Privacy Policy
Storm Sail BJJ
Last updated: 16/01/2026
1. Who we are
Storm Sail BJJ Academy (“we”, “us”, “our”) provides Brazilian Jiu-Jitsu training and related services.
We are the data controller for the personal data we collect.
Contact email: contact@stormsailbjj.com
2. What personal data we collect
We only collect information that is necessary to run the academy safely and professionally, including:
Name
Email address
Phone number
Date of birth (for age verification, kids/teens classes)
Emergency contact details
Membership and payment records
Attendance records
Any information you voluntarily provide when contacting us
For children, data is provided by a parent or legal guardian.
We do not knowingly collect unnecessary data.
3. Why we collect your data (lawful basis)
Under UK GDPR, we process your data on the following bases:
Contract – to manage memberships, classes, and payments
Legal obligation – safeguarding, accounting, insurance, and tax requirements
Legitimate interests – running the academy safely, communicating schedule changes, and managing operations
Consent – only where explicitly required (e.g. photos/videos)
You can withdraw consent at any time where consent is the basis.
4. How we use your data
Your data is used only to:
Manage memberships and bookings
Communicate essential information (class updates, cancellations, admin notices)
Maintain safety and safeguarding standards
Process payments and keep financial records
Respond to enquiries
We do not sell, rent, or trade your data.
5. Photos and videos
We may occasionally take photos or videos during classes or events to show the general atmosphere of training, support community updates, and promote the academy.
This processing is based on our legitimate interests in operating and promoting the academy in a reasonable and proportionate way.
Participation in photography or video is not mandatory.
Opt-out: Any member may opt out at any time by informing us. We will respect this immediately, without question and without impact on membership or training.
Where possible, we avoid identifying individuals who have opted out and will remove content upon reasonable request.
Children and teens: For participants under 18, photos or videos will not be used for marketing or promotional purposes without explicit consent from a parent or legal guardian.
6. Who we share data with
We only share data where necessary, including:
Payment providers (e.g. direct debit or card processors)
Booking or membership management software
Accountants or professional advisors
Insurers or governing bodies, where required
All third parties are required to handle your data securely and lawfully.
We do not transfer data outside the UK unless adequate safeguards are in place.
7. How long we keep your data
We keep personal data only as long as necessary, including:
Active members: for the duration of membership
Financial records: as required by UK law
Safeguarding records: as legally required
When data is no longer needed, it is securely deleted.
8. Your rights
Under UK GDPR, you have the right to:
Access your personal data
Correct inaccurate data
Request deletion (where legally possible)
Restrict or object to processing
Withdraw consent
Lodge a complaint with the ICO
Requests can be made via the contact details above.
9. Data security
We take reasonable technical and organisational measures to protect your data from loss, misuse, or unauthorised access.
No system is 100% secure, but we only use trusted platforms and limit access to those who need it.
10. Changes to this policy
We may update this Privacy Policy when necessary.
The latest version will always be available on our website.

