Login
Signup

BESA SCC

EEA Standard Contractual Clauses
Effective: January 21, 2026

These Standard Contractual Clauses (“Clauses”) are incorporated by reference into and form an integral part of the Data Processing Agreement between the data exporter (as defined below) and B.E.S.A LLC, registered at 1601 Willow Lawn Dr Suite 304, The Shops at Willow Lawn, Richmond, VA 23223, United States (“BESA Coaching”, “B.E.S.A LLC”, “we”, “us”, “our”) (hereafter, the “data importer”).

These Clauses establish appropriate safeguards for the lawful transfer of personal data from the European Economic Area (“EEA”) to a third country in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”), and reflect the privacy standards and practices set forth in the BESA Coaching Privacy Policy (Effective January 21, 2026).

SECTION I

Clause 1: Purpose and Scope

(a) The purpose of these Clauses is to ensure that any transfer of personal data from the EEA to countries outside the EEA by or to BESA Coaching is performed in strict compliance with the GDPR, particularly as regards the protection of the fundamental rights and freedoms of individuals whose personal data is processed.

(b) The parties to these Clauses are:

  • The Data Exporter: The natural or legal person, public authority, agency, or other body (as listed in Annex I.A) that transfers personal data to BESA Coaching. This usually includes clients, parents/guardians (for minors), coaches, or contractors using the Services, as defined in the Privacy Policy.
  • The Data Importer: BESA Coaching (B.E.S.A LLC), which receives and processes such data in the United States or any jurisdiction outside the EEA.

(c) These Clauses apply specifically to the transfer of personal data as described in Annex I.B, and cover all categories of personal data outlined in our Privacy Policy, including, but not limited to:

  • Personal identifiers (e.g., names, contact details, dates of birth)
  • Account credentials and authentication data
  • Payment and billing information
  • Coaching session data and communication records
  • User-generated content
  • Technical and device data
  • Information relating to minors (with required parental consent)
  • Contractor and coach information (e.g., background check results, professional credentials)

(d) The Appendix to these Clauses (containing the relevant Annexes) is an integral part of these Clauses, and further details the categories of data, data subjects, and processing purposes.

Clause 2: Effect and Invariability of the Clauses

(a) These Clauses are designed to provide enforceable data subject rights and effective legal remedies, in compliance with Article 46(1) and 46(2)(c) of the GDPR, and the requirements for controller-to-processor or processor-to-processor transfers set out in Article 28(7) GDPR. The wording of these Clauses may not be altered except for the purpose of selecting the appropriate modules or updating information in the Appendix. Additional contractual clauses or safeguards may be included, provided they do not contradict or undermine these Clauses or the fundamental rights of data subjects.

(b) These Clauses operate in addition to, and do not limit, any other data protection obligations imposed on the data exporter by the GDPR or applicable laws.

Clause 3: Third-Party Beneficiaries

(a) Data subjects whose personal data is transferred under these Clauses (including minors and their guardians, coaches, clients, and contractors, as described in the Privacy Policy) may enforce these Clauses as third-party beneficiaries, subject to the limitations specified below:

  • Not all clauses grant third-party beneficiary status (see original list of exceptions).
  • This right is without prejudice to any other rights granted under the GDPR.

(b) Rights of data subjects under the GDPR are not affected by these Clauses.

Clause 4: Interpretation

(a) Terms used in these Clauses (such as “personal data,” “processing,” “data subject,” etc.) have the same meaning as in the GDPR and as further clarified in the BESA Coaching Privacy Policy.

(b) These Clauses must be interpreted in light of the GDPR and in a manner that ensures the highest standard of privacy and data protection for all individuals whose data is processed.

(c) These Clauses will not be interpreted in any way that contradicts the GDPR.

Clause 5: Hierarchy

In the event of any conflict between these Clauses and any other agreement between the parties (whether entered into before or after these Clauses), these Clauses shall prevail to the extent of the conflict regarding the protection of personal data transferred from the EEA.

Clause 6: Description of the transfer(s)

The full details of the transfer(s)—including the nature, scope, categories of personal data, data subjects, and specific processing purposes—are described in Annex I.B. These reflect the types of data and processing activities detailed in the BESA Coaching Privacy Policy.

