Privacy Policy – Goran Vajic – Fide Master and chess coach

PRIVACY POLICY

www.goranvajic.com

Effective Date: January 7, 2026

Plethora Commerce LLC, a Wyoming limited liability company doing business as Accountability Chess Coaching (“we,” “us,” “our,” or the “Company”), operates the website located at www.goranvajic.com (the “Website”) and provides online chess coaching services (the “Services”). We are committed to protecting your privacy and handling your personal information responsibly.

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you visit the Website, create an account, book or participate in coaching sessions, make payments, or otherwise interact with our Services. It applies to all users worldwide, with specific provisions for residents of the European Union (under the General Data Protection Regulation – “GDPR”) and California, United States (under the California Consumer Privacy Act – “CCPA,” as amended by the California Privacy Rights Act – “CPRA”).

By accessing or using the Website or Services, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Website or Services.

We may update this Privacy Policy from time to time. Changes will be posted on the Website with the updated effective date. Your continued use after changes constitutes acceptance.

Section 1: Data Controller and Contact Information

Plethora Commerce LLC is the data controller responsible for your personal information under applicable laws. Although our legal entity is registered in Wyoming, United States, we have operational bases in Germany, which may make us subject to EU data protection requirements.

For questions, requests, or complaints regarding this Privacy Policy or our data practices, contact us at:

Email: [email protected]
Postal Address: Plethora Commerce LLC, 30 N Gould St Ste R, Sheridan WY 82801 United States

EU residents may also lodge complaints with their local supervisory authority (e.g., in Germany, the relevant Landesdatenschutzbehörde).

Section 2: Types of Information We Collect

We collect the following categories of personal information:

Identifiers and Contact Information: Name, email address, phone number, postal address, username, and account credentials.
Payment Information: Billing details, payment method tokens (processed via third-party providers like PayPal; we do not store full card numbers).
Session and Coaching Data: Chess skill level, goals, homework submissions, communications with coaches, and recordings of sessions (including video/audio of you and the coach).
Technical and Usage Data: IP address, browser type, device information, operating system, referral sources, and interaction logs (e.g., pages viewed, clicks).
Communication Data: Emails, messages, feedback surveys, and support inquiries.
Inferred Data: Preferences, chess progress insights derived from your interactions (non-sensitive).

We do not collect sensitive personal information (e.g., health data, racial/ethnic origin) unless voluntarily provided in communications, in which case we minimize its use.

Section 3: Sources of Information Collection

We collect information from:

Directly from You: When you register an account, book sessions, schedule classes, submit payments, participate in sessions, complete homework, or contact us.
Automatically: Through cookies, pixels, logs, and similar technologies when you visit the Website or use the Services.
From Third Parties: Payment processors (e.g., PayPal transaction confirmations), video conferencing tools (e.g., metadata from session platforms), and analytics providers.
Inferred: From analyzing your usage patterns and session performance.

Section 4: Purposes of Processing Personal Information

We process your information for the following purposes:

To provide and manage the Services (e.g., scheduling sessions, delivering recordings, assigning homework).
To process payments and prevent fraud.
To communicate with you (e.g., confirmations, reminders, support responses).
To personalize coaching and improve your experience.
To analyze usage and enhance the Website/Services (e.g., aggregated analytics).
To comply with legal obligations (e.g., tax reporting, dispute resolution).
For marketing (with consent where required), such as newsletters about chess tips or new packages.
To enforce our Terms and Conditions and protect our rights.

Processing is based on contract performance, legitimate interests, consent, or legal requirements.

Section 5: Legal Bases for Processing (GDPR-Specific)

For EU residents, our processing relies on:

Contract: Necessary to deliver booked Services and manage your account.
Legitimate Interests: For security, analytics, service improvements, and direct marketing (balanced against your rights).
Consent: For optional cookies, marketing communications, or non-essential processing (revocable at any time).
Legal Obligations: For compliance with applicable laws.

We conduct balancing tests for legitimate interests to ensure your rights are not overridden.

Section 6: Sharing and Disclosure of Personal Information

We share information with:

Service Providers: Third-party processors (e.g., PayPal for payments, cloud storage for recordings, email providers) bound by data protection agreements.
Coaches: Session recordings and related data shared with affiliated coaches (e.g., FIDE Master Goran Vajic) for providing Services.
Legal Requirements: When required by law, court order, or to protect rights/safety.
Business Transfers: In mergers, acquisitions, or asset sales (with notice where required).

We do not sell personal information (as defined under CCPA) or share for cross-contextual advertising. Aggregated/anonymized data may be shared for research.

Section 7: International Data Transfers

As a US-registered entity with operations in Germany and users worldwide, we transfer data between the EU/EEA, US, and other countries.

Transfers to the US rely on Standard Contractual Clauses (SCCs), adequacy decisions where applicable, or your consent. We implement safeguards like encryption and access controls.

For CCPA, we provide notice of cross-border transfers.

Section 8: Data Retention

We retain information only as long as necessary:

Account and session data: For the duration of your account plus 7 years (for tax/legal purposes).
Payment records: As required by financial laws (typically 7-10 years).
Session recordings: Lifetime access as part of Services, unless you request deletion.
Logs/cookies: Up to 12 months for analytics.

We delete or anonymize data when no longer needed, subject to legal holds.

Section 9: Data Security Measures

We employ reasonable technical, administrative, and organizational measures, including:

Encryption (in transit and at rest).
Access controls and authentication.
Regular security assessments.
Employee training.

