Data Controller
Colectivo JJ Zurich

Contact Person: Raymond Diaz
Email: info@colectivojjzurich.com
Website: www.colectivojjzurich.com

Data Collected
3.1 Account Information
First and last name
Email address
Phone number
3.2 Training Data
Jiu-Jitsu belt and rank
Number of stripes
Class attendance history
Training statistics
3.3 Subscription Data
Subscription type
Start and end dates
Payment history
Administrative notes
3.4 Technical Data
Device type (iOS/Android)
Application version
Language

Data Sharing

Purpose of Data Processing
We use your data for:
Account Management: authentication and application access
Sports Tracking: progress, attendance, ranks
Administrative Management: subscriptions, payments
Improvement: bug fixes, improving the experience
Security: preventing fraud and abuse

Legal Basis (GDPR – Switzerland)
Consent: upon account creation
Contract Execution: managing your subscription
Legitimate Interest: improving the application
Legal Obligation: accounting, taxation
Your data is shared only with:
6.1 Your Jiu-Jitsu Gym
Instructors and administrators of your academy can see your training data
6.2 Technical Service Providers
Hosting: Railway
Authentication: secure connection management
Storage: PostgreSQL (encrypted data)
6.3 Third-Party Services
None.
We never sell your data to third parties.

Data Retention Period
Active Account: as long as you use the application
After Account Deletion: 30 days (then permanent deletion)
Accounting Data: 10 years (Swiss legal obligation)
Technical Logs: 90 days maximum

  1. Your Rights (GDPR)
    You can at any time:
    ✅ Access your personal data
    ✅ Correct incorrect information
    ✅ Delete your account and data
    ✅ Withdraw your consent
    To exercise your rights:
    By email: info@colectivojjzurich.com
    Response time: 30 days maximum

  2. Data Security
    We implement robust security measures:
    🔒 Encryption: SSL/TLS for all communications
    🔐 Authentication: JWT with secure tokens
    💾 Backups: daily and encrypted
    👤 Restricted Access: role-based access controls
    🛡️ Monitoring: intrusion detection
    📱 Local Storage: sensitive data encrypted on the device

  3. Cookies and Similar Technologies
    The application uses:
    Authentication Tokens: to maintain your session
    Local Preferences: language, theme, settings
    Cache: to improve performance
    You can clear this data by logging out or deleting the application.

  4. International Data Transfer
    Your data is hosted in the Netherlands.

  5. Minors
    The application is intended for persons aged 16 and over.
    For minors (under 16 years old):
    Parental consent is required
    Parents can request account deletion
    Contact us: info@colectivojjzurich.com

  6. Policy Changes
    We may update this policy. In case of major changes:
    Notification in the application
    Email to users
    New acceptance required if necessary
    History: View previous versions on our website.

  7. Feature-Specific Data
    14.1 WhatsApp Messages
    We do not store your conversations
    Redirect to WhatsApp with pre-filled number
    Subject to Meta's privacy policy
    Privacy questions:
    📧 Email: info@colectivojjzurich.com
    Data Protection Officer (DPO):
    Raymond Diaz
    info@colectivojjzurich.com