Clause 7: Docking Clause

(a) Additional entities (such as new coaches, contractors, or service providers, as defined in the Privacy Policy) may accede to these Clauses at any time, subject to the agreement of the original parties and completion of the Appendix and Annex I.A.

(b) Upon accession, such an entity will be bound by the rights and obligations of a data exporter or data importer, as specified in Annex I.A.

(c) No rights or obligations under these Clauses shall arise for the acceding entity before the date of its accession.

Integration with BESA Coaching Privacy Policy

These SCCs are designed to fully align with the BESA Coaching Privacy Policy, reflecting our commitment to transparency, security, and legal compliance. All personal data collected, used, and transferred under these Clauses is handled in accordance with the practices described in the Privacy Policy, including the collection of sensitive data (where strictly necessary), the protection of minors, and the exercise of user rights as set out therein.

SECTION II – OBLIGATIONS OF THE PARTIES

Clause 8: Data Protection Safeguards

BESA Coaching (“B.E.S.A LLC”) is committed to ensuring all transfers and processing of personal data from the EEA are conducted in strict accordance with the GDPR and the privacy and security standards set out in our Privacy Policy.

8.1 Instructions

  • Processing on Instructions:
    BESA Coaching shall process personal data only on documented instructions from the data exporter (e.g., clients, parents/guardians, or authorized organizations), including with regard to transfers of personal data to a third country. The data exporter may provide additional or updated instructions throughout the duration of the contract.
  • Notification of Inability:
    If BESA Coaching believes it cannot follow these instructions (due to legal requirements or other reasons), it will promptly notify the data exporter.

8.2 Purpose Limitation

  • BESA Coaching will process personal data only for the specific purposes stated in Annex I.B and as described in our Privacy Policy—such as providing coaching services, processing payments, maintaining platform security, and ensuring legal compliance—unless otherwise instructed by the data exporter.

8.3 Transparency

  • Upon request, the data exporter will provide a copy of these Clauses, including the Appendix, to any data subject (client, parent/guardian, coach, or contractor) free of charge.
  • Redaction of confidential business information or sensitive security details is permitted if necessary, but the data exporter will provide a meaningful summary where required to ensure the data subject can understand their rights and how their data is protected.
  • This is in addition to the transparency obligations under Articles 13 and 14 GDPR and as reflected in our Privacy Policy.

8.4 Accuracy

  • If BESA Coaching becomes aware that any personal data it has received is inaccurate or outdated, it will inform the data exporter without undue delay and cooperate to rectify or erase the data as appropriate, in line with user rights explained in our Privacy Policy.

8.5 Duration of Processing and Erasure or Return of Data

  • BESA Coaching will process personal data only for the duration specified in Annex I.B and as required for the provision of Services.
  • After the end of processing (e.g., termination of contract, closure of user account), BESA Coaching will, at the choice of the data exporter, either delete all personal data or return it to the data exporter, and certify completion of this action.
  • If deletion or return is prevented by local law, BESA Coaching will ensure continued compliance with these Clauses and will only retain data as strictly required by such law, as described in our Privacy Policy’s data retention section.

8.6 Security of Processing

  • Technical & Organizational Measures:
    BESA Coaching (and, during transmission, the data exporter) shall implement appropriate technical and organizational measures to ensure data security. This includes protection against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access (personal data breach).
  • Security Practices:
    Security measures include, but are not limited to: encryption, access controls, secure authentication, secure payment processing (via third-party providers such as Stripe or Bank of America), regular security reviews, and physical safeguards for confidential data (see also our Privacy Policy “How do we protect your information?”).
  • Access Limitation:
    Access to personal data is restricted to personnel strictly necessary for contract implementation, who are bound by confidentiality obligations.
  • Incident Response:
    In the event of a personal data breach, BESA Coaching will take prompt action to mitigate risks, notify the data exporter without undue delay, and provide all available information regarding the breach (including contact details, nature, affected data, and mitigation steps). Updates will be provided as new information becomes available.
  • Cooperation:
    BESA Coaching will cooperate with the data exporter to support any required notifications to EU authorities or affected individuals, consistent with the GDPR and the Privacy Policy.

8.7 Sensitive Data

  • Where processing involves special categories of data (e.g., data related to minors, health, or government identifiers as described in our Privacy Policy), BESA Coaching will apply additional safeguards and restrictions as detailed in Annex I.B and reflected in our Privacy Policy, such as heightened access controls and encryption.

