Privacy Policy | Rafa Jiu-Jitsu

Introduction

Rafael Japur BJJ LLC operates the website www.rafajiujitsu.com and provides Brazilian Jiu-Jitsu instruction and related services at our facility located at 164 Johnson St, Windsor, California. We are committed to protecting the privacy and security of your personal information and maintaining transparency about our data collection and usage practices.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our services, participate in our programs, or otherwise interact with us. This policy applies to all information collected through our website, mobile applications (if any), and any related services, sales, marketing, or events.

By accessing our website or using our services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access our website or use our services.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Last Updated” date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of our website or services after the date such revised Privacy Policy is posted.

This Privacy Policy does not apply to the third-party online/mobile store from which you install or update the mobile application or make payments, including any in-game virtual items, which may also collect and use data about you. We are not responsible for any of the data collected by any such third party.

Information We Collect

We collect information about you in various ways when you interact with our website and services. The types of information we may collect include both information you provide directly to us and information we collect automatically through your use of our services.

Personal Information You Provide to Us

Contact Information and Inquiries: When you contact us through our website contact forms, email, or phone, we collect your name, email address, phone number, and any message or inquiry you submit. This information is necessary for us to respond to your questions, provide information about our services, and maintain records of our communications.

Class Booking and Trial Registration: When you schedule a free trial class or book regular classes through our website, we collect your name, email address, phone number, preferred class times, and any specific program interests you may have. This information is collected through our integrated booking system powered by Martialytics software and is essential for scheduling your classes, sending you reminders, and managing our class capacity.

Membership and Registration Information: If you decide to become a member of our academy, we may collect additional information including your full name, address, emergency contact information, and any relevant experience or skill level information. This information helps us provide appropriate instruction and maintain safety standards in our facility.

Payment Information: When you make payments for classes, memberships, or other services, we collect billing information including your name, billing address, and payment method details. Payment processing is handled securely through our third-party payment processors, Stripe and Square, and we do not store complete credit card numbers on our systems.

Waiver and Legal Documents: As part of our safety protocols and legal requirements, we collect information through liability waivers and other legal documents. This may include your signature, acknowledgment of risks, and agreement to our terms and conditions.

Information We Collect Automatically

Website Usage Information: When you visit our website, we automatically collect certain information about your device and browsing behavior through cookies and similar tracking technologies. This includes your IP address, browser type and version, operating system, referring website, pages viewed, time spent on pages, and other usage statistics.

Analytics Data: We use Google Analytics to collect and analyze information about how visitors use our website. This includes data about page views, session duration, bounce rates, traffic sources, and user demographics. This information helps us understand our audience and improve our website and services.

Device and Technical Information: We may collect information about the device you use to access our website, including device type, unique device identifiers, mobile network information, and standard web log information.

Photos and Videos

With your explicit consent, we may take photographs or videos of you during classes, events, or other activities at our facility. These images may be used for marketing and promotional purposes, including on our website, social media accounts, and printed materials. You have the right to withdraw your consent for the use of your image at any time by contacting us directly.

Information from Third Parties

We may receive information about you from third-party sources, including our service providers and business partners. For example, if you interact with us through social media platforms, we may receive information from those platforms in accordance with their privacy policies and your privacy settings.

How We Use Your Information

We use the personal information we collect for various legitimate business purposes to provide, maintain, and improve our services, communicate with you, and ensure the safety and security of our facility and programs.

Service Provision and Class Management

We use your contact information and booking details to schedule and manage your classes, send you class reminders and updates, and communicate important information about our programs and facility. When you book a free trial or regular classes through our Martialytics-powered booking system, we use this information to manage class capacity, ensure appropriate instructor-to-student ratios, and provide you with the best possible training experience.

Your membership and registration information helps us tailor our instruction to your experience level and goals, maintain accurate attendance records, and ensure that you receive appropriate guidance and support throughout your Brazilian Jiu-Jitsu journey. We also use this information to track your progress and provide personalized feedback on your development.

Payment Processing and Billing

We use your payment information to process transactions for classes, memberships, merchandise, and other services. This information is processed securely through our third-party payment processors, Stripe and Square, in accordance with industry-standard security protocols. We maintain records of your payment history to provide you with receipts, resolve billing inquiries, and manage your account status.

Safety and Legal Compliance

The information collected through our liability waivers and consent forms is used to ensure the safety of all participants and comply with legal requirements for operating a martial arts facility. This includes maintaining records of your acknowledgment of risks associated with Brazilian Jiu-Jitsu training, your consent to participate in physical activities, and your authorization for emergency medical treatment if needed.

We use the medical information you provide to ensure that you can safely participate in our programs and to respond appropriately in case of medical emergencies. This information helps our instructors understand any limitations or special considerations needed for your training.

Marketing and Promotional Activities

With your explicit consent as outlined in our liability waiver, we may use photographs and videos taken during classes, events, or other activities for marketing and promotional purposes. This includes posting images on our website, social media accounts (such as Facebook and Instagram), printed marketing materials, and other promotional content. These materials help us showcase our programs, celebrate student achievements, and attract new members to our academy.

