Volt Data

Privacy Policy

Last Updated: February 2026

1. Overview

This Privacy Policy describes how Volt Data Pty Ltd ACN 603 930 356 (“Volt Data,” “we,” “us,” or “our”) collects, uses, stores, and shares your personal information when you use the Volt Data platform and its associated applications.

Volt Data enables you to access and review your electricity data, which is derived from Consumer Data Right (“CDR”) data collected by Fiskil Pty Ltd ACN 646 260 728 (“Fiskil”), an accredited data recipient under Part IVD of the Competition and Consumer Act 2010 (Cth) and the Competition and Consumer (Consumer Data Right) Rules 2020 (Cth) (“CDR Rules”). We do not directly collect CDR data from data holders; rather, we access CDR data through the hosted software platform provided by Fiskil, with your consent.

We are bound by the Privacy Act 1988 (Cth) (“Privacy Act”), including the Australian Privacy Principles (“APPs”), and any relevant privacy code registered under the Privacy Act.

2. Personal Information We Collect

2.1 Personal Information

We collect personal information that is reasonably necessary for our functions and activities. This may include:

• name and contact details (address, email, phone number);

• company name, job title and employer;

• nature of business; and

• online interactions with our platform.

2.2 Device and Usage Information

We also collect certain information automatically, including:

• Device Information: IP address, web browser type, time zone, and cookies;

• Usage Information: pages viewed, referral sources, and interactions with the platform; and

• browsing patterns and cookie status.

2.3 CDR Data

Volt Data displays electricity data derived from CDR data collected by Fiskil in its capacity as an accredited data recipient under the CDR Rules. We access this CDR data through Fiskil’s hosted platform with your consent. CDR data is handled in accordance with the CDR Rules.

CDR data is used solely to:

• provide energy insights and related analytics;

• automate data processing and reporting;

• match and reconcile energy data; and

• simplify data review and analysis for consumers.

Consumer consent for CDR data can only last for a maximum of twelve (12) months. After 12 months, consent expires and consumers may either re-confirm or explicitly withdraw their consent. If no preference is actively stated, consent will automatically be withdrawn.

Consumers may withdraw consent at any time by contacting us in writing or via the relevant data holder consent (“Connections”) dashboard in Volt Data.

3. How We Collect Personal Information

3.1 Direct Collection

We primarily collect personal information directly from you, including when you:

• register for or use the Volt Data platform;

• provide information via email or web forms; and

• engage us for services or request a quote.

3.2 Collection from Third Parties

We may also collect personal information from third parties, including from Fiskil and other CDR-accredited entities in compliance with CDR regulations and based on your consent. If we collect information about you from another source, we will make you aware whenever reasonably possible.

3.3 Cookies and Tracking Technologies

We collect information using:

• Cookies: small data files stored on your device to enable platform features;

• Log Files: IP addresses, browser types, and timestamps; and

• Web Beacons, Tags, and Pixels: tracking technologies that monitor platform usage.

You can manage cookie preferences through your browser settings, including refusing all cookies.

4. How We Use Your Personal Information

We use personal information to:

• provide and improve the Volt Data platform;

• authenticate users and prevent fraud;

• comply with legal and regulatory obligations, including the CDR Rules;

• conduct analytics and improve user experience;

• communicate with you about our services; and

• deal with enquiries and complaints.

In certain circumstances, the law may permit or require us to use or disclose personal information for other purposes where you would reasonably expect us to and the purpose is related to the purpose of collection.

5. Sharing and Disclosure of Personal Information

We may share your personal information with:

• Third-Party Service Providers: entities that assist in operating the platform (e.g., cloud hosting, analytics);

• Fiskil and CDR-Accredited Entities: in compliance with CDR regulations and based on your consent;

• Legal and Regulatory Authorities: when required by law or to protect our rights;

• our related bodies corporate; and

• our contractors and agents.

We do not sell personal data to third parties. Any sharing is conducted with strict privacy safeguards.

We may also use or disclose your personal information without additional consent where:

• it is for a purpose related to the primary purpose of collection and you would reasonably expect such use;

• we reasonably believe it is necessary to lessen or prevent a serious threat to life, health or safety;

• we have reason to suspect unlawful activity; or

• it is required or authorised by law.

6. International Data Transfers

Your information may be transferred outside Australia, including to the United States, Canada, or the European Union. Where applicable, we implement data protection mechanisms to safeguard cross-border transfers in accordance with the Privacy Act.

If you do not agree to the disclosure of your personal information outside Australia, please contact us via the details set out in section 11.

7. Data Security and Storage

We take all reasonable steps to protect against the loss, misuse and alteration of information under our control, including through appropriate physical and electronic security strategies. Only authorised personnel have access to personal information, and they are required to treat it as confidential.

Our policy is that electronic records are stored within Australia whenever commercially feasible. When we consider information is no longer needed, we will destroy or permanently de-identify it.

8. Access and Correction

Under the Australian Privacy Principles, you have the right to request access to any personal information we hold about you and to request correction of inaccurate information. If we refuse a request, we will provide written reasons.

We will acknowledge requests within 7 days and provide a substantive response within 30 days.

9. Do Not Track Signals

We do not alter data collection practices based on Do Not Track signals. You may adjust your privacy settings in your browser.

10. Minors

Our services are not intended for individuals under 18 years of age.

11. Complaints and Dispute Resolution

If you have concerns about how we handle your personal data:

1. Contact us at hello@voltdata.com.au. We will acknowledge your complaint within 1 business day.

2. We will investigate the complaint and inform you of the outcome within 30 calendar days.

3. If unsatisfied, you may contact the Office of the Australian Information Commissioner (OAIC):

• Email: enquiries@oaic.gov.au

• Phone: 1300 363 992

• Mail: GPO Box 5218, Sydney NSW 2001

4. You may also escalate complaints relating to CDR data to the Australian Financial Complaints Authority (AFCA).

12. Changes to This Privacy Policy

We may update this policy from time to time. Updates will be posted on our website with the “Last Updated” date. We will take reasonable steps to notify you of material changes.

13. Contact Us

For questions or concerns about this Privacy Policy:

• Mail: Volt Data Pty Ltd, Level 19, 30 Pirie Street, Adelaide SA 5000

• Email: hello@voltdata.com.au

For matters relating to CDR data collected by Fiskil, you may also contact Fiskil directly:

• Mail: Fiskil Pty Ltd, Level 1, 347 Kent St, Sydney NSW 2000

• Email: legal@fiskil.com.au