8.8 Onward Transfers

  • BESA Coaching will only disclose personal data to third parties on the documented instructions of the data exporter, and only if:
    • The third party is subject to these Clauses or equivalent safeguards;
    • The transfer is to a country with an adequacy decision under the GDPR;
    • The third party provides appropriate safeguards pursuant to GDPR Articles 46 or 47;
    • The transfer is necessary for legal claims or to protect vital interests.
  • All onward transfers will respect the purpose limitation and safeguard requirements outlined in these Clauses and our Privacy Policy. Common third parties include payment processors, background check agencies, and (in the case of minors) parents/guardians.

8.9 Documentation and Compliance

  • Prompt Response:
    BESA Coaching shall promptly and adequately respond to inquiries from the data exporter regarding processing under these Clauses.
  • Demonstrating Compliance:
    BESA Coaching maintains documented records of all processing activities and security measures per GDPR requirements.
  • Audit Rights:
    Upon request, BESA Coaching will provide all information necessary to demonstrate compliance with these Clauses and allow for audits (including inspections of relevant facilities or systems) at reasonable intervals or upon evidence of non-compliance. The data exporter may conduct these audits itself or via an independent auditor, subject to reasonable notice.
  • Supervisory Authority Access:
    Audit results and compliance documentation will be made available to competent supervisory authorities upon request.

Integration with Privacy Policy:
All obligations above are implemented and exercised in line with the detailed data practices set forth in the BESA Coaching Privacy Policy, ensuring transparent, secure, and compliant processing for all users, including minors (with parental consent), coaches, contractors, and other stakeholders.

For questions or to exercise your privacy rights, contact: support@besacoaching.com

Clause 9: Use of Sub-processors

(a) Authorization and Notice
BESA Coaching (“B.E.S.A LLC”) is authorized to engage sub-processors from a pre-agreed list for the purpose of supporting the delivery of our Services (e.g., payment processors, background check agencies, cloud hosting, communications providers). BESA Coaching will inform the data exporter in writing of any intended changes to this list, including the addition or replacement of sub-processors, at least fourteen (14) days in advance. This enables the data exporter to object to such changes before the sub-processor is engaged. BESA Coaching will provide information necessary for the data exporter to exercise this right.

(b) Contractual Safeguards
When BESA Coaching engages a sub-processor for specific processing activities on behalf of the data exporter, BESA Coaching will do so through a written contract that imposes the same data protection obligations as those contained in these Clauses—including all relevant privacy, security, and user rights requirements. This ensures data subjects (including minors with parental consent, clients, coaches, and contractors as defined in our Privacy Policy) retain their third-party beneficiary rights. BESA Coaching will ensure sub-processors comply with all such obligations.

(c) Disclosure of Sub-processor Agreements
Upon request, BESA Coaching will provide the data exporter with a copy of the sub-processor agreement and any amendments, redacting any business secrets or confidential information as necessary.

(d) Responsibility for Sub-processors
BESA Coaching remains fully responsible for the performance of its sub-processors. Any failure by a sub-processor to fulfill its obligations will be treated as a breach by BESA Coaching, and the data exporter will be notified accordingly.

(e) Third-party Beneficiary Rights
BESA Coaching will include a provision in sub-processor contracts allowing the data exporter, in the event that BESA Coaching is unable to meet its obligations (due to insolvency, dissolution, or disappearance), to terminate the contract and instruct the sub-processor to erase or return personal data.

Clause 10: Data Subject Rights

(a) Notification of Requests
BESA Coaching will promptly notify the data exporter of any data subject request (for example, requests to access, correct, delete, or restrict data, or to exercise other privacy rights as outlined in our Privacy Policy) it receives directly. BESA Coaching will not respond directly unless authorized by the data exporter.

(b) Assistance with Requests
BESA Coaching will assist the data exporter, using appropriate technical and organizational measures, to respond to data subjects’ requests to exercise their rights under GDPR. The nature and extent of this assistance (including secure access, correction, or deletion of data) will be set out in Annex II, respecting the relationship and data flows described in our Privacy Policy.

