EnergySmart Institute Privacy Policy October 27 2020

(Scroll Down to View GDPR Compliance Section)

Our website address is:

Our corporate website address is:

EnergySmart Institute is a subsidiary of Hathmore Technologies, LLC (HTLLC) and adheres to the HTLLC Privacy Policy as well as specific items for this site detailed below.

What personal data we collect and why we collect it


Comments are not turned on in the EnergySmart Institute (ESI) website because information is exchanged using forums that are active only for registered users. Information for visitors/guests can be found under the "FAQs" tab-link and comments are turned off. Visitors/guests can communicate with EnergySmart Institute using the "Contact us" menu option. However, should a visitor leave a comment then please be advised that we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here:  Appropriate comments will be moved and shown in the applicable forum(s). Inappropriate comments and ads will be deleted.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website may be able to download and extract any location data from images on the website.

Contact forms

Communication between EnergySmart Institute administrators and staff will primarily be through the use of emails. The use of contact forms will be limited to a specific action or circumstance only.


If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article or forum/blog post, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website. EnergySmart Institute does not have access or control over third-party websites and content but insertion of third-party content will be used on a limited basis only.


EnergySmart Institute employs two types of analytics; user behavior is noted using an online analytic system, such as Google analytics. This information helps to understand user interaction with the EnergySmart Institute website content and offerings. Also, EnergySmart Institute offers online, on-demand courses and certification options. Student information is tracked including progress through course content, quiz or test results, overall course completion information and award of certifications or credentials associated with successful course completion.

Who we share your data with

Certain information is communicated with the website security system using Wordfence by Defiant to help ensure website integrity and security. Information regarding data required for website security by Defiant can be found by visiting Home energy raters who successfully complete the ENERGY STAR course will become certified as ENERGY STAR raters and this information with be shared with the US EPA's ENERGY STAR program. Details on this program are available at Students who successfully complete the EnergySmart for Contractors course will become certified as an EnergySmart Contractor and are eligible to be part of national EnergySmart teams. Students who become EnergySmart contractors will have their information shared with other EnergySmart contractors and may have their certification information shared with RESNET and certified home energy raters.  Visit for their privacy policy information.  Other programs and third-party educational services may utilize our services to provide training and track your educational progress.  You agree that we may share this information with the associated program(s) and/or service(s) when you register for a course.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.  Your password is encrypted and cannot be retrieved by any human.  If you lose or forget your password, you may reset it using the password reset option on the log in screen.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Any visitor comments will be checked using an automated spam detection service. User information is considered confidential in nature and is treated as such.

Your contact information

Users have the ability to make their contact information available to others who may wish to utilize the services.

Additional information

How we protect your data

All data transmitted to and from the EnergySmart Institute website utilizes the Secure Socket Layer (SSL) protocol, which means that the data is secured through an encryption system robust enough to allow the electronic transfer of funds. This SSL system is what other websites use that conduct financial transactions and SSL is the universal standard protection mechanism recognized around the world for protecting financial information.

The data breach procedures we have in place

EnergySmart Institute takes data protection very seriously and has active accounts with security systems to help keep private data intact. However, data breaches can still be possible due to the fluid nature of the Internet and also the evolving nature of electronic communication devices, including mobile devices. If a data breach is suspected the users of EnergySmart Institute will be notified and the nature of the breach will be forwarded to Wordfence for analysis. If a user suspects a data breach they are encouraged to contact EnergySmart Institute immediately using the "Contact us" menu option on the website.

What third parties we receive data from

EnergySmart Institute is primarily a closed educational platform that has little interaction with third-parties. Information shared with third-parties, such as the US EPA or RESNET, is sent in one direction to them and responses from these parties do not access the ESI platform.

What automated decision making and/or profiling we do with user data

Users of the EnergySmart Institute platform who become certified are allowed to make their certifications known to third-parties of their choosing without limitation.  As you complete courses, the system automatically tracks which units have been successfully completed and compares this to our master list of units required within courses and certifications.  You may be contacted automatically to notify you of additional courses you may be interested in attending or certifications you may be interested in pursuing based on the units you have completed. As some units are applicable to multiple courses and/or certifications, you may have already completed a portion of an additional course or certification and the system may offer you a discount or expedited path to full completion.  You may opt out of automatic communication at any time by updating your preference in your profile.

