Privacy Policy

Storm Sail BJJ

Last updated: 16/01/2026

1. Who we are

Storm Sail BJJ Academy (“we”, “us”, “our”) provides Brazilian Jiu-Jitsu training and related services.
We are the data controller for the personal data we collect.

Contact email: contact@stormsailbjj.com

2. What personal data we collect

We only collect information that is necessary to run the academy safely and professionally, including:

• Name

• Email address

• Phone number

• Date of birth (for age verification, kids/teens classes)

• Emergency contact details

• Membership and payment records

• Attendance records

• Any information you voluntarily provide when contacting us

For children, data is provided by a parent or legal guardian.

We do not knowingly collect unnecessary data.

3. Why we collect your data (lawful basis)

Under UK GDPR, we process your data on the following bases:

• Contract – to manage memberships, classes, and payments

• Legal obligation – safeguarding, accounting, insurance, and tax requirements

• Legitimate interests – running the academy safely, communicating schedule changes, and managing operations

• Consent – only where explicitly required (e.g. photos/videos)

You can withdraw consent at any time where consent is the basis.

4. How we use your data

Your data is used only to:

• Manage memberships and bookings

• Communicate essential information (class updates, cancellations, admin notices)

• Maintain safety and safeguarding standards

• Process payments and keep financial records

• Respond to enquiries

We do not sell, rent, or trade your data.

5. Photos and videos

We may occasionally take photos or videos during classes or events to show the general atmosphere of training, support community updates, and promote the academy.

• This processing is based on our legitimate interests in operating and promoting the academy in a reasonable and proportionate way.

• Participation in photography or video is not mandatory.

• Opt-out: Any member may opt out at any time by informing us. We will respect this immediately, without question and without impact on membership or training.

• Where possible, we avoid identifying individuals who have opted out and will remove content upon reasonable request.

• Children and teens: For participants under 18, photos or videos will not be used for marketing or promotional purposes without explicit consent from a parent or legal guardian.

6. Who we share data with

We only share data where necessary, including:

• Payment providers (e.g. direct debit or card processors)

• Booking or membership management software

• Accountants or professional advisors

• Insurers or governing bodies, where required

All third parties are required to handle your data securely and lawfully.

We do not transfer data outside the UK unless adequate safeguards are in place.

7. How long we keep your data

We keep personal data only as long as necessary, including:

• Active members: for the duration of membership

• Financial records: as required by UK law

• Safeguarding records: as legally required

When data is no longer needed, it is securely deleted.

8. Your rights

Under UK GDPR, you have the right to:

• Access your personal data

• Correct inaccurate data

• Request deletion (where legally possible)

• Restrict or object to processing

• Withdraw consent

• Lodge a complaint with the ICO

Requests can be made via the contact details above.

9. Data security

We take reasonable technical and organisational measures to protect your data from loss, misuse, or unauthorised access.

No system is 100% secure, but we only use trusted platforms and limit access to those who need it.

10. Changes to this policy

We may update this Privacy Policy when necessary.
The latest version will always be available on our website.