We may also use your contact information to send you updates about new programs, special events, promotions, and other news related to our academy. You always have the option to opt out of these communications by contacting us directly or following the unsubscribe instructions in our emails.

Website Analytics and Improvement

We use the information collected through Google Analytics and other tracking technologies to understand how visitors interact with our website, identify popular content, and improve the user experience. This data helps us optimize our website design, improve navigation, and ensure that visitors can easily find the information they need about our programs and services.

We analyze website usage patterns to understand which pages are most visited, how long visitors spend on our site, and what actions they take. This information guides our decisions about website updates, content creation, and online marketing strategies.

Communication and Customer Service

We use your contact information to respond to your inquiries, provide customer support, and maintain ongoing communication about your membership or participation in our programs. This includes answering questions about class schedules, providing information about our programs, addressing concerns or complaints, and following up on your experience with our services.

When you contact us through our website contact forms or other communication channels, we use the information you provide to respond appropriately and maintain records of our interactions for quality assurance and training purposes.

Legal and Administrative Purposes

We may use your information to comply with applicable laws, regulations, and legal processes, including responding to lawsuits, government inquiries, or other legal proceedings. We also use this information for internal administrative purposes such as accounting, record-keeping, and business analysis.

In the event of a business transaction such as a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to appropriate confidentiality protections and notice requirements.

Information Sharing and Disclosure

Rafael Japur BJJ LLC is committed to protecting your personal information and does not sell, trade, or otherwise transfer your personal information to third parties except as described in this Privacy Policy. We may share your information in the following limited circumstances:

Service Providers and Business Partners

We work with trusted third-party service providers who assist us in operating our business, providing our services, and maintaining our website. These service providers have access to your personal information only to perform specific tasks on our behalf and are contractually obligated to keep your information confidential and secure.

Martialytics: We use Martialytics software to manage class bookings, student records, and academy operations. When you book classes or become a member, your information is processed and stored through Martialytics’ secure cloud-based system. Martialytics acts as a data processor on our behalf and maintains comprehensive data protection measures in compliance with applicable privacy laws. Their privacy policy, available at www.martialytics.com/privacy-policy, governs their handling of your information.

Payment Processors: We use Stripe and Square to process payments for memberships, classes, and other services. These payment processors collect and process your billing information, including credit card details, bank account information, and billing addresses. Both Stripe and Square maintain PCI DSS compliance and employ industry-standard security measures to protect your financial information. We do not store complete credit card numbers on our systems.

Google Analytics: We use Google Analytics to analyze website traffic and user behavior. Google Analytics collects information about your interactions with our website, including pages visited, time spent on site, and referral sources. This information is used in aggregate form to help us improve our website and services. Google’s privacy policy, available at policies.google.com/privacy, governs their collection and use of this data.

Legal Requirements and Protection of Rights

We may disclose your personal information when we believe in good faith that disclosure is necessary to:

•Comply with applicable laws, regulations, legal processes, or governmental requests

•Enforce our terms of service, membership agreements, or other contracts

•Protect the rights, property, or safety of Rafael Japur BJJ LLC, our students, staff, or the public

•Investigate, prevent, or take action regarding illegal activities, suspected fraud, or violations of our policies

•Respond to claims that any content violates the rights of third parties

Emergency Situations

In accordance with the medical treatment consent provided in our liability waiver and membership agreement, we may share relevant medical information with emergency medical personnel, hospitals, or other healthcare providers in the event of a medical emergency involving you or your child. This sharing is limited to information necessary for providing appropriate medical care and ensuring your safety.

Business Transfers

In the event that Rafael Japur BJJ LLC is involved in a merger, acquisition, sale of assets, or other business transaction, your personal information may be transferred as part of that transaction. We will provide notice of any such transfer and any choices you may have regarding your information.

Consent-Based Sharing

We may share your information with your explicit consent for specific purposes not covered in this Privacy Policy. For example, if you participate in special events, competitions, or collaborative programs with other martial arts schools or organizations, we may share relevant information with those partners with your permission.

Marketing and Promotional Materials

As outlined in our liability waiver and membership agreement, we may use and share photographs, videos, and testimonials featuring you or your child for marketing and promotional purposes. This includes posting content on our website, social media accounts, printed materials, and other marketing channels. This usage is based on the consent provided in your signed agreements and helps us promote our programs and celebrate student achievements.

Aggregate and De-identified Information

We may share aggregate, statistical, or de-identified information that does not personally identify you with third parties for research, marketing, or other business purposes. This information cannot be used to identify individual students or members.

No Sale of Personal Information

We do not sell, rent, or lease your personal information to third parties for their marketing purposes. Any sharing of information is limited to the purposes described in this Privacy Policy and is subject to appropriate confidentiality and security protections.

Third-Party Services

Rafael Japur BJJ LLC integrates with several third-party services to provide you with the best possible experience and to operate our business efficiently. These services have their own privacy policies and data handling practices, which we encourage you to review.