(c) Compliance with Data Exporter Instructions
BESA Coaching will always comply with the data exporter’s instructions when handling data subject rights requests.

Clause 11: Redress

(a) Contact Point and Complaints
BESA Coaching provides an accessible contact point for data subjects to submit complaints regarding their personal data, both through direct notice and via our website (support@besacoaching.com). We commit to dealing promptly and transparently with any complaints received.

(b) Dispute Resolution
In case of a dispute between a data subject and either party concerning these Clauses, both parties will use best efforts to resolve the issue amicably and in a timely manner, keeping each other informed and cooperating as appropriate.

(c) Third-party Beneficiary Redress
Where a data subject invokes third-party beneficiary rights under Clause 3, BESA Coaching will accept their choice to:

  • Lodge a complaint with their local or competent supervisory authority (see Clause 13);
  • Refer the dispute to a competent court (see Clause 18).

(d) Representation
Data subjects may be represented by a not-for-profit body, organization, or association as allowed under Article 80(1) GDPR.

(e) Binding Decisions
BESA Coaching will abide by any decisions that are binding under EU or Member State law.

(f) No Prejudice to Additional Remedies
The choice made by the data subject will not prejudice their rights to seek other legal remedies.

Clause 12: Liability

(a) Party-to-Party Liability
Each party (data exporter and BESA Coaching) is liable to the other for damages caused by any breach of these Clauses.

(b) Data Importer Liability to Data Subjects
BESA Coaching is directly liable to the data subject for any material or non-material damages (as defined by GDPR or local law) caused by breaching third-party beneficiary rights under these Clauses, including by its sub-processors.

(c) Data Exporter Liability to Data Subjects
The data exporter is also liable to the data subject for any damages caused by itself, BESA Coaching, or sub-processors, without prejudice to any additional liability of the data controller under GDPR.

(d) Right to Indemnification
If the data exporter is held liable for damages caused by BESA Coaching (or its sub-processors), the data exporter can claim back compensation from BESA Coaching corresponding to its responsibility for the damage.

(e) Joint and Several Liability
If multiple parties are responsible for damage to the data subject, they are jointly and severally liable; the data subject can seek redress from any of them.

(f) Right to Recover Contribution
Any party held liable for the full amount may recover from the other responsible parties the part of the compensation corresponding to their responsibility.

(g) Sub-processor Conduct
BESA Coaching may not avoid liability by blaming the actions or omissions of its sub-processors.

Clause 13: Supervision

(a) Supervisory Authority
For data transfers under these Clauses, the designated supervisory authority is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), unless otherwise specified.

(b) Cooperation with Supervisory Authority
BESA Coaching agrees to submit to the jurisdiction of the competent supervisory authority and to cooperate fully in any proceedings or audits related to these Clauses. This includes providing responses, documents, and written confirmation of compliance, as well as adhering to any remedial or compensatory measures required.

Integration with BESA Coaching Privacy Policy:
All sub-processor engagements, data subject rights responses, complaint redress, and liability arrangements are carried out in accordance with BESA Coaching’s Privacy Policy, which sets out our transparent practices for protecting and respecting the rights of all users—including minors (with parental consent), clients, coaches, and contractors.

Contact:
If you have privacy concerns, wish to exercise your rights, or need further information about these Clauses, contact us at:
support@besacoaching.com

SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES

Clause 14: Local Laws and Practices Affecting Compliance with the Clauses

(a) Assurance of Compliance
Both BESA Coaching (“B.E.S.A LLC”, the data importer) and the data exporter warrant that, to the best of their knowledge, the laws and practices in the country where BESA Coaching processes personal data (the United States) do not prevent BESA Coaching from fulfilling its obligations under these Clauses. This includes any requirements for disclosure to, or access by, public authorities. This warranty is based on the understanding that any laws must respect fundamental rights and freedoms and must be necessary and proportionate as required by Article 23(1) of the GDPR.

(b) Assessment of Safeguards
In making this warranty, the Parties have carefully considered:

  • The specific circumstances of the data transfer, including the length and structure of the processing chain, number and type of recipients, transmission channels, onward transfers, nature and format of the data, and where it will be stored.
  • The relevant laws and government practices in the destination country, specifically focusing on disclosure or access by public authorities and any available legal limitations and safeguards.
  • Any additional contractual, technical, or organizational safeguards BESA Coaching applies to supplement these Clauses (e.g., encryption during transfer, secure storage, and strict access controls as described in our Privacy Policy).

