Privacy policy

    Privacy policy

    Effective Date: January 15, 2026

    Last Updated: January 20, 2026

    Overview

    This Privacy Policy explains how Gloria Zhang & Associates Ltd. (“Company,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information and personal data when you visit or use our websites:

    (collectively, the “Sites”) or interact with our coaching/consulting, 1:1 services, courses, digital products, communities, events, content, and communications (collectively, the “Services”).

    We are a Canadian business. If you are located in the European Economic Area (“EEA”), United Kingdom (“UK”), or Switzerland, additional terms apply—see Section 16 (EEA/UK/CH GDPR ADDENDUM).

    1) DATA CONTROLLER & CONTACT DETAILS

    Controller: Gloria Zhang & Associates Ltd.

    Mailing Address:

    C/O: 3860 4th Line

    Bradford, ON L3Z 0Y7

    Canada

    Privacy & Support Contact Email:

    support@bygloriazhang.com

    2) SUMMARY (IN PLAIN ENGLISH)

    - We collect information you provide (like name, email, purchase details, and messages).

    - We also collect certain data automatically (like device info and cookie IDs).

    - We use this data to deliver Services, communicate, improve our Sites, run marketing (with consent where required), and keep things secure.

    - We use third-party tools (including Systeme.io, GoHighLevel, Stripe, PayPal, Buzzsprout, and Google/Meta advertising tools).

    - If you are in the EEA/UK, we ask for opt-in consent for non-essential cookies/pixels and honor GDPR rights (see Section 16).

    3) INFORMATION WE COLLECT

    We collect information in three ways: (A) information you provide, (B) information collected automatically, and (C) information from third parties.

    A) Information you provide

    Depending on how you interact with us, you may provide:

    - Identifiers & contact details: name, email, phone number, mailing/billing address

    - Purchase & billing data: purchase history, subscription status, transaction details (payment card data is generally processed by Stripe/PayPal and not stored by us)

    - Program and community data: enrollment details, course progress, community posts/comments/files you share

    - Application/intake data (business-related): business goals, background, preferences, questionnaire responses

    - Communications: emails, messages, DMs, support requests, survey responses

    - Testimonials: your written/recorded testimonial and, if you provide it, your photo/name/handle and other details you consent to share

    B) Information collected automatically (cookies/analytics)

    When you visit the Sites, we and our service providers may collect:

    - Device and browser data (device type, OS, browser type)

    - Usage data (pages viewed, clicks, time on page, referring/exit pages)

    - Approximate location (city/region derived from IP address)

    - Cookie identifiers and similar tracking data (see Section 8)

    C) Information from third parties

    We may receive information from:

    - Payment processors (Stripe/PayPal): confirmation of payment, subscription status, disputes/chargebacks

    - Email/CRM platforms (Systeme.io, GoHighLevel): engagement data (opens/clicks), delivery events, tagging/automation outcomes

    - Advertising/analytics partners (Google/Meta): performance and attribution data, where enabled

    - Podcast/media platforms (Buzzsprout): podcast hosting and analytics, where enabled

    - Scheduling/webinar/event tools (if used): registration and attendance data

    4) SENSITIVE DATA / SPECIAL CATEGORIES

    Our Services are business/coaching/educational in nature. We do not request health or other sensitive data for standard business coaching.

    Please do not submit sensitive personal data unless explicitly requested for a specific Service.

    If you voluntarily provide sensitive data, we will only use it for the purpose you provided it for and, where legally required, based on your explicit consent or another lawful basis permitted by law.

    5) HOW WE USE YOUR INFORMATION

    We use your information to:

    - Provide, deliver, and administer the Services (including processing purchases and granting access to digital products/courses/community)

    - Communicate with you (transactional emails, service updates, responses to inquiries)

    - Send marketing communications (you can unsubscribe anytime; for EEA/UK see Section 16)

    - Personalize and improve the Sites/Services (troubleshooting, analytics, measuring content performance)

    - Run events, webinars, communities, and program operations

    - Maintain security, prevent fraud, and enforce our terms

    - Comply with legal obligations (tax/accounting) and resolve disputes

    6) LEGAL BASES (OVERVIEW)

    Where required (including under GDPR/UK GDPR), we process personal data only when we have a lawful basis, such as:

    - Contract necessity (to deliver what you purchased/requested)

    - Legitimate interests (to operate and improve our business and keep it secure)

    - Consent (especially for marketing and non-essential cookies/pixels in the EEA/UK)

    - Legal obligation (tax/accounting, compliance, lawful requests)

    See Section 16 for a detailed mapping for EEA/UK/CH users.

    7) SHARING & DISCLOSURE

    We do not sell your personal information in the conventional sense.

    We may share information with:

    - Service providers (“processors”) that help us operate: hosting, email/CRM, analytics, payments, course/community delivery, customer support tools

    - Professional advisors (legal/accounting) under confidentiality

    - Authorities or others when required by law or to protect rights/safety and prevent fraud

    - A successor entity in a merger, acquisition, or asset sale (with appropriate protections)

    8) COOKIES, PIXELS, ANALYTICS & ADVERTISING

    We use cookies and similar technologies to operate the Sites and, where enabled, measure marketing and improve performance.

