SHELTER LIMASSOL Gracie Barra BJJ

Legal

Privacy Policy

How we handle your personal information under EU data protection law.

Last updated: May 2026

1. Who is responsible for your data?

The data controller for this website is Shelter Limassol (Gracie Barra BJJ), Limassol, Republic of Cyprus.

Privacy enquiries: gbsheltercy@gmail.com or our contact page. Phone: +357 00 000 000.

2. What personal data we collect

Depending on how you use the site, we may collect:

  • Contact and enquiry data: name, email address, phone number, message content, and program interest when you submit a form;
  • Technical data: IP address, browser type, device information, approximate location derived from IP, and pages visited;
  • Cookie and similar technologies data: as described in our Cookie Policy;
  • Preferences: language choice and display settings stored in your browser (for example theme mode);
  • Communications: records of emails or calls if you contact us.

We do not intentionally collect special category data (such as health data) through this website. Medical or safety information for training is collected separately at the academy, with its own notices and consent.

3. Why we use your data and legal bases (GDPR)

  • To respond to enquiries and arrange classes — performance of steps at your request before a contract, and legitimate interest in running our academy (Art. 6(1)(b) and (f) GDPR).
  • To operate and secure the website — legitimate interest (Art. 6(1)(f)), including preventing abuse and improving usability.
  • Analytics (if enabled) — consent where required (Art. 6(1)(a)), or legitimate interest for aggregated, non-intrusive statistics where permitted.
  • Marketing emails (if you opt in) — consent (Art. 6(1)(a)); you may withdraw consent at any time.
  • Legal obligations — where we must retain records for tax, accounting, or regulatory reasons (Art. 6(1)(c)).

4. How long we keep data

We keep personal data only as long as needed for the purposes above:

  • contact form enquiries: typically up to 24 months after our last meaningful contact, unless a longer period is needed for ongoing membership or legal claims;
  • server and security logs: usually up to 12 months;
  • analytics data: according to the retention settings of the analytics provider (often 14–26 months) or until you withdraw consent;
  • marketing lists: until you unsubscribe or withdraw consent.

We may retain anonymised or aggregated data longer where it no longer identifies you.

5. Sharing your data

We do not sell your personal data. We may share it with trusted processors who help us run the website and academy, including:

  • website and email hosting providers;
  • form delivery or CRM tools (if used);
  • analytics providers (if enabled);
  • embedded map services (Google Maps on our contact page); and
  • professional advisers (lawyers, accountants) when required.

Processors are bound by contracts that require GDPR-level protection. Some providers may process data outside the EU; where that happens, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

6. International visitors

Our academy is in Cyprus. If you access the site from another EU country or beyond, your data may still be processed in Cyprus and by providers in the EU or other countries with safeguards as above.

7. Your rights under GDPR

If EU data protection law applies to you, you have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate data;
  • Erase data in certain circumstances (“right to be forgotten”);
  • Restrict or object to processing in certain cases;
  • Data portability for data you provided, where processing is based on consent or contract and carried out by automated means;
  • Withdraw consent at any time, without affecting prior lawful processing; and
  • Lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus, or your local EU supervisory authority.

To exercise your rights, contact us at gbsheltercy@gmail.com. We may need to verify your identity before responding. We aim to reply within one month, as required by law.

8. Security

We use reasonable technical and organisational measures to protect personal data, including HTTPS, access controls, and careful choice of service providers. No online transmission is completely secure; please use strong passwords on your own devices and avoid sending sensitive health data by email unless we ask you to.

9. Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you through this website.

10. Children

The site is not directed at children under 16 to submit data without parental involvement. Parents may contact us regarding a child’s class enquiry; we will handle such data in line with this policy and parental authority rules.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “last updated” date at the top will change, and significant updates may be noted on the website.

Book Free Class