(c) Ongoing Cooperation
BESA Coaching warrants that it has provided the data exporter all necessary information for this assessment and will continue to cooperate and share relevant details to ensure continued compliance with these Clauses.

(d) Documentation
The Parties will document the legal and risk assessment described above and will provide this documentation to the competent supervisory authority upon request.

(e) Notification of Legal Changes or Concerns
If, during the term of these Clauses, BESA Coaching becomes aware of any law or practice in its country of operation that could prevent it from fulfilling these obligations (including a request for disclosure by authorities), it will promptly notify the data exporter.

(f) Response to Legal Risk
If such notification is made, or if the data exporter otherwise becomes aware that BESA Coaching may no longer be able to comply with these Clauses, the exporter will:

  • Promptly identify and implement additional technical or organizational measures (e.g., data encryption, suspension of transfers) to address the risk.
  • Suspend data transfers if no adequate safeguards can be ensured, or if required by the supervisory authority.
  • Terminate the contract (as it relates to personal data processing under these Clauses) if compliance cannot be restored. In this case, termination rights under Clause 16(d) and (e) apply.

Clause 15: Obligations of the Data Importer in Case of Access by Public Authorities

15.1 Notification

(a) Prompt Notification of Requests
BESA Coaching will promptly notify the data exporter and, where possible, the affected data subject if it:

  • Receives a legally binding request from a public authority (including courts, law enforcement, or regulators) for disclosure of personal data covered by these Clauses. The notice will include the nature of the request, personal data involved, requesting authority, legal basis, and the response given.
  • Becomes aware of direct access by public authorities to such personal data. The notice will include all information reasonably available to BESA Coaching.

(b) Efforts to Permit Notification
If BESA Coaching is legally prohibited from notifying the data exporter or data subject, it will use its best efforts to obtain a waiver or other legal means to provide as much information as possible, as soon as possible. BESA Coaching will document these efforts and provide documentation to the data exporter upon request.

(c) Transparency Reports
Where allowed by law, BESA Coaching will provide the data exporter with regular reports summarizing the number and type of disclosure requests received, the authorities involved, and outcomes (including whether requests have been challenged and the results).

(d) Recordkeeping
BESA Coaching will preserve information about any disclosure requests and notifications for the duration of the contract and will make it available to the competent supervisory authority upon request.

(e) Obligation to Inform of Non-compliance
The above obligations are in addition to BESA Coaching’s requirement to inform the data exporter (under Clause 14(e) and Clause 16) if it is unable to comply with these Clauses.

15.2 Review of Legality and Data Minimization

(a) Assessing & Challenging Requests
BESA Coaching will review the legality of any request for disclosure, ensuring it falls within the requesting authority’s powers. If there are reasonable grounds to believe the request is unlawful (under local or international law), BESA Coaching will challenge it, including seeking interim measures to suspend the request until a competent court rules on its validity. Personal data will not be disclosed until legally required, unless such delay would be unlawful.

(b) Documentation of Legal Assessment
BESA Coaching will document its legal assessment and any challenge to a disclosure request and, to the extent allowed by law, will share this documentation with the data exporter and make it available to the supervisory authority upon request.

(c) Data Minimization
BESA Coaching will only disclose the minimum amount of personal data required to comply with a valid legal request, ensuring that any disclosure is strictly limited to what is necessary and proportionate.

Integration with BESA Coaching Privacy Policy

All responses to legal requests for data, as well as the procedures and safeguards described above, are carried out in accordance with BESA Coaching’s Privacy Policy. Our Policy details our commitment to transparency, user rights, minimizing disclosure, and prioritizing the privacy and security of all users—including minors with parental consent, clients, coaches, and contractors.

Contact for inquiries or concerns:
support@besacoaching.com

SECTION IV – FINAL PROVISIONS

Clause 16: Non-Compliance with the Clauses and Termination

(a) Duty to Notify
If BESA Coaching (“B.E.S.A LLC” – data importer) is unable, for any reason, to comply with these Clauses, it must immediately inform the data exporter (the EEA entity or individual providing the data).