However, no system is completely secure; we cannot guarantee absolute protection against breaches.

In case of a data breach, we will notify affected users and authorities as required by law (e.g., within 72 hours under GDPR).

Section 10: Cookies and Tracking Technologies

We use cookies, pixels, and similar tools for essential functions (e.g., session management), analytics (e.g., Google Analytics), and marketing.

Details are in our separate Cookie Policy. You can manage preferences via the cookie banner or browser settings. Essential cookies cannot be disabled.

Section 11: Third-Party Websites and Services

The Website may link to third-party sites (e.g., payment gateways, video tools). We are not responsible for their privacy practices. Review their policies separately.

Integrated tools (e.g., PayPal) have their own data handling.

Section 12: Children’s Privacy

The Services are not intended for children under 16 (or higher age of consent in your jurisdiction). We do not knowingly collect data from children.

If we learn of such collection, we will delete it promptly. Parents/guardians: contact us if concerned.

For verified parental consent cases (rare), we comply with COPPA.

Section 13: Your Privacy Rights (General)

You may have rights to:

Access, correct, or delete your data.
Object to/restrict processing.
Withdraw consent.
Portability.
Non-discrimination for exercising rights.

Submit requests via [email protected]. We verify identity before responding (typically within 30-45 days).

Section 14: GDPR-Specific Rights (EU/EEA Residents)

You have rights under GDPR to:

Access (receive a copy).
Rectification.
Erasure (“right to be forgotten”).
Restriction of processing.
Data portability.
Object (including to legitimate interests/marketing).
Not be subject to automated decisions (none used here).

No fees generally; appeals available via supervisory authorities.

Section 15: CCPA/CPRA-Specific Rights (California Residents)

California residents have rights to:

Know categories/sources/uses of personal information collected (twice per year).
Access specific pieces.
Delete (subject to exceptions).
Opt-out of sales/sharing (not applicable; we do not sell/share).
Limit sensitive data use (not collected).
Correct inaccurate data.

Use our request portal or email. Authorized agents accepted with verification.

We do not discriminate for rights exercise.

Section 16: Marketing Communications

We may send you marketing communications, such as newsletters, promotional offers, updates about new coaching packages, chess tips, or related services, via email or other electronic means. We will only do so where we have your explicit consent (where required by applicable law) or where we have a legitimate interest in promoting our Services to existing or prospective customers, provided such interest is not overridden by your rights and freedoms.

You can opt out of receiving marketing communications at any time by:

Clicking the “unsubscribe” link included in any promotional email;
Adjusting your communication preferences in your Account settings (if available); or
Contacting us directly at [email protected].

Upon opting out, we will promptly update our records and cease sending marketing communications, typically within 10 business days. Please note that opting out of marketing communications will not affect transactional or service-related communications, such as booking confirmations, session reminders, payment receipts, homework feedback, or responses to your inquiries, which are necessary for providing the Services.

For EU residents, direct marketing based on legitimate interests may be objected to at any time without affecting other processing.

Section 17: Do Not Track Signals and Online Tracking

Certain web browsers may allow you to enable a “Do Not Track” (DNT) feature that sends a signal to websites indicating your preference not to be tracked across third-party websites over time and across sites for targeted advertising. Currently, there is no universally accepted standard for how websites should respond to DNT signals. As a result, we do not currently recognize or respond to browser-initiated DNT signals.

You can manage online tracking preferences through:

Our Cookie Policy and cookie consent banner (for cookies and similar technologies);
Your browser settings to block or delete cookies; or
Third-party opt-out tools (e.g., for analytics providers like Google).

We encourage you to review these options to control tracking in line with your preferences. Notwithstanding the above, we do not engage in cross-contextual behavioral advertising or sell personal information as defined under applicable laws.

Section 18: Changes to This Privacy Policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or the Services. Any revisions will be posted on the Website with the updated “Effective Date” at the top.

For material changes that significantly affect your rights or how we process your personal information (e.g., new purposes or categories of data), we will provide prominent notice, such as via email to your registered address or a banner on the Website, and, where required by law, seek your consent.

Non-material changes (e.g., clarifications or minor updates) will be posted without additional notice.

We recommend reviewing this Privacy Policy periodically. Your continued use of the Website or Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

Section 19: No Third-Party Beneficiaries

This Privacy Policy is intended solely for the benefit of you (as a user) and us (Plethora Commerce LLC and our affiliates). It does not create any rights enforceable by third parties, nor does it confer any third-party beneficiary status on any individual or entity other than as expressly provided herein.

Nothing in this Privacy Policy is intended to limit any rights you may have under applicable law that cannot be waived or limited by contract.

Section 20: Governing Law, Severability, and Entire Agreement

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Wyoming, United States, without regard to conflict of laws principles, except where mandatory provisions of local law provide greater protections (e.g., GDPR for EU residents or CCPA/CPRA for California residents), in which case those mandatory provisions shall apply to the extent required.

If any provision of this Privacy Policy is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect, and the invalid provision shall be reformed to the minimum extent necessary to make it valid and enforceable.

This Privacy Policy, together with our Terms and Conditions and Cookie Policy, constitutes the entire understanding regarding our data practices. In the event of any conflict, mandatory consumer protection laws shall prevail.

If you have any concerns, questions, or complaints about this Privacy Policy or our data handling, please contact us at [email protected]. We are committed to working with you to resolve issues amicably and promptly.