top of page
Group 589_edited_edited_edited_edited_edited.jpg

Privacy Policy

Last revised: 10 July 2025

1. Who we are Energy Data Science (the "Site", "we", "our", "us") is a training platform operated by Spyros Giannelos, a sole trader based in the United Kingdom. Under UK GDPR, EU GDPR, and other applicable laws, Spyros Giannelos is the Data Controller for personal data collected through this Site. Contact for privacy matters: privacy@energydatascience.com

 

2. We collect and process the following categories of information

- Identity data – name (or nickname), title, country.

- Contact data – email address.

- Technical data – IP address, device and browser details.

- Usage data – page views, course progress, link clicks.

- Transaction data – courses purchased, prices paid, last four digits of payment card.

- Marketing preferences – records of email opt-in or opt-out choices.

We do not intentionally collect any special-category data (e.g. health, biometric, political opinions).

3. We process your personal data only when there is a lawful basis to do so

- Contract – to create and manage your account, deliver courses, send service emails and process payments.

- Legitimate interests – to provide customer support and improve the site.

- Consent – to send marketing emails; you may withdraw consent at any time.

- Legal obligation – to keep tax records and comply with other statutory requirements.

You can object to processing based on legitimate interests or withdraw consent at any time (see Section 9).

4. The Site uses first-party and third-party cookies and similar technologies provided by Wix, Google Analytics and YouTube to:

- Recognise returning visitors and keep you logged in.

- Measure site performance and course engagement.

- Compile aggregated, anonymised statistics.

​​​

5. Sharing your information

We never sell personal data. We share it only when necessary with:

- Service providers under contract, such as Wix (hosting), Google Workspace (email), and PayPal (payments).

- Professional advisers bound by confidentiality, including accountants and lawyers.

- Regulators or law-enforcement authorities, when required to comply with legal obligations. All third-party processors are vetted for GDPR compliance, and appropriate safeguards (Standard Contractual Clauses or UK International Data Transfer Agreements) are in place where data leaves the UK/EEA.

​​

6. International transfers

Some service providers store data in the United States or other jurisdictions. Transfers are protected by:

- UK adequacy regulations or EU adequacy decisions, where applicable.

- Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement.

- Additional technical and organisational safeguards, including encryption and access controls.

7. Data retention

- Account and course records are kept for as long as the account remains active and for three years after closure.

- Transaction records are retained for seven years to comply with tax and accounting laws.

- Marketing consent records are kept as long as consent remains valid.

- Analytics data in Google Analytics is retained for twenty-six months, the current default setting.

\- Data may be retained for longer periods where necessary for legal claims or regulatory investigations.

8. Security measures

- Full-site HTTPS encryption.

- Data encrypted in transit and at rest by our service providers.

- Multi-factor authentication on all admin accounts.

- Least-privilege access controls and regular security reviews.

- Routine vulnerability scanning by Wix infrastructure. Although we strive to protect your information, no internet transmission is completely secure; you use the Site at your own risk.

9. Your rights Under UK GDPR, EU GDPR and similar laws you may:

1. Access the personal data we hold about you.

2. Correct inaccurate or incomplete data.

3. Erase data ("right to be forgotten") in certain circumstances.

4. Restrict or object to specific processing activities.

5. Port your data to another service.

6. Withdraw consent at any time for marketing communications.

7. Lodge a complaint with the UK Information Commissioner's Office (ICO) or your local supervisory authority. To exercise any right, email privacy@energydatascience.com. We will respond within 30 days.

10. Third-party links

Courses and blog posts may link to external websites (e.g. GitHub repositories, research papers). We have no control over their content or privacy practices; review their policies before sharing personal data.

11. Children

This Site is not directed to anyone under 16 years of age. If you believe a child has provided us with personal information, contact privacy@energydatascience.com, and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy occasionally. Significant changes will be announced on this page and, where appropriate, by email. Please review the policy periodically to stay informed.

Contact
Spyros Giannelos – Data Controller
Email: privacy@energydatascience.com
 

bottom of page