    Examples of technologies we may use:

    - Google tools (e.g., conversion tracking and advertising measurement; analytics if enabled)

    - Meta tools (e.g., Meta Pixel for advertising/retargeting measurement)

    - Platform cookies (Systeme.io / GoHighLevel / embedded media players) as applicable

    EEA/UK NOTICE:

    If you are located in the EEA/UK, we will request your consent before placing non-essential cookies/pixels (analytics and marketing). You can accept, reject, or manage preferences. If you do not consent, those non-essential cookies/pixels should not fire.

    You can also control cookies through your browser settings. Note: disabling certain cookies may impact site features.

    9) INTERNATIONAL DATA TRANSFERS

    We are based in Canada, and our service providers may process data in Canada, the United States, and other countries. Your data may be transferred and stored outside your country.

    For EEA/UK/CH transfers, we use recognized safeguards where required (such as adequacy decisions, Standard Contractual Clauses, or other lawful mechanisms depending on the provider and destination). See Section 16.

    10) DATA RETENTION

    We retain personal information only as long as necessary for the purposes described in this Policy, including:

    - To provide Services and maintain business records

    - To comply with legal, tax, and accounting obligations

    - To resolve disputes and enforce agreements

    Retention periods vary by data type and context.

    11) SECURITY

    We use reasonable administrative, technical, and organizational measures to protect information. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

    12) EMAIL & MARKETING PREFERENCES

    Email: You can unsubscribe at any time using the link in our emails.

    We may still send non-marketing messages (purchase confirmations, access instructions, important service notices).

    13) TESTIMONIALS (INCLUDING PHOTOS)

    If you provide a testimonial (and especially a photo), we will request your permission to publish it. You can request removal at any time by emailing support@gloriazhang.com. We will make reasonable efforts to remove it from active marketing channels, but we may retain records where necessary for legal/operational reasons.

    14) COMMUNITY SPACES

    If you join a community, please avoid sharing sensitive personal data. Community posts may be visible to other members depending on the platform settings. We may moderate content to protect the community.

    15) SOCIAL MEDIA & THIRD-PARTY PLATFORMS (INSTAGRAM, FACEBOOK, ETC.)

    We may interact with you on social media platforms (e.g., Instagram, Facebook). Information you share with us there (comments, likes, messages) may be processed by both us and the platform under the platform’s own policies.

    If we embed social media content (e.g., Instagram posts) or use pixels from these platforms, those third parties may collect data about your visit (including via cookies) depending on your settings and consent choices.

    16) EEA/UK/CH GDPR ADDENDUM (FOR USERS LOCATED IN THE EEA/UK/CH)

    This section applies if you are located in the EEA, UK, or Switzerland.

    16.1 Applicability

    GDPR/UK GDPR can apply to organizations outside the EU/UK when they offer goods/services to people in the EU/UK or monitor their behavior (such as through certain tracking/pixels). See also our cookie/pixel practices in Section 8.

    16.2 Your rights

    Subject to legal conditions and exceptions, you may have the right to:

    - Access your personal data

    - Correct inaccurate data

    - Request deletion (“erasure”)

    - Restrict processing

    - Data portability

    - Object to processing (including certain direct marketing)

    - Withdraw consent (where processing is based on consent)

    - Lodge a complaint with your local supervisory authority

    To exercise rights, contact: support@gloriazhang.com. We may request verification.

    16.3 Lawful bases table (EEA/UK/CH)

    We typically rely on the following lawful bases:

    A) Contract (to provide Services you request/purchase)

    - Processing purchases and delivering Services

    - Granting access to courses/community and providing customer support

    - Managing your account and Service communications

    B) Legitimate interests (running and improving our business)

    - Site security, fraud prevention, abuse detection

    - Improving Services and internal operations

    NOTE: In the EEA/UK, analytics/marketing cookies often still require consent even if we have legitimate interests.

    C) Consent

    - Non-essential cookies/pixels (analytics/marketing) in the EEA/UK

    - Publishing certain testimonials/photos (where consent is appropriate)

    - Marketing emails where required by law or where we choose to rely on consent

    D) Legal obligation

    - Tax/accounting recordkeeping

    - Compliance with lawful requests and regulatory obligations

    16.4 International transfers (EEA/UK/CH)

    If your data is transferred outside the EEA/UK/CH, we rely on recognized transfer mechanisms where required, such as:

    - Adequacy decisions (Canada has an adequacy pathway for certain transfers under its federal private-sector framework)

    - Standard Contractual Clauses or other safeguards as appropriate for the vendor and destination

    - Other lawful mechanisms where applicable

    16.5 EU/UK Representative (Article 27)

    If we are required to appoint an EU and/or UK representative, we will publish the representative’s contact details here.

    17) CHILDREN

    The Sites and Services are not intended for children under 13, and we do not knowingly collect their personal information.

    18) CHANGES TO THIS POLICY

    We may update this Policy from time to time. We will update the Effective Date and Last Updated date.

    19) CONTACT

    Privacy requests: support@bygloriazhang.com