Martialytics Student Management System

Martialytics, operated by Leveque Software Company Pty Ltd, provides our primary student management and class booking system. When you book classes, manage your membership, or interact with our scheduling system, your information is processed through Martialytics’ platform.

Information Shared with Martialytics:

•Contact information (name, email, phone number)

•Class booking and attendance data

•Membership status and payment information

•Communication preferences and history

Martialytics Data Protection: Martialytics maintains GDPR-compliant data protection measures and uses AWS cloud servers with 256-bit SSL encryption. They act as a data processor on our behalf and are contractually obligated to protect your information according to applicable privacy laws.

Martialytics Privacy Policy: For detailed information about how Martialytics handles your data, please review their privacy policy at www.martialytics.com/privacy-policy.

Payment Processing Services

We use two primary payment processors to handle financial transactions securely and efficiently.

Stripe Payment Processing: Stripe processes credit card payments, ACH transfers, and other electronic payments for memberships and services. Stripe maintains PCI DSS Level 1 compliance and employs advanced fraud detection and security measures.

Information Shared with Stripe:

•Billing name and address

•Credit card or bank account information

•Transaction amounts and dates

•Email address for receipt delivery

Square Payment Processing: Square provides additional payment processing capabilities, particularly for in-person transactions and point-of-sale activities.

Information Shared with Square:

•Payment card information

•Transaction details

•Contact information for receipts

•Billing addresses

Both Stripe and Square are bound by strict data protection requirements and maintain their own comprehensive privacy policies available on their respective websites.

Google Analytics and Advertising

We use Google Analytics to understand how visitors interact with our website and to improve our online presence.

Google Analytics Data Collection:

•Website usage patterns and navigation behavior

•Device and browser information

•Geographic location (city/region level)

•Traffic sources and referral information

•Page views and session duration

Google Ads Integration: We may use Google Analytics data to create targeted advertising campaigns and measure the effectiveness of our marketing efforts. This helps us reach potential students who may be interested in our programs.

Opt-Out Options: You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on or by adjusting your browser settings to block tracking cookies.

Social Media Platforms

We maintain active profiles on various social media platforms to engage with our community and share updates about our programs.

Facebook and Instagram: We may share photos, videos, and updates featuring our students and programs on these platforms, based on the consent provided in your signed agreements.

YouTube: We may post instructional videos, promotional content, and event coverage that may feature students and members.

Data Sharing: When you interact with our social media content or visit our profiles, these platforms may collect information about your activity according to their own privacy policies.

Email and Communication Services

We may use third-party email services to send newsletters, class reminders, and other communications to our members and prospective students.

Information Shared:

•Email addresses

•Names for personalization

•Communication preferences

•Engagement data (opens, clicks)

Website Hosting and Security Services

Our website is hosted using professional web hosting services that maintain appropriate security measures to protect your information during transmission and storage.

Security Features:

•SSL/TLS encryption for data transmission

•Regular security updates and monitoring

•Backup and disaster recovery systems

•Access controls and authentication measures

Third-Party Links and Content

Our website may contain links to third-party websites, services, or content that are not operated by Rafael Japur BJJ LLC. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

Changes to Third-Party Services

We may add, remove, or change third-party services as needed to improve our operations and better serve our students. When we make significant changes that affect how your information is handled, we will update this Privacy Policy and notify you of any important changes.

Cookies and Tracking Technologies

Rafael Japur BJJ LLC uses cookies and similar tracking technologies to enhance your browsing experience, analyze website performance, and provide personalized content. This section explains what these technologies are, how we use them, and how you can manage your preferences.

What Are Cookies

Cookies are small text files that are stored on your device when you visit our website. These files contain information that helps websites remember your preferences, track your activity, and provide a more personalized experience. Cookies cannot access other files on your device or install software.

Types of Cookies We Use

Essential Cookies: These cookies are necessary for our website to function properly and cannot be disabled. They enable basic features such as page navigation, access to secure areas, and form submissions. Without these cookies, our website cannot provide certain services you request.

Analytics Cookies: We use Google Analytics cookies to collect information about how visitors use our website. This includes data about page views, session duration, bounce rates, traffic sources, and user demographics. This information helps us understand our audience and improve our website performance.

Functional Cookies: These cookies enhance your browsing experience by remembering your preferences and settings. They may store information such as your preferred language, region, or other customization options.

Marketing Cookies: We may use marketing cookies to track your activity across our website and other sites to provide targeted advertising and measure the effectiveness of our marketing campaigns. These cookies help us show you relevant content and advertisements.

How We Use Tracking Technologies

Website Analytics: We use Google Analytics to track website usage patterns, identify popular content, and understand how visitors navigate our site. This information helps us optimize our website design, improve user experience, and create more relevant content.

Performance Monitoring: We monitor website performance, loading times, and technical issues to ensure our site functions properly across different devices and browsers.

Marketing Effectiveness: We track the effectiveness of our online marketing campaigns, including which sources drive the most traffic and conversions. This helps us allocate our marketing resources more effectively.

User Experience Optimization: We analyze user behavior to identify areas where we can improve navigation, content organization, and overall user experience.

