Energy Academy

Privacy Policy

Last updated: [ADD DATE]

This policy explains how [YOUR ORGANISATION NAME]("we", "us") collects and uses your personal data when you use Energy Academy (the "Service"), and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are

The data controller for your personal data is [YOUR ORGANISATION NAME], [REGISTERED ADDRESS]. You can contact us about privacy at [PRIVACY CONTACT EMAIL]. [If applicable: our ICO registration number is [ICO NUMBER].]

The data we collect

We do not knowingly collect special-category data, and the Service is not directed at children.

How we use your data, and our lawful bases

We do not currently use analytics, advertising or other non-essential tracking cookies. If we ever do, we will ask for your consent first and update this policy.

Marketing communications and your choices

We only send you marketing emails if you have opted in, and you can choose which types you receive (course and platform updates, our newsletter and energy tips, consulting and services, and events and webinars). You can change your choices or unsubscribe at any time from the Email preferences section of your profile, or via the unsubscribe link in any marketing email. Withdrawing consent does not affect anything we sent before you withdrew it.

We use the optional details you give us (such as your industry, role and interests) only to make those communications more relevant to you. We do not sell your personal data, and we do not share it with third parties for their own marketing.

Who we share it with

We use trusted service providers who process data on our behalf, under contract:

We do not sell your personal data. We only disclose it to others where required by law.

International data transfers

Some of your personal data is stored and processed in the European Economic Area (EEA) โ€” our database and authentication provider, Supabase, hosts your data in Ireland. The EEA is covered by the UK's data protection adequacy regulations, which the UK Government has determined provide an adequate level of protection for personal data. These transfers are therefore permitted without additional safeguards. If we ever move your data outside the UK or the EEA, we will put appropriate safeguards in place (such as the UK International Data Transfer Agreement) and update this policy.

How long we keep it

We keep your account and learning data for as long as your account is active. When you delete your account (from your profile page) or ask us to delete your data, your account, profile, learning progress, quiz results and consent records are deleted immediately, and any residual copies clear from our provider's encrypted backups within 30 days. We may retain a minimal record for longer only where we must meet a legal obligation (for example, evidence that a marketing consent was withdrawn).

Your rights

Under UK GDPR you have the right to:

To exercise any of these, email [PRIVACY CONTACT EMAIL]. We will respond within one month. You also have the right to complain to the UK's Information Commissioner's Office (ICO) at ico.org.uk โ€” though we'd appreciate the chance to help first.

How we protect your data

Access to your account is protected by authentication, and data is transmitted over encrypted (HTTPS) connections. No system is perfectly secure, but we take reasonable technical and organisational measures to protect your information.

Changes to this policy

We may update this policy from time to time. We will change the "last updated" date above and, for significant changes, let you know.

Contact

Questions about your privacy? Email [PRIVACY CONTACT EMAIL] or write to us at [REGISTERED ADDRESS].