Last updated: June 10, 2026

This Data Protection page supplements our Privacy Policy and provides additional information for individuals located in the European Economic Area ("EEA"), the United Kingdom ("UK"), and Switzerland, whose personal data is protected by the EU General Data Protection Regulation, the UK GDPR, and equivalent laws (together, the "GDPR"). Where this page and the Privacy Policy differ for these individuals, this page controls.

1. Data Controller

Amerikos LLC ("Kris Amerikos") is the controller of personal data processed through the Services at krisamerikos.com. You can contact us about any data-protection matter at [email protected] or by mail at 107 N 11th St #551, Tampa, FL 33602, USA.

2. Data Protection Principles

We process personal data in accordance with the GDPR principles. Personal data must be:

• processed lawfully, fairly, and transparently;
• collected for specified, explicit, and legitimate purposes and not further processed incompatibly;
• adequate, relevant, and limited to what is necessary (data minimization);
• accurate and kept up to date;
• kept in identifiable form no longer than necessary;
• processed securely, including protection against unauthorized processing, loss, or damage; and
• processed in a manner for which we can demonstrate accountability.

3. Lawful Bases for Processing

We rely on the following lawful bases, depending on the processing activity:

• Performance of a contract — to create and administer your account, deliver courses and lessons, process payments, operate memberships and communities, and provide support.
• Legitimate interests — to secure the Services, prevent fraud and abuse, understand usage through analytics, and improve our features, balanced against your rights.
• Legal obligation — to comply with tax, accounting, and other legal requirements and lawful requests.
• Consent — for optional analytics and communications, and for recording where consent is the basis we rely on. You may withdraw consent at any time without affecting prior lawful processing.

4. Categories of Data and Sources

The categories of personal data we process, and their sources, are described in our Privacy Policy and include identifiers and account data, profile data, payment and transaction data, communications and user content, lesson recordings, transcripts and chat, usage and device data, and approximate location. We collect data from you directly, automatically through your use of the Services, and from service providers such as our checkout host, payment processors, and IP-geolocation providers.

5. Your Rights

Subject to conditions and exceptions under the GDPR, you have the right to:

• be informed about how your personal data is processed;
• access the personal data we hold about you;
• request rectification of inaccurate or incomplete data;
• request erasure ("right to be forgotten");
• restrict processing in certain circumstances;
• data portability;
• object to processing based on legitimate interests or to direct marketing;
• withdraw consent where processing is based on consent; and
• not be subject to a decision based solely on automated processing that produces legal or similarly significant effects.

To exercise any right, contact us at [email protected]. We will respond within the time required by law (generally one month, extendable for complex requests). We may need to verify your identity before acting.

6. International Data Transfers

We are based in the United States and use service providers in the United States, the EU, and elsewhere, so your personal data may be transferred outside the EEA, UK, or Switzerland. Where we transfer personal data to a country without an adequacy decision, we put in place appropriate safeguards, such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, and we take additional measures where necessary. You may request a copy of the relevant safeguards by contacting us.

7. Data Retention

We retain personal data only as long as necessary for the purposes described in our Privacy Policy and to meet legal, accounting, tax, dispute-resolution, and security obligations, after which we delete or de-identify it. Specific retention periods depend on the type of data and the applicable legal requirements.

8. Security and Breach Notification

We maintain appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls, and hashed credentials. In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and affected individuals as required by the GDPR.

9. Processors and Sharing

We share personal data with processors who act on our behalf under written contracts that require appropriate safeguards, including our website/checkout host, payment processors, video providers, cloud hosting and storage providers, and operational service providers identified in our Privacy Policy. We do not sell personal data.

10. Complaints

If you have a concern about how we handle your personal data, please contact us first at [email protected] so we can try to resolve it. You also have the right to lodge a complaint with a supervisory authority — in the UK, the Information Commissioner's Office (ICO) at ico.org.uk; in the EEA, your local data-protection authority.

11. Changes to this Page

We may update this Data Protection page from time to time. Material changes will be notified through the Services or by other means, and the "Last updated" date above will be revised.