PRIVACY POLICY

Last updated: October 9, 2025

1. SCOPE AND APPLICATION

This Privacy Policy applies to all users of UGM-Group.com, including residents of the European Economic Area (EEA), Switzerland, Canada, the United States, and the State of New Mexico.
UGM Group LLC complies with all applicable data protection laws, including:

the EU General Data Protection Regulation (GDPR),
the Swiss Federal Data Protection Act (LPD/FADP),
the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA),
and relevant U.S. federal and state privacy laws.

2. DATA CONTROLLER

UGM Group LLC is the controller responsible for processing your personal data.

Data Protection Officer (DPO): legal@ugm-group.com
Primary Contact: info@ugm-group.com
Registered Address:
UGM Group LLC | 8206 Louisiana Blvd NE, Ste B #10615
Albuquerque, NM 87113, USA

3. IT SUBCONTRACTING WITH TRUSTIATIS LLC

UGM Group LLC subcontracts certain IT services to Trustiatis LLC, acting as a data processor under written agreements fully compliant with:

GDPR for European and Swiss data,
PIPEDA for Canadian data, and
U.S. data protection laws for American users.

Trustiatis LLC may only access data for the following limited purposes:

secure hosting and infrastructure management,
system maintenance and monitoring,
cybersecurity and incident prevention.

All processing by Trustiatis LLC is subject to strict confidentiality and security obligations.

4. PAYMENT PROCESSORS AND FINANCIAL DATA HANDLING

4.1 Third-Party Payment Processors

UGM Group LLC uses the following independent payment processors:

Stripe, Inc. – Credit/debit card processing
PayPal Holdings, Inc. – Digital wallet services
Wise Payments Limited – International transfers
Mercury Financial, LLC – Banking and treasury services

4.2 Data Collected by Payment Processors

These entities independently collect and process:

Card information (number, expiry date, CVV)
Transaction history
Identity verification and KYC documentation
Billing and shipping addresses
Compliance and anti-fraud data

4.3 Legal Basis and Purpose

Processing is necessary for:

performing payment contracts,
complying with financial regulations (PSD2, AML/KYC),
preventing fraud and ensuring transaction security.

4.4 Disclaimer

UGM Group LLC is not responsible for personal data processing carried out by third-party payment processors. Each acts as an independent controller under its own privacy policy.

5. DATA COLLECTED AND PURPOSES

A. Automatically Collected Technical Data

Browser type, IP address, time zone, and cookies — used solely for security, anti-abuse, and anonymous statistical purposes.

B. Personal Data – Individual KYC

Civil identity: name, surname, date and place of birth
Contact details: postal address, email, phone number
Payment data: bank or card details for transactions
Identity verification: ID copy, selfie (upon justified request)
Biometric data: selfies used exclusively for identity verification

Purposes: Service delivery, client management, payment security, and regulatory compliance.

C. Corporate Data – KYC Compliance

Identification of legal representatives and directors
Legal documents: company registration, articles, minutes
Shareholding structure: beneficial owners (>25%)
Commercial and financial documentation
Biometric verification of authorized representatives

Purposes: Compliance with KYC/AML laws, anti-fraud measures, and eligibility verification.

6. DISCLOSURE TO AUTHORITIES

We may disclose personal data to competent authorities only when legally required, including:

formal requests from judicial or regulatory authorities,
financial supervision and compliance inquiries,
tax or anti-money-laundering investigations,
lawful intelligence or law enforcement demands.

All disclosures are made in accordance with applicable legal bases in each jurisdiction.

7. LEGAL BASES FOR PROCESSING

Contract performance: service delivery, payments
Explicit consent: newsletters, marketing communications
Legitimate interest: security, analytics
Legal obligation: tax, financial, and AML/KYC compliance

8. YOUR RIGHTS BY JURISDICTION

EEA and Switzerland

Right of access, rectification, and erasure
Right to restriction and objection
Right to data portability
Right to withdraw consent
Right to set post-mortem data handling instructions

Canada

Right to access and correct personal data
Right to withdraw consent
Right to file a complaint with the Privacy Commissioner of Canada

United States

California (CCPA): right to know, delete, opt-out of sale, non-discrimination
New Mexico: right to access, correction, and breach notification

9. CHILDREN’S PRIVACY

UGM-Group.com is not intended for children:

under 13 (United States/Canada)
under 14 (Switzerland)
under 16 (EEA, or local age of consent)

We do not knowingly collect data from minors. If such data is discovered, it will be deleted immediately.

10. DATA RETENTION

Accounts: duration of account + 3 years
Transactions: 10 years (tax compliance)
Prospects: 3 years after last interaction
Analytics cookies: 13 months
KYC documentation: 5 years after business relationship ends
Biometric data: 90 days after successful verification
Payment data: per payment processor policy (typically 7 years)

11. INTERNATIONAL DATA TRANSFERS

From EEA/Switzerland:
- Canada: adequacy decision
- United States: EU-US Data Privacy Framework or SCCs
- Payment processors: PCI DSS certification
From Canada: transfers consistent with PIPEDA
From the U.S.: transfers compliant with federal and state law

12. SECURITY AND DATA BREACH MANAGEMENT

UGM Group LLC applies robust technical and organizational measures including:

encryption of sensitive data,
role-based access control,
continuous system monitoring,
regular backups,
recommended multi-factor authentication,
PCI DSS compliance for payment data.

In the event of a data breach:

EEA/Switzerland: Notification within 72 hours to authorities
Canada: Notification per PIPEDA timelines
New Mexico: Compliance with the Data Breach Notification Act

Affected individuals will be informed if the breach poses a high risk to their rights or freedoms.

13. COOKIES MANAGEMENT

Essential cookies: required for site functionality
Analytics cookies: require consent (EEA/Switzerland)
Personalization cookies: require consent

Consent mechanisms:

EEA/Switzerland: explicit via cookie banner
Canada: contextual based on sensitivity
U.S.: generally implied with opt-out options available

14. FRAUD PROTECTION

UGM Group LLC implements strict security controls but assumes no liability for:

fraudulent or phishing emails,
hacking incidents caused by third parties,
unauthorized use of credentials due to user negligence,
breaches occurring at independent payment processors.

Security recommendations:

Verify sender and link authenticity
Enable two-factor authentication
Never share passwords
Report any fraud attempt to legal@ugm-group.com
Regularly review your financial statements

15. CONTACT AND EXERCISING YOUR RIGHTS

General contact: info@ugm-group.com
Data Protection Officer: legal@ugm-group.com
Response time: within 1 month (extendable by 2 months for complexity)
Free of charge, unless requests are manifestly unfounded or excessive

For payment data inquiries, please contact the relevant payment processor directly (Stripe, PayPal, Wise, Mercury).

16. UPDATES AND COMPLAINTS

This policy may be updated periodically.
Substantial changes will be communicated 30 days prior to taking effect.

Supervisory authorities:

EEA: your national data protection authority
Switzerland: Federal Data Protection and Information Commissioner
Canada: Privacy Commissioner of Canada
United States: State consumer protection authorities (e.g., FTC)

By using UGM-Group.com, you acknowledge that you have read, understood, and agreed to this Privacy Policy, including all provisions regarding third-party payment processors.