Third-Party Tracking

Google Analytics: Google Analytics uses cookies to collect and analyze website usage data. Google may also use this data for their own advertising and analytics purposes. You can learn more about Google’s data practices at policies.google.com/technologies/partner-sites.

Social Media Pixels: If you interact with our social media content or visit our profiles, social media platforms may place tracking pixels on your device to measure engagement and provide targeted advertising.

Managing Your Cookie Preferences

Browser Settings: Most web browsers allow you to control cookies through their settings. You can typically:

•Block all cookies

•Block third-party cookies only

•Delete existing cookies

•Receive notifications when cookies are set

Google Analytics Opt-Out: You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on, available at tools.google.com/dlpage/gaoptout.

Do Not Track Signals: Some browsers offer “Do Not Track” settings that send signals to websites requesting not to be tracked. Currently, there is no universal standard for how websites should respond to these signals, but we respect your privacy choices and encourage you to use the opt-out methods described above.

Cookie Retention

Different types of cookies have different retention periods:

Session Cookies: These are temporary cookies that are deleted when you close your browser.

Persistent Cookies: These cookies remain on your device for a specified period or until you delete them. Our persistent cookies typically expire within one to two years.

Third-Party Cookies: The retention period for third-party cookies is determined by the respective third-party service providers.

Impact of Disabling Cookies

While you can disable cookies, doing so may affect your experience on our website. Some features may not work properly, and you may need to re-enter information that would normally be remembered by cookies.

Mobile Device Tracking

If you access our website through a mobile device, we may collect device-specific information such as device type, operating system, unique device identifiers, and mobile network information. This information helps us optimize our website for mobile devices and understand our mobile audience.

Updates to Tracking Practices

We may update our use of cookies and tracking technologies as we improve our website and services. Any significant changes will be reflected in updates to this Privacy Policy, and we will notify you of important changes that affect how your information is collected or used.

Data Security

Rafael Japur BJJ LLC takes the security of your personal information seriously and implements appropriate technical, administrative, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, and destruction.

Technical Security Measures

Encryption: We use industry-standard SSL/TLS encryption to protect data transmitted between your device and our website. This encryption ensures that sensitive information, such as contact details and payment information, is protected during transmission.

Secure Payment Processing: All payment transactions are processed through PCI DSS compliant payment processors (Stripe and Square) that maintain the highest standards of payment card security. We do not store complete credit card numbers on our local systems.

Cloud Security: Our student management system, powered by Martialytics, utilizes Amazon Web Services (AWS) cloud infrastructure with enterprise-grade security measures, including 256-bit SSL encryption, regular security updates, and comprehensive access controls.

Access Controls: We implement role-based access controls to ensure that only authorized personnel can access personal information, and access is limited to what is necessary for their job functions.

Regular Updates: We maintain current security patches and updates for all systems and software used to process and store personal information.

Administrative Security Measures

Staff Training: All staff members who handle personal information receive training on privacy protection, data security best practices, and our internal policies and procedures.

Privacy Policies and Procedures: We maintain comprehensive internal policies governing the collection, use, storage, and disposal of personal information.

Vendor Management: We carefully select and monitor third-party service providers to ensure they maintain appropriate security standards and comply with applicable privacy laws.

Incident Response: We have established procedures for responding to potential data security incidents, including notification protocols and remediation steps.

Physical Security Measures

Facility Security: Our physical facility is secured with appropriate access controls to prevent unauthorized entry and protect any physical records or equipment containing personal information.

Document Security: Physical documents containing personal information are stored securely and disposed of properly when no longer needed.

Equipment Protection: Computers and other devices used to access personal information are protected with password requirements, automatic screen locks, and other security measures.

Data Backup and Recovery

Regular Backups: We maintain regular backups of important data to ensure business continuity and protect against data loss.

Secure Storage: Backup data is stored securely with appropriate encryption and access controls.

Recovery Procedures: We have established procedures for recovering data in the event of system failures or other incidents.

Limitations of Security

While we implement comprehensive security measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your personal information, but we are committed to protecting it using industry-standard practices and continuously improving our security measures.

Your Role in Security: You can help protect your information by:

•Using strong, unique passwords for any online accounts

•Keeping your contact information up to date

•Notifying us immediately if you suspect any unauthorized use of your information

•Being cautious about sharing personal information in public areas or unsecured communications

Security Incident Response

In the unlikely event of a data security incident that affects your personal information, we will:

Immediate Response: Take immediate steps to contain the incident and prevent further unauthorized access.

Investigation: Conduct a thorough investigation to determine the scope and cause of the incident.

Notification: Notify affected individuals and relevant authorities as required by applicable laws, typically within 72 hours of discovering the incident.

Remediation: Implement additional security measures to prevent similar incidents in the future.

Support: Provide support and guidance to affected individuals, including information about steps they can take to protect themselves.

Compliance with Security Standards

We strive to comply with applicable data protection and security standards, including:

California Privacy Laws: We comply with California state privacy and security requirements for businesses operating in California.