Industry regulatory disclosure requirements

EnergySmart Institute is structuring data management to be in compliance with the General Data Protection Notice that went into effect in Europe on May 25th, 2018. (See next section)

GDPR General Data Protection Notice

The data protection law changed on 25 May 2018 (May 25th, 2018). On that day, the General Data Protection Regulation of 27 April 2016 (hereinafter referred to as "GDPR") came into force. This is why we are providing our website users with this notice that will inform you about the ways in which we process your personal data. Providing the personal data is voluntary on your part, however it is also necessary for us to conclude contracts and perform services.

Data Manager

Hathmore Technologies, LLC is the manager of your personal data; therefore it determines the methods and goals of processing your personal data.

Obtaining information on processing of personal data

You can contact the data manager on matters concerning the protection of your personal data via email at or by sending a letter to our headquarters. See website for headquarters location and contact information.

Data collection and the purpose of its processing

We process your personal data because it is necessary to perform a contract with you i.e. provide a service (compliant with Article 6 (1) (b) of GDPR) including:

  • registering a user in the ordering system and ensuring proper user service, including providing the user with product offers and completing his or her orders (compliant with Article 6 (1) (b) of GDPR);
  • processing claims and complaints (compliant with Article 6 (1) (c) of GDPR);
  • pursuing claims related to a contract (compliant with Article 6 (1) (f) of GDPR) where the right to pursue claims is a legitimate interest;
  • archiving purposes (compliant with Article 6 (1) (c) of GDPR);
  • statistical purposes (compliant with Article 6 (1) (f) of GDPR)

In addition, we are required by law to process your personal data for tax and accounting purposes.

Furthermore, we may process your personal data for marketing purposes i.e. promoting our products and services. If we do this without using electronic means of communication, the legal basis for those activities is Article 6 (1) (f) of GDPR where conducting marketing activities is a legitimate interest of the website administrator. However, if we use electronic means of communication for this purpose i.e. e-mail or phone, then due to other applicable laws we only process personal data with your consent (compliant with Article 6 (1) (a) of GDPR).

Data recipients

Your personal data may be transferred to other parties that will process your personal data on their own behalf, including but not limited to:

  • parties conducting postal or courier activities;
  • banks (for undue payment recovery purposes);
  • government authorities or other entities entitled by law, for the purposes of performing our responsibilities (tax offices, law enforcement agencies, etc.);
  • parties managing our IT systems (hosting companies, IT service providers);
  • parties providing us with legal counsel, accounting, tax, and advisory services.

Retention periods of your personal data

We will retain your personal data for the duration of a contract (performance of services) and after its dissolution:

  • Data included in contracts – stored until the limitation period for contract claims (up to 10 years from the date of contract completion);
  • For the purposes required under applicable law, in particular the obligation to retain accounting documentation, issue invoices, etc.;
  • Warranty and complaint-related documentation shall be stored for 1 year after the expiration of a warranty or clearing a complaint;
  • Data used for marketing purposes:
  • when processing data on the basis of consent – until withdrawal of consent;
  • when processing data on the basis of legitimate reasons – unless legitimate objections occur ;
  • Data transferred via a contact form – for the limitation period of possible claims (up to 3 years).

Rights related to data processing

You have the right to access, correct and transfer your data, limit its processing, object to its processing, or withdraw your consent at any time without affecting the lawfulness of processing that was already performed on the basis of consent prior to its withdrawal (if the processing is consent-based).

Moreover, should you decide that our processing breaches the provisions of GDPR; you have the right to submit a complaint to a data protection authority.

Automated data processing (profiling)

Your personal data will be processed in an automated way (including profiling), however this will not cause any legal or other serious repercussions for you.

Profiling of personal data means we process your data (including in an automated manner) and use it to assess some information, in particular to analyze or forecast personal preferences and interests.  This helps us determine the priority of future training classes and develop marketing materials.