(b) Suspension of Transfers
If BESA Coaching is in breach of these Clauses or cannot comply with them, the data exporter must suspend any further transfer of personal data to BESA Coaching until compliance is restored or the agreement is terminated. This is without prejudice to the data exporter’s right to terminate under Clause 14(f).

(c) Right of Termination
The data exporter may terminate the contract (insofar as it relates to the processing of EEA personal data under these Clauses) if:

  • The data exporter has suspended transfers under paragraph (b) and compliance is not restored within a reasonable time (and at most, within one month);
  • BESA Coaching is in substantial or repeated breach of these Clauses;
  • BESA Coaching fails to comply with a final and binding decision of a competent court or supervisory authority regarding these Clauses.

In these cases, the data exporter will inform the competent supervisory authority of such non-compliance. If more than two parties are involved in the contract, the right to termination may be exercised only with respect to the relevant party, unless otherwise agreed.

(d) Return or Deletion of Data
Upon termination pursuant to paragraph (c), all personal data transferred prior to termination (and any copies thereof) must, at the data exporter’s choice, be immediately returned or deleted in full. BESA Coaching must certify to the data exporter that deletion has occurred. Until the data is deleted or returned, BESA Coaching must continue to comply with these Clauses. If local laws prevent deletion or return, BESA Coaching will continue to protect the data and only process it as strictly required by those laws.

(e) Revocation
Either party may revoke its agreement to be bound by these Clauses if (i) the European Commission adopts an adequacy decision under Article 45(3) GDPR for the United States (or other relevant country); or (ii) the GDPR becomes law in the country where the data is transferred. This does not affect any other legal obligations for personal data processing.

Clause 17: Governing Law

These Clauses are governed by the laws of the EU Member State where the data exporter is established. If that law does not provide for third-party beneficiary rights, then the law of another EU Member State that does provide for such rights shall apply.

Clause 18: Choice of Forum and Jurisdiction

(a) Dispute Resolution
Any disputes arising from these Clauses will be resolved by the courts of the United States.

(b) Agreed Venue
The Parties select the courts of Richmond City County, California, as the competent venue.

(c) Data Subject Rights
Data subjects may also bring proceedings against the data exporter and/or BESA Coaching before the courts of the EU Member State in which they reside.

(d) Submission to Jurisdiction
The Parties agree to submit to the jurisdiction of such courts as described above.

Appendix 1 to BESA Coaching Standard Contractual Clauses

This Appendix forms part of these Clauses.

  • Data Exporter:
    The data exporter is any non-B.E.S.A LLC legal entity or individual party to these Clauses, including clients, organizations, or guardians transferring personal data from the EEA.
  • Data Importer:
    The data importer is B.E.S.A LLC, receiving personal data under a Data Processing Agreement.
  • Data Subjects:
    The data transferred concerns individuals whose data originated in the EEA and was provided to B.E.S.A LLC through business services as defined in the Data Processing Agreement and Privacy Policy. This includes clients, minors (with parental consent), coaches, and contractors.
  • Categories of Data:
    Data transferred includes personal identifiers, contact information, account credentials, payment details, coaching session data, user communications, and any other information necessary for business services—each as described in the Data Processing Agreement and Privacy Policy.
  • Special Categories of Data:
    No special categories of data are transferred unless expressly identified and agreed in writing.
  • Processing Operations:
    B.E.S.A LLC processes this personal data strictly for the purpose of providing business services in accordance with the Data Processing Agreement, Privacy Policy, and these Clauses.

Appendix 2 to BESA Coaching Standard Contractual Clauses

This Appendix forms part of these Clauses.

Technical and Organizational Security Measures:
B.E.S.A LLC applies the technical and organizational measures described in the Security Standards Schedule of the Data Processing Agreement. These measures may be updated as needed to reflect evolving industry standards and risk. They include, but are not limited to:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Secure payment processing through vetted third parties
  • Regular security risk assessments and audits
  • Staff confidentiality obligations and secure data handling protocols

Integration with Privacy Policy

All provisions in Section IV reflect BESA Coaching’s public commitment to privacy, security, and transparency as outlined in our Privacy Policy. Data subjects—including clients, minors (with parental consent), coaches, and contractors—may exercise their rights or raise concerns at any time by contacting support@besacoaching.com.