Payment Card Industry Standards: Our payment processing partners maintain PCI DSS compliance for handling credit card information.

Industry Best Practices: We follow recognized industry best practices for data security and privacy protection.

Regular Security Reviews

We conduct regular reviews of our security measures to identify potential vulnerabilities and opportunities for improvement. This includes:

Security Assessments: Periodic assessments of our technical and administrative security controls.

Policy Updates: Regular updates to our security policies and procedures based on evolving threats and best practices.

Staff Training Updates: Ongoing training for staff members on new security threats and protection measures.

Vendor Reviews: Regular evaluation of third-party service providers’ security practices and compliance.

Data Retention

Rafael Japur BJJ LLC retains your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

General Retention Period

Three-Year Standard: As a general practice, we retain personal information for a period of three years from the date of your last interaction with our services or the termination of your membership. This retention period allows us to maintain accurate records for business purposes while respecting your privacy rights.

Active Membership Records: While you maintain an active membership or continue to use our services, we retain your information to provide ongoing services, process payments, manage your account, and communicate with you about your membership.

Specific Retention Periods by Information Type

Contact and Booking Information: Contact details and class booking history are retained for three years after your last class attendance or membership termination. This allows us to maintain historical records and respond to any questions about past services.

Financial and Payment Information: Payment records, billing information, and transaction history are retained for three years to comply with accounting requirements, resolve billing disputes, and maintain accurate financial records. Complete credit card numbers are not stored on our systems and are handled by our payment processors according to their retention policies.

Waiver and Legal Documents: Signed liability waivers, consent forms, and membership agreements are retained for the full three-year period and may be retained longer if required for legal purposes, such as defending against liability claims or complying with legal proceedings.

Photos and Videos: Images and videos for which you have provided consent may be retained indefinitely for marketing and promotional purposes, unless you specifically request their removal. You have the right to withdraw your consent for future use of your image at any time.

Website Analytics Data: Google Analytics data is typically retained for 26 months, after which it is automatically deleted by Google. This data is used in aggregate form and does not identify individual users.

Communication Records: Records of your communications with us, including emails, phone calls, and in-person conversations, are retained for three years to maintain a history of our interactions and ensure consistent service.

Factors Affecting Retention Periods

Legal Requirements: We may retain information longer than our standard retention period if required by law, regulation, or legal process. This includes situations where we are subject to litigation, government investigations, or other legal proceedings.

Business Needs: In some cases, we may retain information longer than three years if there is a legitimate business need, such as ongoing contractual obligations, unresolved disputes, or regulatory requirements.

Consent Withdrawal: If you withdraw consent for certain uses of your information, we will stop using your information for those purposes but may continue to retain it for other legitimate purposes or legal requirements.

Data Deletion and Disposal

Secure Deletion: When personal information reaches the end of its retention period, we securely delete or destroy it using methods that prevent unauthorized recovery or reconstruction.

Physical Records: Physical documents are shredded or otherwise destroyed in a manner that prevents reconstruction of the information.

Electronic Records: Electronic data is deleted using secure deletion methods that overwrite the data multiple times to prevent recovery.

Third-Party Systems: We work with our service providers to ensure that information stored in third-party systems is also properly deleted when retention periods expire.

Retention of De-identified Information

Aggregate Data: We may retain statistical or aggregate information that has been de-identified and cannot be used to identify individual persons. This information may be retained indefinitely for business analysis and improvement purposes.

Research and Analytics: De-identified information may be used for research, trend analysis, and business intelligence purposes without time limitations.

Your Rights Regarding Retention

Right to Deletion: You have the right to request deletion of your personal information before the end of our standard retention period, subject to certain exceptions for legal requirements or legitimate business needs.

Information About Retention: You can contact us to learn more about how long specific types of your information will be retained and the factors that determine retention periods.

Retention Policy Updates: We may update our retention practices from time to time to reflect changes in legal requirements, business needs, or industry best practices. Any significant changes will be communicated through updates to this Privacy Policy.

Special Circumstances

Account Reactivation: If you return as a member after a period of inactivity, we may retain some historical information to provide continuity of service and maintain accurate records.

Legal Holds: In the event of litigation, government investigation, or other legal proceedings, we may suspend normal deletion schedules and retain relevant information until the matter is resolved.

Emergency Situations: Information related to medical emergencies or safety incidents may be retained longer than our standard retention period if necessary for ongoing medical care or safety monitoring.

Compliance and Monitoring

Regular Reviews: We conduct regular reviews of our data retention practices to ensure compliance with our policies and applicable laws.

Automated Deletion: Where possible, we implement automated systems to delete information when retention periods expire, reducing the risk of inadvertent over-retention.

Documentation: We maintain records of our retention and deletion activities to demonstrate compliance with our policies and legal requirements.

Your Privacy Rights

As a resident of California and a user of our services, you have certain rights regarding your personal information. Rafael Japur BJJ LLC is committed to respecting these rights and providing you with the tools and information you need to exercise them.

