Skip to content
Vester

Legal

Privacy Policy

This Privacy Policy explains how Vester Energy Limited collects, uses, and protects personal data when you interact with our website or services.

Last updated

1. Who We Are

We are Vester Energy Limited, registered in England and Wales (Company Number: 15022503), with a registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. Vester Energy Limited is registered with the Information Commissioner’s Office as a data controller.

For certain energy market-access and switching activities, we work with third-party market-access and data providers. To produce the indicative price and usage model you ask us for, before you commit we may share with one of these providers the information needed to quote and model your energy: your business address, meter point number (MPAN), Estimated Annual Consumption (EAC), and half-hourly consumption data. If you decide to proceed, the specific provider is named to you on a co-branded Letter of Authority provided by that provider and signed by you, and we share further personal data with them only once you have signed it. Depending on the arrangement, the provider may act as an independent Data Controller with Vester Energy Limited acting as its Data Processor, or Vester may act as Data Controller and share your data with the provider as a recipient. The role that applies to your engagement is set out in your Letter of Authority.

Vester Energy Limited is the Data Controller for the personal data it collects and uses for its own purposes. This includes lead-capture details you submit through our website or forms (such as your name, business email address, company, and postcode), the meter and consumption data we use to analyse your energy (including your MPAN, Estimated Annual Consumption, and half-hourly consumption data), email addresses we hold to send marketing communications where you have consented, and the billing details of sole traders and other unincorporated customers. For these activities we decide why and how your data is used. Where instead we act under a market-access provider’s authority, we act as that provider’s Data Processor, as described above.

2. How We Collect Personal Data

We collect personal data:

  • Directly from you when you complete forms, contact us, or request our services.
  • Automatically through your use of our website, including technical and usage data.
  • Through market-access and data providers with whom you enter a relationship, including under a Letter of Authority you sign.

3. Types of Personal Data We Process

Depending on your interaction with us, this may include:

  • Contact details such as name, business email address, phone number, and job title.
  • Technical data such as IP address, browser type, and session activity.
  • Records of consent and communication preferences.
  • Communications, including emails and form submissions.
  • Meter and consumption data, such as your meter point number (MPAN), Estimated Annual Consumption (EAC), and half-hourly consumption data, which shows how your sites use energy across the day.
  • Postcode, and, where you are a sole trader or other unincorporated business, your billing address.

Where you deal with us as a sole trader or other unincorporated business, information about your business, including business contact, meter, consumption and billing details, is treated as your personal data under UK data protection law.

We use cookies and similar technologies to operate our website and understand how it is used. You can manage cookies through your browser settings.

4. Why We Process Personal Data

We process personal data in order to:

  • Respond to enquiries and provide our services.
  • Support energy market-access and switching services delivered through our market-access and data providers.
  • Produce the indicative prices and usage models you ask us for, which involves sharing the data needed to quote and model your energy (your business address, MPAN, EAC, and half-hourly consumption data) with a market-access or data provider.
  • Analyse how your sites use energy, including your half-hourly consumption data, to match tariffs and model options such as solar and battery.
  • Operate, maintain, and improve our website and systems.
  • Meet legal, regulatory, and record-keeping obligations.
  • Send service-related communications and, where consent has been given, marketing updates.

Where we act as a Data Processor for a market-access provider, we process personal data only for the purposes they specify, such as enabling quotations, administering contracts, and monitoring performance.

Our lawful bases for processing include:

  • Performance of a contract, or taking steps at your request before entering a contract. This includes sharing with a market-access or data provider the data needed to produce an indicative price and usage model you have asked us for, such as your business address, MPAN, Estimated Annual Consumption, and half-hourly consumption data.
  • Consent, which you give by ticking the marketing opt-in box on our forms, as our basis for sending you marketing emails. You can withdraw that consent and unsubscribe at any time. This is consistent with our obligations under the Privacy and Electronic Communications Regulations (PECR).
  • Compliance with legal or regulatory obligations.
  • Our legitimate interests, where those interests are not overridden by your rights.
  • A market-access provider’s lawful instructions, where we act as a Data Processor.

6. Data Sharing and Disclosure

We may share personal data with:

  • Our market-access and data providers. Before any Letter of Authority is signed, we share only what is needed to produce the indicative price and usage model you have asked for: your business address, meter point number (MPAN), Estimated Annual Consumption (EAC), and half-hourly consumption data. Once you sign a co-branded Letter of Authority, which names the specific provider, we may share further personal data with them to arrange and administer your contract.
  • Trusted service providers such as IT, CRM, and analytics platforms.
  • Legal or regulatory authorities where required by law.
  • Other parties where you have given explicit consent.

We do not sell personal data and we do not permit third parties to use it for their own marketing purposes.

7. Your Data Rights

Under UK data protection law, you have the right to:

  • Access your personal data.
  • Correct inaccurate or incomplete data.
  • Request erasure of your data, subject to legal obligations.
  • Object to or restrict certain processing.
  • Withdraw consent at any time where processing relies on consent, including unsubscribing from marketing emails using the link in any marketing email or by emailing [email protected].
  • Lodge a complaint with the Information Commissioner’s Office (ICO).

To exercise these rights, contact us at [email protected]. You also have the right to raise a complaint with the Information Commissioner’s Office (www.ico.org.uk).

8. Data Retention

  • We retain personal data only for as long as necessary for the purposes set out in this policy.
  • Where you ask us for a quote but do not proceed, we and our providers retain the data shared to produce that quote (including your MPAN, EAC and half-hourly consumption data) only for as long as needed to provide and follow up on it, and then delete or anonymise it.
  • Where we act as a Data Processor for a market-access provider, personal data is retained for up to 30 days after the end of the relevant engagement, unless instructed otherwise.
  • Some information may be retained for longer periods where required by law, regulation, or for legitimate business purposes such as audit and compliance.

9. International Data Transfers

Some of our service providers may process data outside the UK or European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent protections.

10. Security

We apply appropriate technical and organisational measures to protect personal data, including access controls, encryption, and staff training. While no system is completely secure, we take reasonable steps to reduce risk.

Our website may contain links to third-party sites. Their privacy practices are governed by their own privacy notices.

12. Children’s Privacy

We do not knowingly collect personal data from individuals under the age of 16.

Updates to This Policy

We may update this Privacy Policy from time to time. Any material changes will be reflected on this page, and the ‘last updated’ date will be revised accordingly.

Contact Us

For privacy-related questions or to exercise your data rights, email [email protected] or write to 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.

This policy reflects our commitment to clarity, proportionality, and compliance with UK data protection law.