Skip to content
Vester

Legal

Data Processing – Vester Energy Operations Platform

Summarises roles, data categories, processing purposes, and safeguards for personal data handled via the Vester Energy Operations Platform.

Last updated

D1. Roles of the Parties

Vester acts as a data processor in respect of personal data processed through the Vester Energy Operations Platform (the “Platform”), and as an independent controller in respect of its own business, contractual, and compliance records. The client acts as data controller in respect of customer, occupier, or site-related personal data uploaded to or processed via the Platform.

D2. Categories of Data Processed

The Platform processes only limited business-related personal data extracted from utility bills, consisting of:

  • Business name;
  • Business address;
  • Primary business contact name;
  • Business contact email address and/or telephone number (where shown on the utility bill);
  • Energy supplier, account reference numbers, and meter identifiers.

No special category personal data is processed via the Platform.

D3. Purpose and Duration of Processing

Personal data shall be processed solely for the purpose of providing, operating, supporting, and improving the Platform and related services. Processing shall continue for the duration of the Agreement and for such additional period as required for backup, legal, or regulatory purposes.

D4. Security Measures

Vester shall implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage, taking into account the nature of the data and the risks involved.

D5. Sub-processing

The client authorises Vester to appoint third-party sub-processors, including cloud hosting, infrastructure, and software service providers, as reasonably required to deliver the Platform. Vester shall remain responsible for the acts and omissions of its sub-processors.

D6. Data Subject Rights

Vester shall, taking into account the nature of the processing, provide reasonable assistance to enable the client to respond to requests from data subjects exercising their rights under applicable data protection legislation.

D7. Personal Data Breach

Vester shall notify the client without undue delay upon becoming aware of a personal data breach affecting the Platform, and shall provide reasonable information to assist the client in meeting any regulatory obligations.

D8. Return and Deletion of Data

Upon termination of the Agreement, Vester shall, at the client’s request and where reasonably practicable, return or delete personal data processed through the Platform, subject to applicable legal, regulatory, and backup retention requirements.