GDPR PRIVACY NOTICE

For European Economic Area (EEA) and United Kingdom Residents

Effective Date: January 1, 2026
Last Updated: January 1, 2026


INTRODUCTION

BGM Agency LLC ("we," "us," or "our") is committed to protecting the privacy and personal data of individuals located in the European Economic Area (EEA) and the United Kingdom (UK).

This GDPR Privacy Notice supplements our main Privacy Policy and explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).

By using our website (https://aitycoonz.com) or Services, you consent to the practices described in this Notice.


DATA CONTROLLER

For the purposes of the GDPR, the data controller is:

BGM Agency LLC
Operating Location: Miami, Florida
Email: [email protected]
Website: https://aitycoonz.com

If you have questions or concerns about how we handle your personal data, please contact us using the information above.


LEGAL BASIS FOR PROCESSING

We process your personal data based on the following lawful grounds under GDPR:

1. Contractual Necessity

We process your data to fulfill our contractual obligations when you:

Purchase a course, coaching program, or digital product

Create an account on our Site

Enroll in a subscription service

2. Legitimate Interests

We process your data based on our legitimate business interests, including:

Improving our Services and user experience

Conducting marketing and promotional activities

Preventing fraud and ensuring security

Analyzing Site performance and user behavior

We balance our interests with your rights and freedoms. You have the right to object to processing based on legitimate interests.

3. Consent

We process your data based on your explicit consent when you:

Subscribe to our email newsletter or marketing communications

Agree to cookies and tracking technologies

Provide testimonials or user-generated content

You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

4. Legal Obligation

We process your data to comply with legal requirements, such as:

Tax and accounting obligations

Responding to law enforcement or regulatory requests

Enforcing our Terms of Service


WHAT PERSONAL DATA WE COLLECT

We collect and process the following categories of personal data:

Identity and Contact Data

Full name

Email address

Phone number

Billing and shipping address

Financial Data

Payment card information (processed by Stripe or PayPal; we do not store full card details)

Billing history and transaction records

Technical Data

IP address

Browser type and version

Device type and operating system

Cookies and tracking identifiers

Usage Data

Pages visited and time spent on Site

Click-stream data and navigation patterns

Course progress and engagement metrics

Marketing and Communications Data

Email open and click-through rates

Marketing preferences and consent status

For more details, see our main Privacy Policy.


HOW WE USE YOUR PERSONAL DATA

We use your personal data for the following purposes:

To provide Services: Process purchases, deliver courses, provide customer support

To communicate: Send transactional emails, respond to inquiries, provide updates

To market: Send promotional emails and newsletters (with your consent)

To analyze: Improve Site performance, optimize user experience, conduct research

To secure: Prevent fraud, protect against unauthorized access, enforce policies

To comply: Meet legal and regulatory obligations


YOUR RIGHTS UNDER GDPR

As an individual in the EEA or UK, you have the following rights regarding your personal data:

1. Right to Access

You have the right to request a copy of the personal data we hold about you.

2. Right to Rectification

You have the right to request that we correct inaccurate or incomplete personal data.

3. Right to Erasure ("Right to Be Forgotten")

You have the right to request deletion of your personal data in certain circumstances, including:

The data is no longer necessary for the purposes for which it was collected

You withdraw consent and there is no other legal basis for processing

You object to processing based on legitimate interests

The data has been unlawfully processed

Limitations:
We may retain data if required by law, for legal claims, or for legitimate business purposes (e.g., tax records).

4. Right to Restrict Processing

You have the right to request that we limit how we use your personal data in certain situations, such as:

You contest the accuracy of the data

Processing is unlawful but you do not want the data erased

We no longer need the data, but you need it for legal claims

You object to processing while we verify legitimate grounds

5. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

This right applies only to data:

You provided to us

Processed based on consent or contract

Processed by automated means

6. Right to Object

You have the right to object to processing of your personal data in certain circumstances:

Direct marketing: You can opt out at any time using the unsubscribe link in our emails

Legitimate interests: You can object to processing based on our legitimate interests

If you object, we will stop processing unless we demonstrate compelling legitimate grounds that override your rights.

7. Right to Withdraw Consent

If we process your data based on consent, you have the right to withdraw that consent at any time.

Withdrawal does not affect the lawfulness of processing before withdrawal.

8. Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

For UK residents:
Information Commissioner's Office (ICO)
Website: https://ico.org.uk

For EEA residents:
Contact your national data protection authority. A list is available at: https://edpb.europa.eu/about-edpb/board/members_en


HOW TO EXERCISE YOUR RIGHTS

To exercise any of the rights listed above, please contact us:

Email: [email protected]
Subject Line: "GDPR Data Request"

Include in your request:

Your full name

Email address associated with your account

The right you wish to exercise

Any relevant details or documentation

We will respond to your request within 30 days (or as required by law).

We may request additional information to verify your identity before processing your request.


DATA RETENTION

We retain your personal data for as long as necessary to:

Provide our Services

Comply with legal and regulatory obligations

Resolve disputes and enforce agreements

Retention periods:

Account data: Retained while your account is active, plus up to 7 years after closure for legal and tax purposes

Payment records: Retained for up to 7 years for accounting and compliance

Marketing data: Retained until you unsubscribe or request deletion

Analytics data: Retained in anonymized or aggregated form indefinitely

When personal data is no longer needed, we will securely delete or anonymize it.


INTERNATIONAL DATA TRANSFERS

BGM Agency LLC operates from Thailand, which is not within the EEA or UK.

When we transfer your personal data outside the EEA or UK, we ensure appropriate safeguards are in place, including:

1. Standard Contractual Clauses (SCCs)

We use Standard Contractual Clauses approved by the European Commission to protect data transferred to third countries.

2. Data Processing Agreements

We require third-party service providers to enter into data processing agreements that ensure GDPR compliance.

3. Adequacy Decisions

Where possible, we transfer data to countries recognized by the European Commission as providing adequate data protection.

By using our Services, you consent to the transfer of your personal data to Thailand and other countries where we or our service providers operate.


THIRD-PARTY SERVICE PROVIDERS

We share your personal data with the following categories of third-party processors:

Payment processors: Stripe, PayPal (for secure payment processing)

Email marketing platforms: GoHighLevel, ActiveCampaign (for newsletters and campaigns)

Analytics providers: Google Analytics, Meta Pixel (for Site performance and advertising)

Course hosting platforms: GoHighLevel, Kajabi (for course delivery and management)

Cloud storage: AWS, Google Cloud, Cloudflare (for data storage and security)

All third-party processors are contractually obligated to:

Process data only as instructed by us

Implement appropriate security measures

Comply with GDPR requirements

For a full list of third-party processors, contact us at [email protected].


COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies on our Site. For detailed information about our use of cookies, see our main Privacy Policy.

You can manage cookie preferences through:

Your browser settings

Our cookie consent banner (where available)

Types of cookies we use:

Strictly necessary cookies: Required for Site functionality

Performance cookies: Google Analytics (for traffic analysis)

Marketing cookies: Meta Pixel, Google Ads (for targeted advertising)

Rejecting non-essential cookies may limit Site functionality.


AUTOMATED DECISION-MAKING AND PROFILING

We do not engage in automated decision-making or profiling that produces legal effects or significantly affects you.

If this changes in the future, we will update this Notice and obtain your explicit consent where required.


DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data, including:

SSL/TLS encryption for data transmission

Secure servers and cloud storage

Access controls and authentication

Regular security audits and monitoring

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

If you believe your data has been compromised, contact us immediately at [email protected].


CHILDREN'S PRIVACY

Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. We will delete such data promptly.


DATA BREACH NOTIFICATION

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours (where required by law)

Notify affected individuals without undue delay if the breach poses a high risk

We maintain incident response procedures to detect, investigate, and mitigate data breaches.


CHANGES TO THIS GDPR NOTICE

We may update this GDPR Privacy Notice from time to time to reflect changes in our practices or legal requirements.

When we make changes:

We will update the "Last Updated" date at the top of this page

Material changes will be communicated via email or prominent notice on our Site

Your continued use of our Services after changes are posted constitutes acceptance of the updated Notice.


CONTACT US

If you have questions, concerns, or requests regarding this GDPR Notice or our data practices, please contact us:

BGM Agency LLC
Email: [email protected]
Website: https://aitycoonz.com

Data Protection Inquiries:
For GDPR-specific inquiries, use subject line "GDPR Inquiry" when contacting us.


SUPERVISORY AUTHORITY

If you are not satisfied with our response to your inquiry or believe we have violated your GDPR rights, you have the right to lodge a complaint with your local supervisory authority:

For UK residents:
Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Phone
: +44 (0)303 123 1113

For EEA residents:
Contact your national data protection authority. Find your authority at: https://edpb.europa.eu/about-edpb/board/members_en


BGM Agency LLC © 2026. All Rights Reserved.