Right to Access Your Information

Information Access: You have the right to request access to the personal information we have collected about you. This includes the right to know what categories of information we collect, the sources of that information, and how we use it.

Data Portability: Upon request, we will provide you with a copy of your personal information in a commonly used, machine-readable format that allows you to transfer the information to another service provider.

Response Timeline: We will respond to access requests within 30 days of receiving a verifiable request. If we need additional time, we will notify you and explain the reason for the delay.

Right to Correct Inaccurate Information

Correction Requests: You have the right to request correction of any inaccurate or incomplete personal information we maintain about you.

Update Process: You can update your contact information, membership details, and preferences by contacting us directly or through your Martialytics account portal.

Verification: We may require verification of your identity before making corrections to ensure the security of your information.

Right to Delete Your Information

Deletion Requests: You have the right to request deletion of your personal information, subject to certain exceptions for legal requirements, ongoing contractual obligations, or legitimate business needs.

Exceptions to Deletion: We may retain information when necessary to:

•Complete transactions or provide services you have requested

•Comply with legal obligations or regulatory requirements

•Defend against legal claims or protect our rights

•Maintain security and prevent fraud

•Exercise free speech or academic freedom rights

Third-Party Deletion: When we delete your information, we will also request that our service providers delete your information from their systems, where feasible.

Right to Opt-Out of Marketing Communications

Email Communications: You can opt out of marketing emails by clicking the unsubscribe link in any marketing email or by contacting us directly.

Text Messages: If you receive text message communications from us, you can opt out by replying “STOP” to any message or contacting us directly.

Postal Mail: You can request to be removed from our postal mailing list by contacting us directly.

Targeted Advertising: You can opt out of targeted advertising by adjusting your browser settings, using opt-out tools provided by advertising networks, or contacting us directly.

Right to Withdraw Consent

Photo and Video Consent: You can withdraw your consent for the use of your photos and videos for marketing purposes at any time. Future use will cease, but we may continue to use previously published materials unless you specifically request their removal.

Marketing Consent: You can withdraw consent for marketing communications at any time without affecting other aspects of your membership or services.

Processing Consent: Where we rely on your consent as the legal basis for processing your information, you can withdraw that consent at any time.

Right to Non-Discrimination

Equal Treatment: We will not discriminate against you for exercising any of your privacy rights. This means we will not:

•Deny you services or charge different prices

•Provide a different level or quality of services

•Suggest that you will receive different treatment for exercising your rights

Incentive Programs: We may offer incentive programs that provide benefits in exchange for certain data sharing, but participation is always voluntary.

How to Exercise Your Rights

Contact Methods: You can exercise your privacy rights by contacting us through any of the following methods:

•Email: contact@rafajiujitsu.com

•Phone: (707) 239-9004

•In Person: 164 Johnson St, Windsor, CA 95492

•Written Request: Mailed to our business address

Required Information: When making a request, please provide:

•Your full name and contact information

•A clear description of the request

•Sufficient information to verify your identity

•Specific details about the information or action requested

Identity Verification: To protect your privacy and security, we may require verification of your identity before processing certain requests. This may include:

•Providing information that matches our records

•Answering security questions

•Providing government-issued identification

•Using secure authentication methods

Authorized Agents

Agent Representation: You may authorize another person to make privacy requests on your behalf. The authorized agent must:

•Provide written authorization signed by you

•Verify their own identity

•Provide proof of their authority to act on your behalf

Parent/Guardian Rights: Parents or legal guardians can exercise privacy rights on behalf of their minor children who participate in our programs.

Response Procedures

Acknowledgment: We will acknowledge receipt of your request within 10 business days and provide information about how we will process your request.

Processing Time: Most requests will be completed within 30 days. Complex requests may require up to 60 days, and we will notify you if additional time is needed.

Request Verification: We will verify your identity and the validity of your request before taking action to protect against fraudulent requests.

Fee Structure: We do not charge fees for most privacy requests. However, if you make excessive or repetitive requests, we may charge a reasonable fee to cover administrative costs.

Limitations and Exceptions

Legal Requirements: Some privacy rights may be limited by legal requirements, such as our obligation to maintain certain records for tax or regulatory purposes.

Contractual Obligations: We may need to retain certain information to fulfill ongoing contractual obligations, such as providing services you have requested.

Security and Fraud Prevention: We may retain information necessary to maintain security, prevent fraud, or protect against malicious activity.

Appeals Process

Request Denial: If we deny your privacy request, we will explain the reason for the denial and provide information about your right to appeal.

Appeal Procedure: You can appeal our decision by contacting us with additional information or clarification about your request.

External Resources: If you are not satisfied with our response to your privacy request or appeal, you may have the right to file a complaint with relevant regulatory authorities.

Children’s Privacy

Rafael Japur BJJ LLC is committed to protecting the privacy of children who participate in our programs. We recognize that children require special privacy protections and take additional measures to safeguard their personal information.

Age Requirements and Parental Consent

Minimum Age: Our general programs are designed for participants aged 14 and older. Children under 14 may participate in our specialized Kids Program or in regular classes under specific circumstances with parental supervision.

