Last updated: 1 September 2025
1. Introduction
Prometis Analytics (“we”, “us”, “our”) provides scientific, analytical, and quantitative consulting services to clients in research, industry, and the public sector. Protecting your personal data and respecting your privacy are central to how we operate.
This Privacy Policy explains how we collect, use, store, and protect your information when you interact with us, use our website, or engage us for consultancy services. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant privacy laws.
2. Who We Are
Company name: Prometis Analytics- Dr Efstathios (Stathis) Stefanidis – Prof. Konstantinos Andreopoulos
Website: www.prometis-analystics.com
We act as the data controller for the personal data we collect and process in relation to our consultancy work.
3. Information We Collect
We only collect data that is relevant and necessary to provide our consultancy services and manage our business operations.
a. Information you provide directly
- Name, job title, company or institution
- Email address, phone number, and other contact details
- Project briefs, specifications, and correspondence
- Invoicing and payment details
- Any data or datasets you share with us for analysis (these may include personal or sensitive information, depending on your project requirements)
b. Information collected automatically
- Technical data (e.g. IP address, browser type, operating system)
- Usage information from our website (via analytics and cookies)
c. Information from third parties
We may receive information from publicly available sources or business partners to support project delivery or business development.
4. How We Use Your Information
We use your data for the following purposes:
- To provide and manage our scientific and analytical consultancy services
- To analyse and interpret datasets you provide (under strict confidentiality agreements)
- To communicate with you regarding projects, proposals, or enquiries
- To issue invoices, process payments, and maintain business records
- To comply with legal and regulatory requirements
- To improve our services and client experience
- To send updates or marketing communications (only with your consent)
We never sell or share personal data for marketing purposes.
5. Handling of Client Data and Datasets
As a consultancy that frequently works with data, we take data security and confidentiality very seriously.
- All datasets are stored on encrypted systems with restricted access.
- Data analysis is performed under controlled conditions, using secure environments.
- Client datasets are only used for the purposes agreed in writing (e.g. analysis, modelling, or reporting).
- Any sensitive or personal data within project datasets is handled in accordance with GDPR principles of minimisation, integrity, and confidentiality.
- Upon project completion, data is securely deleted or returned, as specified in our contractual agreement.
6. Legal Bases for Processing
We process your personal data based on one or more of the following legal grounds:
- Contractual necessity: to deliver consultancy services under an agreed contract or proposal
- Legitimate interests: to manage and improve our business operations and client relationships
- Legal obligations: to comply with tax, accounting, or regulatory requirements
- Consent: when you opt in to receive marketing or research updates
7. Data Sharing and Disclosure
We may share limited personal data with:
- Trusted service providers (e.g. secure cloud storage, accounting platforms, IT support)
- Professional advisors such as accountants or legal counsel
- Regulatory or legal authorities if required by law
We ensure that any third parties processing personal data on our behalf maintain equivalent levels of security and compliance.
8. International Data Transfers
If data needs to be transferred outside the UK or EEA, we ensure appropriate safeguards are in place — such as UK adequacy regulations or Standard Contractual Clauses (SCCs) approved by the Information Commissioner’s Office (ICO).
9. Data Retention
We retain:
- Client contact and contract data for up to 7 years after the completion of a project (for legal and accounting purposes)
- Analytical datasets only for the duration necessary to complete agreed work, unless otherwise specified by contract
After this period, all personal and project data are securely deleted or anonymised.
10. Data Security
We use a combination of technical, organisational, and procedural safeguards to protect your information, including:
- Encrypted data storage and secure backups
- Access controls and audit trails
- Regular security reviews and data protection training for staff
In the unlikely event of a data breach, we will notify affected parties and the ICO as required by law.
11. Your Rights
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate or incomplete data
- Request erasure of your data where legally permissible
- Object to or restrict processing
- Withdraw consent for marketing communications
- Request data portability (transfer of your data to another controller)
To exercise these rights, please contact us at [Contact Email].
If you are unsatisfied with our response, you may contact the Information Commissioner’s Office (ICO) at www.ico.org.uk.
12. Cookies and Analytics
Our website may use cookies and analytics tools (such as Google Analytics) to understand visitor behaviour and improve performance.
You can disable cookies in your browser settings if you prefer not to share this information.
13. Updates to This Policy
We may update this Privacy Policy periodically. Updates will be posted on our website with a new “Last Updated” date.
Significant changes will be communicated directly to our clients where appropriate.
14. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us via our Contact Us page at: www.prometis-analystics.com