Privacy Policy

This privacy policy applies to the use of our website and the Voltpark platform. Our offering is exclusively directed at businesses (B2B) – in particular:

• Project developers and sellers of battery storage projects
• Investors and buyers looking to invest in battery storage projects
• Business partners and interested parties who want to learn about our offering

Access to the platform is by invitation only after prior review by Voltpark.

We only process personal data to the extent necessary for the described purposes.

Types of data processed

• Master data (e.g., name, company, address)
• Contact data (e.g., email address, phone number)
• Content data (e.g., uploaded documents, project information)
• Usage data (e.g., pages visited, access times)
• Meta and communication data (e.g., IP address, device information)

Categories of data subjects

• Registered platform users (sellers and buyers)
• Prospects and website visitors
• Business and communication partners

Purposes of processing

• Provision and operation of the platform
• User management and authentication
• Brokering battery storage projects
• Communication with users and prospects
• Web analytics to improve our offering
• Fulfillment of legal obligations

We process personal data on the basis of the following legal bases under the GDPR:

• Consent (Art. 6(1)(a) GDPR) – The data subject has given consent for a specific processing purpose (e.g., for cookies or web analytics).
• Performance of Contract (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract or for the implementation of pre-contractual measures (e.g., use of the platform, project inquiries).
• Legal Obligation (Art. 6(1)(c) GDPR) – Processing is necessary to comply with legal requirements (e.g., retention obligations).
• Legitimate Interests (Art. 6(1)(f) GDPR) – Processing is carried out to safeguard our legitimate interests, provided that the interests of the data subject do not prevail (e.g., security measures, general web analytics without cookies).

In addition to the GDPR, national data protection regulations in Germany apply, in particular the Federal Data Protection Act (BDSG).

Registration is required to use our platform. Access is exclusively by invitation after prior review.

Registration and Authentication

During registration, we collect name, email address, company affiliation, and role (seller/buyer). Authentication is handled via Supabase Auth with encrypted password transmission.

Project Data and Documents

Sellers can upload project information and documents. Buyers gain access to certain data depending on the status of their expression of interest. Documents are stored encrypted and are only accessible via time-limited signed URLs.

Use of AI/LLM

To support internal processing of project documents, we may use AI-powered language models (LLMs). This processing is carried out exclusively internally for quality assurance and data preparation. Personal data is not transmitted to external AI services.

When contacting us (by email, contact form, or via the platform), we process your information to handle your inquiry.

Data processed

• Contact data (name, email, phone)
• Content of the inquiry
• Time of communication

Legal bases

Processing is carried out for the performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR) or on the basis of our legitimate interests in responding to inquiries (Art. 6(1)(f) GDPR).

We use cookies and similar technologies to provide and improve our website.

Technically necessary cookies

These cookies are required for the operation of the website (e.g., session cookies for authentication). They are set without consent.

Analytics cookies

For web analytics with Google Analytics, we only set cookies with your express consent. You can revoke your consent at any time via the cookie banner or in your browser settings.

Cookieless analytics

Additionally, we use Umami Analytics, a privacy-friendly web analytics tool that works without cookies and without personal data.

We use web analytics services to understand and improve the use of our website.

Umami Analytics (without consent)

Umami is a privacy-friendly open-source analytics software. It does not collect personal data, does not use cookies, and does not store IP addresses. Its use is based on our legitimate interests (Art. 6(1)(f) GDPR).

Google Analytics 4 (with consent only)

Google Analytics 4 is only activated when you consent via the cookie banner. Usage data is collected in pseudonymized form and transmitted to Google. Google may transfer this data to countries outside the EU. We have concluded a data processing agreement with Google and activated IP anonymization.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Privacy policy: https://policies.google.com/privacy

We use external service providers for the operation of our platform, with whom we have concluded data processing agreements pursuant to Art. 28 GDPR.

Vercel (Hosting)

Our website is hosted by Vercel Inc. Vercel processes technical data (IP address, access times) to provide the website.
Provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA

Supabase (Database and Authentication)

User data and project information are stored with Supabase. Data processing takes place on servers in the EU.
Provider: Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992

Resend (Email Delivery)

For sending emails (e.g., invitations, notifications), we use Resend.
Provider: Resend Inc.

We maintain a presence on LinkedIn to communicate with prospects and partners and to provide information about our offering.

When you visit our LinkedIn profile, data is processed by LinkedIn. We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection of data used to create “Page Insights” (visitor statistics).

Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland
Privacy policy: https://www.linkedin.com/legal/privacy-policy

We delete personal data as soon as the purpose of processing no longer applies and no statutory retention obligations exist.

General retention periods

• 10 years: Accounting records, annual financial statements (§ 147 AO, § 257 HGB)
• 6 years: Business correspondence and other documents (§ 257 HGB)
• 3 years: Data for processing claims (§ 195 BGB)

User account

Account data is deleted after the end of the business relationship and expiry of statutory retention periods. You can request the deletion of your account at any time.

As a data subject, you have the following rights under the GDPR:

• Right of access (Art. 15 GDPR): You can request information about your processed data.
• Right to rectification (Art. 16 GDPR): You can request the rectification of inaccurate data.
• Right to erasure (Art. 17 GDPR): You can request the deletion of your data, provided no retention obligations apply.
• Right to restriction of processing (Art. 18 GDPR): You can request the restriction of processing.
• Right to data portability (Art. 20 GDPR): You can request the transfer of your data in a portable format.
• Right to object (Art. 21 GDPR): You can object to processing based on legitimate interests.
• Right to withdraw consent (Art. 7(3) GDPR): You can withdraw consent given at any time with effect for the future.

To exercise your rights, please contact: clemens.marckwardt@voltpark.de

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.

The supervisory authority responsible for us is:

This privacy policy is currently valid and has the status of February 2026.

Due to further developments of our website and platform or changes in legal or regulatory requirements, an amendment of this privacy policy may become necessary. The current version can always be found on this page.