← Back to Home

GDPR & CCPA Compliance

Last Updated: November 29, 2025

Your privacy is important to us. This page explains your data rights under the General Data Protection Regulation (GDPR) for EU residents and the California Consumer Privacy Act (CCPA) for California residents. We are committed to protecting your personal information and providing you with control over your data.

1. Overview of Data Protection Laws

Beacon Momentum complies with major data protection regulations worldwide, including:

GDPR (General Data Protection Regulation): Applies to individuals in the European Union (EU) and European Economic Area (EEA)
CCPA (California Consumer Privacy Act): Applies to California residents
UK GDPR: Applies to individuals in the United Kingdom
Other Regional Laws: We also comply with applicable data protection laws in other jurisdictions

2. Your Rights Under GDPR (EU/EEA Residents)

If you are located in the EU or EEA, you have the following rights under GDPR:

2.1 Right to Access

You have the right to request a copy of the personal data we hold about you. This includes:

What personal data we collect
Why we collect it
How we use it
Who we share it with
How long we keep it

2.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

2.3 Right to Erasure ("Right to be Forgotten")

You have the right to request that we delete your personal data in certain circumstances, such as:

The data is no longer necessary for the purposes for which it was collected
You withdraw your consent (where consent was the legal basis for processing)
You object to the processing and there are no overriding legitimate grounds
The data has been unlawfully processed

Note: We may retain certain data if required by law or for legitimate business purposes (e.g., financial records, legal compliance).

2.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as:

You contest the accuracy of the data
The processing is unlawful, but you do not want the data deleted
We no longer need the data, but you need it for legal claims

2.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., CSV, JSON) and to transmit that data to another service provider.

2.6 Right to Object

You have the right to object to the processing of your personal data in certain circumstances, including:

Processing based on legitimate interests
Direct marketing (including profiling)
Processing for scientific or historical research purposes

2.7 Right to Withdraw Consent

If we process your personal data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

2.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority (data protection authority) in your country if you believe we have violated your data protection rights.

EU Data Protection Authorities: Find your local authority

3. Your Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under CCPA:

3.1 Right to Know

You have the right to request that we disclose:

The categories of personal information we collect about you
The categories of sources from which the personal information is collected
The business or commercial purpose for collecting or selling personal information
The categories of third parties with whom we share personal information
The specific pieces of personal information we have collected about you

3.2 Right to Delete

You have the right to request that we delete your personal information, subject to certain exceptions (e.g., legal obligations, fraud prevention, internal uses).

3.3 Right to Opt-Out of Sale

You have the right to opt out of the "sale" of your personal information. While Beacon Momentum does not sell personal information in the traditional sense, certain data sharing practices (e.g., advertising cookies) may be considered a "sale" under CCPA.

Opt-Out: You can opt out by using our cookie consent tool or by submitting a request below.

3.4 Right to Non-Discrimination

You have the right not to receive discriminatory treatment for exercising your CCPA rights. We will not:

Deny you goods or services
Charge you different prices or rates
Provide you with a different level or quality of services
Suggest that you will receive a different price or level of service

3.5 Right to Limit Use of Sensitive Personal Information

Under the California Privacy Rights Act (CPRA), you have the right to limit the use of sensitive personal information (e.g., precise geolocation, financial account information, health data).

4. How to Exercise Your Rights

To exercise any of the rights described above, please submit a request using one of the following methods:

Submit a Data Rights Request

Email: privacy@beaconmomentum.com

Subject Line: "GDPR Data Request" or "CCPA Data Request"

Include the following information:

Your full name
Email address associated with your account
Type of request (e.g., access, deletion, opt-out)
Proof of identity (e.g., government-issued ID, last 4 digits of payment method)
Specific details about your request

Response Time: We will respond to your request within 30 days (GDPR) or 45 days (CCPA). If we need more time, we will notify you and explain the reason for the delay.

5. Verification Process

To protect your privacy and security, we must verify your identity before fulfilling your data rights request. We may ask you to:

Provide government-issued identification
Confirm details about your account (e.g., email, purchase history)
Answer security questions
Provide proof of payment (e.g., last 4 digits of credit card)

If we cannot verify your identity, we may deny your request to protect your personal information from unauthorized access.

