
GDPR PRIVACY NOTICE
For European Economic Area (EEA) and United Kingdom Residents
Effective Date: January 1, 2026
Last Updated: January 1, 2026
INTRODUCTION
BGM Agency LLC ("we," "us," or "our") is committed to protecting the privacy and personal data of individuals located in the European Economic Area (EEA) and the United Kingdom (UK).
This GDPR Privacy Notice supplements our main Privacy Policy and explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).
By using our website (https://aitycoonz.com) or Services, you consent to the practices described in this Notice.
DATA CONTROLLER
For the purposes of the GDPR, the data controller is:
BGM Agency LLC
Operating Location: Miami, Florida
Email: [email protected]
Website: https://aitycoonz.com
If you have questions or concerns about how we handle your personal data, please contact us using the information above.
LEGAL BASIS FOR PROCESSING
We process your personal data based on the following lawful grounds under GDPR:
1. Contractual Necessity
We process your data to fulfill our contractual obligations when you:
Purchase a course, coaching program, or digital product
Create an account on our Site
Enroll in a subscription service
2. Legitimate Interests
We process your data based on our legitimate business interests, including:
Improving our Services and user experience
Conducting marketing and promotional activities
Preventing fraud and ensuring security
Analyzing Site performance and user behavior
We balance our interests with your rights and freedoms. You have the right to object to processing based on legitimate interests.
3. Consent
We process your data based on your explicit consent when you:
Subscribe to our email newsletter or marketing communications
Agree to cookies and tracking technologies
Provide testimonials or user-generated content
You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
4. Legal Obligation
We process your data to comply with legal requirements, such as:
Tax and accounting obligations
Responding to law enforcement or regulatory requests
Enforcing our Terms of Service
WHAT PERSONAL DATA WE COLLECT
We collect and process the following categories of personal data:
Identity and Contact Data
Full name
Email address
Phone number
Billing and shipping address
Financial Data
Payment card information (processed by Stripe or PayPal; we do not store full card details)
Billing history and transaction records
Technical Data
IP address
Browser type and version
Device type and operating system
Cookies and tracking identifiers
Usage Data
Pages visited and time spent on Site
Click-stream data and navigation patterns
Course progress and engagement metrics
Marketing and Communications Data
Email open and click-through rates
Marketing preferences and consent status
For more details, see our main Privacy Policy.
HOW WE USE YOUR PERSONAL DATA
We use your personal data for the following purposes:
To provide Services: Process purchases, deliver courses, provide customer support
To communicate: Send transactional emails, respond to inquiries, provide updates
To market: Send promotional emails and newsletters (with your consent)
To analyze: Improve Site performance, optimize user experience, conduct research
To secure: Prevent fraud, protect against unauthorized access, enforce policies
To comply: Meet legal and regulatory obligations
YOUR RIGHTS UNDER GDPR
As an individual in the EEA or UK, you have the following rights regarding your personal data:
1. Right to Access
You have the right to request a copy of the personal data we hold about you.
2. Right to Rectification
You have the right to request that we correct inaccurate or incomplete personal data.
3. Right to Erasure ("Right to Be Forgotten")
You have the right to request deletion of your personal data in certain circumstances, including:
The data is no longer necessary for the purposes for which it was collected
You withdraw consent and there is no other legal basis for processing
You object to processing based on legitimate interests
The data has been unlawfully processed
Limitations:
We may retain data if required by law, for legal claims, or for legitimate business purposes (e.g., tax records).
4. Right to Restrict Processing
You have the right to request that we limit how we use your personal data in certain situations, such as:
You contest the accuracy of the data
Processing is unlawful but you do not want the data erased
We no longer need the data, but you need it for legal claims
You object to processing while we verify legitimate grounds
5. Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
This right applies only to data:
You provided to us
Processed based on consent or contract
Processed by automated means
6. Right to Object
You have the right to object to processing of your personal data in certain circumstances:
Direct marketing: You can opt out at any time using the unsubscribe link in our emails
Legitimate interests: You can object to processing based on our legitimate interests
If you object, we will stop processing unless we demonstrate compelling legitimate grounds that override your rights.
7. Right to Withdraw Consent
If we process your data based on consent, you have the right to withdraw that consent at any time.
Withdrawal does not affect the lawfulness of processing before withdrawal.
8. Right to Lodge a Complaint
You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.