Parental Consent: We require verifiable parental consent before collecting, using, or disclosing personal information from children under 13 years of age, in compliance with the Children’s Online Privacy Protection Act (COPPA).

Teen Participants: For participants aged 13-17, we require parental consent for membership agreements, liability waivers, and participation in our programs.

Information We Collect from Children

Limited Collection: We collect only the minimum amount of personal information necessary to provide our services and ensure the safety of child participants.

Required Information:

•Child’s name and age

•Parent or guardian contact information

•Emergency contact details

•Any relevant medical information necessary for safe participation

•Attendance and progress records

Optional Information:

•Photos and videos for promotional purposes (with explicit parental consent)

•Feedback and testimonials (with parental approval)

Parental Rights and Controls

Access Rights: Parents have the right to review any personal information we have collected about their child and can request corrections or updates to ensure accuracy.

Deletion Rights: Parents can request that we delete their child’s personal information at any time, subject to certain exceptions for safety records or legal requirements.

Consent Withdrawal: Parents can withdraw their consent for the collection or use of their child’s information at any time. This may affect the child’s ability to participate in certain programs or activities.

Communication Control: Parents can control how we communicate with their child and can request that all communications go through the parent or guardian.

Special Protections for Children

Supervision Requirements: Children under 14 must be supervised by a parent or legal guardian at all times, except when enrolled in our Kids Program where they are supervised by our trained staff.

Limited Data Sharing: We do not share children’s personal information with third parties except as necessary for providing our services (such as emergency medical care) or as required by law.

Enhanced Security: We implement additional security measures for children’s information, including restricted access and enhanced monitoring of data handling practices.

No Marketing to Children: We do not directly market to children under 13 or collect their information for marketing purposes.

Photo and Video Consent for Children

Explicit Consent Required: We require explicit written consent from parents before taking or using photos or videos of children for any purpose.

Usage Limitations: Photos and videos of children are used only for the specific purposes outlined in the consent form, typically limited to:

•Academy promotional materials

•Social media posts celebrating achievements

•Website content showcasing our programs

Opt-out Options: Parents can withdraw consent for photo and video usage at any time, and we will cease future use while respecting previously published materials unless removal is specifically requested.

Educational Records and Progress Tracking

FERPA Compliance: While we are not a traditional educational institution, we apply similar privacy protections to any educational records or progress tracking information we maintain for child participants.

Progress Reports: Any progress reports or assessments shared with parents are kept confidential and are not disclosed to third parties without parental consent.

Achievement Recognition: We may recognize children’s achievements in our programs, but we obtain parental consent before publicly sharing any information about a child’s progress or accomplishments.

Online Safety and Digital Interactions

No Direct Online Contact: We do not maintain direct online communication with children under 13. All digital communications go through parents or guardians.

Social Media Interactions: Children under 13 are not permitted to interact with our social media accounts directly. Any interactions must be supervised by parents.

Website Safety: Our website does not include features that would allow children to post information publicly or communicate with strangers.

Reporting and Compliance

Mandatory Reporting: Our staff are trained to recognize signs of child abuse or neglect and will report suspected cases to appropriate authorities as required by California law.

Privacy Breach Notification: In the event of a privacy breach affecting children’s information, we will notify parents immediately and take additional steps to protect the affected children.

Regular Policy Review: We regularly review our children’s privacy practices to ensure compliance with applicable laws and best practices for child protection.

Contact for Children’s Privacy Matters

Dedicated Contact: Parents with questions or concerns about their child’s privacy can contact Rafael Japur directly at:

•Email: contact@rafajiujitsu.com

•Phone: (707) 239-9004

•In Person: 164 Johnson St, Windsor, CA 95492

Response Priority: We prioritize responses to children’s privacy inquiries and will respond within 24 hours to urgent matters and within 5 business days to routine inquiries.

Documentation: We maintain detailed records of all parental consents, requests, and communications regarding children’s privacy to ensure compliance and provide transparency.

Changes to This Privacy Policy

Rafael Japur BJJ LLC reserves the right to modify this Privacy Policy at any time to reflect changes in our practices, services, legal requirements, or other operational needs. We are committed to keeping you informed about how we protect your privacy and will communicate any significant changes in a clear and timely manner.

Types of Changes

Routine Updates: We may make minor updates to this Privacy Policy to clarify language, correct errors, or reflect minor changes in our practices that do not materially affect how we collect, use, or protect your information.

Material Changes: Significant changes that materially affect your privacy rights or how we handle your personal information will be treated as material changes requiring enhanced notification procedures.

Legal Compliance Updates: We may update this Privacy Policy to comply with new laws, regulations, or legal requirements that affect our privacy practices.

Service Changes: When we add new services, features, or third-party integrations that affect data collection or use, we will update this Privacy Policy accordingly.

Notification Procedures

Advance Notice: For material changes to this Privacy Policy, we will provide at least 30 days’ advance notice before the changes take effect.

