Privacy Policy
Last updated: 5/2026
This Privacy Policy explains how Mellon Training (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit mellontraining.com, courses.mellontraining.com, and any related pages (the “Site”), and when you purchase or use our online courses (the “Services”).
We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and applicable Greek data protection law.
1. Who we are (Data Controller)
The data controller responsible for your personal data is:
- Business / trading name: Mellon Training
- Registered address: Rhodes (Rodos), 85100, Greece
- Contact email: info@mellontraining.com
For any privacy-related question or to exercise your rights, contact us using the email above.
2. What data we collect
We collect the following categories of personal data:
Information you provide directly:
- Name and email address (when you create an account, purchase a course, or subscribe to our newsletter)
- Billing information processed by our payment provider (we do not store full card numbers — see Section 6)
- Any information you include when you contact us for support or ask a question inside a course
Information collected automatically:
- IP address, browser type, device type, and operating system
- Pages visited, time spent, referring website, and similar usage data
- Course progress and completion data (which lessons you have watched)
- Cookies and similar technologies (see our separate Cookie Policy)
We do not intentionally collect special categories of data (such as health, religion, or political opinions) and ask that you do not send such information to us.
3. How we use your data and our legal basis
| Purpose | Legal basis (GDPR) |
|---|---|
| Creating and managing your account | Performance of a contract |
| Providing access to purchased courses and tracking progress | Performance of a contract |
| Processing payments and issuing receipts/invoices | Performance of a contract; legal obligation |
| Sending the newsletter and marketing emails | Consent (you can withdraw at any time) |
| Responding to support requests | Performance of a contract; legitimate interest |
| Improving the Site and Services (analytics) | Consent (via cookie banner) / legitimate interest |
| Preventing fraud and securing the Site | Legitimate interest |
| Meeting accounting and tax obligations | Legal obligation |
4. Marketing communications
If you subscribe to our newsletter or opt in during checkout, we will send you educational content, course updates, and promotional offers. You can unsubscribe at any time using the link in every email, or by contacting us. Withdrawing consent does not affect the lawfulness of processing before withdrawal.
5. How long we keep your data
- Account and course access data: for as long as your account is active, plus [e.g. 24] months after last activity, unless you request deletion sooner.
- Purchase and invoice records: retained for the period required by Greek tax law (generally [e.g. 5–10] years).
- Newsletter data: until you unsubscribe.
- Support correspondence: [e.g. 24] months after the issue is resolved.
6. Service providers and data sharing
We share data only with providers that help us run the Services, under appropriate data-processing agreements. These include:
- Course / learning platform: [LMS PROVIDER — e.g. Thinkific, Teachable, Kajabi, or self-hosted]
- Payment processing: [PAYMENT PROCESSOR — e.g. Stripe, PayPal]
- Email / newsletter: [EMAIL PROVIDER — e.g. Mailchimp, ConvertKit, MailerLite]
- Website hosting: [HOSTING PROVIDER]
- Analytics: [ANALYTICS PROVIDER — e.g. Google Analytics, if used]
- Embedded content: YouTube (Google) for course preview and tutorial videos
We do not sell your personal data. Some providers may process data outside the European Economic Area; where this happens, transfers are protected by appropriate safeguards such as the EU Standard Contractual Clauses.
7. Your rights under GDPR
You have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data (“right to be forgotten”) where applicable
- Restrict or object to certain processing
- Data portability — receive your data in a structured, machine-readable format
- Withdraw consent at any time where processing is based on consent
- Lodge a complaint with the Greek Data Protection Authority (Hellenic DPA / Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα), www.dpa.gr
To exercise any of these rights, email us at [PRIVACY CONTACT EMAIL]. We will respond within one month.
8. Data security
We use reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), access controls, and trusted third-party processors. However, no method of transmission over the internet is completely secure.
9. Children
Our Services are not directed at children under [16]. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the latest version. Material changes will be communicated where appropriate.
11. Contact
Questions about this policy or your data? Email [PRIVACY CONTACT EMAIL] or write to us at the address in Section 1.