign performance. Active only with explicit consent. 
Functional Language, preferences Remember your settings. Requires consent. 

10.  Security 

We take appropriate technical and organisational measures to protect your personal data, including: 

  • Encrypted data transmission (HTTPS/TLS) across our websites and systems 
  • Role-based access controls restricting data access to staff who require it 
  • Contractual security obligations on all third-party processors 
  • Regular review of our systems, access rights and practices 

If you believe your data may have been compromised, please contact us immediately. 

11.  Data breaches 

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware, as required by UK GDPR Article 33. Where the breach is likely to result in a high risk to you, we will notify you directly without undue delay. 

12.  Contact us and complaints 

For questions about this policy, to exercise your data rights, or to raise a concern, contact: 

Warmer Energy Solutions Ltd Voltflow (UK) Ltd 
Data Officer 300 St Mary’s Road, Garston Liverpool, L19 0NQ info@warmerenergysolutions.co.uk 0333 014 5890 Data Officer 300 St Mary’s Road, Garston Liverpool, L19 0NQ info@warmerenergysolutions.co.uk 0333 014 5890 

If you are not satisfied with our response, you may lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk or on 0303 123 1113. 

13.  Social media and external links 

Our websites and communications may include links to social media platforms (including Facebook, Instagram and LinkedIn) and external websites. Those platforms and websites have their own privacy policies and cookie practices, which we are not responsible for. 

If you interact with us via a social media platform — for example by messaging us, commenting on a post or clicking through to our website from an ad — that platform will also process your data under its own privacy policy. We do not control how social media platforms use your data. 

When you click a link from our website or email to a third-party website, you leave our environment. We recommend reviewing the privacy policy of any third-party site you visit. 

14.  Reviews, referrals and testimonials 

We may invite customers to leave reviews on Google, Trustpilot or other platforms, to refer friends or family, or to provide testimonials after an installation. Participation is entirely optional. 

If you provide a review or testimonial and give us permission to use it in our marketing, we will only publish details that have been agreed with you or that you have already chosen to make public through the relevant review platform. We will not publish your full name, address or other personal details without your explicit agreement. 

Referral requests are sent as part of our post-installation follow-up. If you prefer not to receive referral requests, you can tell us at any time and we will note your preference. 

Reviews and referral records are retained as part of your customer record in accordance with the retention periods in Section 6. 

15.  Changes to this policy 

We may update this policy to reflect changes in our practices, technology or legal requirements. When we make material changes, we will update the effective date above. For significant changes affecting existing customers, we will notify you by email where we hold a current address. 

This policy was last updated in May 2025.