Multiple Communication Channels: We will notify you of significant changes through multiple channels, which may include:

•Email notifications to your registered email address

•Prominent notices on our website homepage

•In-person notifications at our facility

•Updates to our social media accounts

•Direct communication during classes or events

Policy Posting: The current version of this Privacy Policy will always be available on our website at www.rafajiujitsu.com/privacy-policy with the effective date clearly displayed.

Your Options When Changes Occur

Continued Use: By continuing to use our services after changes to this Privacy Policy take effect, you acknowledge that you have read, understood, and agree to the updated terms.

Objection to Changes: If you do not agree with material changes to this Privacy Policy, you have the following options:

•Contact us to discuss your concerns

•Exercise your privacy rights, including the right to delete your information

•Discontinue use of our services

Grandfathering Provisions: In some cases, we may allow existing members to continue under previous privacy terms for a specified period, particularly for contractual obligations or membership agreements.

Version Control and Documentation

Version History: We maintain a record of previous versions of this Privacy Policy and the dates when changes were made.

Change Log: For transparency, we may provide a summary of significant changes when we update this Privacy Policy.

Effective Dates: Each version of this Privacy Policy includes a clear effective date and last updated date to help you understand when changes were made.

Special Circumstances for Changes

Emergency Updates: In rare circumstances involving immediate security threats or legal requirements, we may implement changes to this Privacy Policy with shorter notice periods while still providing notification as soon as reasonably possible.

Acquisition or Merger: If Rafael Japur BJJ LLC is acquired by or merged with another organization, this Privacy Policy may be updated to reflect new ownership or management, subject to appropriate notice and consent requirements.

Service Discontinuation: If we discontinue our services, we will provide notice about how your personal information will be handled, including options for data deletion or transfer.

Staying Informed About Changes

Regular Review: We encourage you to review this Privacy Policy periodically to stay informed about how we protect your privacy.

Subscription to Updates: You can request to be notified of all Privacy Policy updates by contacting us at contact@rafajiujitsu.com.

Questions About Changes: If you have questions about any changes to this Privacy Policy, you can contact us using the information provided in the Contact Information section.

Legal Effect of Changes

Binding Agreement: This Privacy Policy, as updated from time to time, forms part of our agreement with you regarding the use of our services.

Severability: If any provision of this Privacy Policy is found to be unenforceable, the remaining provisions will continue in full force and effect.

Governing Law: This Privacy Policy and any changes to it are governed by California state law and applicable federal privacy laws.

Transition Periods

Implementation Timeline: When we make changes that require operational adjustments, we may implement changes gradually over a reasonable transition period.

Training and Compliance: Our staff will receive training on any significant changes to ensure consistent implementation of updated privacy practices.

System Updates: Technical changes to support Privacy Policy updates will be implemented in a manner that minimizes disruption to our services.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us using the information below. We are committed to addressing your privacy inquiries promptly and thoroughly.

Primary Contact Information

Rafael Japur BJJ LLC

Privacy Officer: Rafael Japur

Address: 164 Johnson St, Windsor, CA 95492

Phone: (707) 239-9004

Email: contact@rafajiujitsu.com

Business Hours:

Monday – Friday: 10:00 AM to 8:00 PM

Saturday: Closed

Sunday: Closed

How to Contact Us

Email Inquiries: For privacy-related questions, please send an email to contact@rafajiujitsu.com with “Privacy Inquiry” in the subject line. We will respond to email inquiries within 2 business days.

Phone Inquiries: You can call us at (707) 239-9004 during business hours to speak with someone about privacy matters. If we are unavailable, please leave a detailed message and we will return your call within 24 hours.

In-Person Visits: You can visit our facility at 164 Johnson St, Windsor, CA 95492 during business hours to discuss privacy matters in person. We recommend calling ahead to ensure someone is available to assist you.

Written Correspondence: You can send written privacy requests or inquiries to our business address. Please mark the envelope “Attention: Privacy Officer” to ensure prompt handling.

Types of Inquiries We Can Help With

•Questions about what personal information we collect and how we use it

•Requests to access, correct, or delete your personal information

•Concerns about our privacy practices or data security

•Requests to opt out of marketing communications

•Questions about children’s privacy protections

•Complaints about potential privacy violations

•Requests for copies of this Privacy Policy or related documents

Response Timeframes

Routine Inquiries: We will respond to general privacy questions within 2 business days.

Privacy Rights Requests: Formal requests to exercise privacy rights will be acknowledged within 10 business days and completed within 30 days, or 60 days for complex requests.

Urgent Matters: Privacy concerns involving potential security breaches or children’s safety will be addressed immediately.

Complaints: Privacy complaints will be acknowledged within 24 hours and investigated promptly.

Additional Resources

Website: Visit www.rafajiujitsu.com for the most current version of this Privacy Policy and other important information about our services.

Social Media: Follow us on social media for updates about our programs and policies:

•Facebook: https://www.facebook.com/rafajiujitsu

•Instagram: https://www.instagram.com/rafajiujitsu.windsor

Regulatory Contacts: If you are not satisfied with our response to your privacy concerns, you may contact relevant regulatory authorities, including the California Attorney General’s Office.