6. Authorized Agents (CCPA)

California residents may designate an authorized agent to submit a data rights request on their behalf. To do so, you must:

Provide written authorization signed by you
Verify your identity directly with us
Provide proof that the agent is authorized to act on your behalf

7. Data We Collect

For a comprehensive list of the personal data we collect, how we use it, and who we share it with, please refer to our Privacy Policy.

Summary of Data Categories:

Category	Examples
Identifiers	Name, email, phone number, IP address
Commercial Information	Purchase history, payment information
Internet Activity	Browsing history, search history, interactions with our website
Geolocation Data	IP-based location, device location (if permitted)
Professional Information	Job title, employer, professional interests
Inferences	Preferences, interests, behavior patterns

8. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

Consent: You have given explicit consent for specific processing activities (e.g., marketing emails)
Contract: Processing is necessary to fulfill our contract with you (e.g., providing services you purchased)
Legal Obligation: Processing is required by law (e.g., tax records, fraud prevention)
Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., improving our services, security)

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law.

Retention Periods:

Account Data: Retained while your account is active and for 2 years after account closure
Financial Records: Retained for 7 years for tax and legal compliance
Marketing Data: Retained until you opt out or for 3 years of inactivity
Analytics Data: Retained for 2 years

You can request deletion of your data at any time, subject to legal and contractual obligations.

10. International Data Transfers

Beacon Momentum is based in the United States. If you are located outside the U.S., your personal data may be transferred to, stored, and processed in the U.S. or other countries where our service providers operate.

Safeguards for International Transfers:

We use Standard Contractual Clauses (SCCs) approved by the European Commission
We work with service providers that comply with GDPR and other data protection laws
We implement technical and organizational measures to protect your data

11. Children's Privacy

Beacon Momentum does not knowingly collect personal information from children under 16 (or under 13 in the U.S.). If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete the information.

12. Do Not Sell My Personal Information (CCPA)

California residents can opt out of the "sale" of personal information by:

Using our cookie consent tool to decline marketing cookies
Submitting a request to privacy@beaconmomentum.com
Enabling Global Privacy Control (GPC) in your browser

Note: We do not sell personal information to third parties for monetary compensation. However, certain data sharing practices (e.g., advertising cookies) may be considered a "sale" under CCPA.

13. Automated Decision-Making and Profiling

We may use automated decision-making and profiling to:

Personalize your experience (e.g., course recommendations)
Detect and prevent fraud
Improve our services

Under GDPR, you have the right not to be subject to decisions based solely on automated processing that produce legal effects or significantly affect you. If you have concerns about automated decision-making, please contact us.

14. Data Security

We implement industry-standard security measures to protect your personal data, including:

Encryption (SSL/TLS) for data in transit
Encryption for sensitive data at rest
Access controls and authentication
Regular security audits and vulnerability assessments
Employee training on data protection

For more information, see our Privacy Policy.

15. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

Notify you within 72 hours (GDPR) or as required by applicable law
Notify relevant supervisory authorities
Provide details about the breach, affected data, and steps we are taking
Offer guidance on how to protect yourself

16. Updates to This Policy

We may update this GDPR/CCPA Compliance page from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

Posting the updated policy on our website
Updating the "Last Updated" date
Sending an email notification (for significant changes)

17. Contact Information

If you have questions about your data rights or this compliance page, please contact us:

Data Protection Officer

Email: privacy@beaconmomentum.com

General Support: support@beaconmomentum.com

Website: https://beaconmomentum.com

18. Supervisory Authorities

If you believe we have violated your data protection rights, you may file a complaint with the appropriate supervisory authority:

EU/EEA: European Data Protection Board - Member Authorities
UK: Information Commissioner's Office (ICO)
California: California Attorney General's Office

Your Privacy Matters: We are committed to protecting your personal information and respecting your data rights. If you have any questions or concerns, please do not hesitate to contact us. We are here to help.

This page was last updated on November 29, 2025. We encourage you to review this page periodically for any updates.