For UK residents:
Information Commissioner's Office (ICO)
Website: https://ico.org.uk
For EEA residents:
Contact your national data protection authority. A list is available at: https://edpb.europa.eu/about-edpb/board/members_en
HOW TO EXERCISE YOUR RIGHTS
To exercise any of the rights listed above, please contact us:
Email: [email protected]
Subject Line: "GDPR Data Request"
Include in your request:
Your full name
Email address associated with your account
The right you wish to exercise
Any relevant details or documentation
We will respond to your request within 30 days (or as required by law).
We may request additional information to verify your identity before processing your request.
DATA RETENTION
We retain your personal data for as long as necessary to:
Provide our Services
Comply with legal and regulatory obligations
Resolve disputes and enforce agreements
Retention periods:
Account data: Retained while your account is active, plus up to 7 years after closure for legal and tax purposes
Payment records: Retained for up to 7 years for accounting and compliance
Marketing data: Retained until you unsubscribe or request deletion
Analytics data: Retained in anonymized or aggregated form indefinitely
When personal data is no longer needed, we will securely delete or anonymize it.
INTERNATIONAL DATA TRANSFERS
BGM Agency LLC operates from Thailand, which is not within the EEA or UK.
When we transfer your personal data outside the EEA or UK, we ensure appropriate safeguards are in place, including:
1. Standard Contractual Clauses (SCCs)
We use Standard Contractual Clauses approved by the European Commission to protect data transferred to third countries.
2. Data Processing Agreements
We require third-party service providers to enter into data processing agreements that ensure GDPR compliance.
3. Adequacy Decisions
Where possible, we transfer data to countries recognized by the European Commission as providing adequate data protection.
By using our Services, you consent to the transfer of your personal data to Thailand and other countries where we or our service providers operate.
THIRD-PARTY SERVICE PROVIDERS
We share your personal data with the following categories of third-party processors:
Payment processors: Stripe, PayPal (for secure payment processing)
Email marketing platforms: GoHighLevel, ActiveCampaign (for newsletters and campaigns)
Analytics providers: Google Analytics, Meta Pixel (for Site performance and advertising)
Course hosting platforms: GoHighLevel, Kajabi (for course delivery and management)
Cloud storage: AWS, Google Cloud, Cloudflare (for data storage and security)
All third-party processors are contractually obligated to:
Process data only as instructed by us
Implement appropriate security measures
Comply with GDPR requirements
For a full list of third-party processors, contact us at [email protected].
COOKIES AND TRACKING TECHNOLOGIES
We use cookies and similar tracking technologies on our Site. For detailed information about our use of cookies, see our main Privacy Policy.
You can manage cookie preferences through:
Your browser settings
Our cookie consent banner (where available)
Types of cookies we use:
Strictly necessary cookies: Required for Site functionality
Performance cookies: Google Analytics (for traffic analysis)
Marketing cookies: Meta Pixel, Google Ads (for targeted advertising)
Rejecting non-essential cookies may limit Site functionality.
AUTOMATED DECISION-MAKING AND PROFILING
We do not engage in automated decision-making or profiling that produces legal effects or significantly affects you.
If this changes in the future, we will update this Notice and obtain your explicit consent where required.
DATA SECURITY
We implement appropriate technical and organizational measures to protect your personal data, including:
SSL/TLS encryption for data transmission
Secure servers and cloud storage
Access controls and authentication
Regular security audits and monitoring
However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
If you believe your data has been compromised, contact us immediately at [email protected].
CHILDREN'S PRIVACY
Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. We will delete such data promptly.
DATA BREACH NOTIFICATION
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
Notify the relevant supervisory authority within 72 hours (where required by law)
Notify affected individuals without undue delay if the breach poses a high risk
We maintain incident response procedures to detect, investigate, and mitigate data breaches.
CHANGES TO THIS GDPR NOTICE
We may update this GDPR Privacy Notice from time to time to reflect changes in our practices or legal requirements.
When we make changes:
We will update the "Last Updated" date at the top of this page
Material changes will be communicated via email or prominent notice on our Site
Your continued use of our Services after changes are posted constitutes acceptance of the updated Notice.
CONTACT US
If you have questions, concerns, or requests regarding this GDPR Notice or our data practices, please contact us:
BGM Agency LLC
Email: [email protected]
Website: https://aitycoonz.com
Data Protection Inquiries:
For GDPR-specific inquiries, use subject line "GDPR Inquiry" when contacting us.
SUPERVISORY AUTHORITY
If you are not satisfied with our response to your inquiry or believe we have violated your GDPR rights, you have the right to lodge a complaint with your local supervisory authority:
For UK residents:
Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Phone: +44 (0)303 123 1113
For EEA residents:
Contact your national data protection authority. Find your authority at: https://edpb.europa.eu/about-edpb/board/members_en
BGM Agency LLC © 2026. All Rights Reserved.