Privacy Policy

Last updated: 19 April 2026

1. Who We Are

Morto BJJ Academy ("we", "us", "our") operates the eMorto Academy platform located at this website. We are based in Heraklion, Greece and are subject to the General Data Protection Regulation (GDPR), Regulation (EU) 2016/679.

For data protection enquiries, contact us at: via the Contact form in your dashboard.

2. Data We Collect

  • Account data — first name, last name, email address, phone number (optional), belt colour (optional), profile picture (optional).
  • Purchase data — course purchase records and timestamps.
  • Usage data — lesson progress, video resume positions.
  • Communications — messages sent through the contact form.
  • Technical data — session identifiers, browser type (collected automatically by our server).

3. How We Use Your Data

  • To provide access to purchased courses and track your progress.
  • To process payments and manage your account.
  • To send newsletters and updates — only if you have opted in.
  • To respond to contact form enquiries.
  • To fulfil legal obligations (accounting, dispute resolution).

Legal basis: contract performance (Art. 6(1)(b) GDPR) for account and course delivery; legitimate interest (Art. 6(1)(f)) for security logging; consent (Art. 6(1)(a)) for newsletter communications.

4. Cookies & Video Streaming

We use session cookies required for authentication. Our video player is powered by Mux (Mux, Inc., USA). Mux may set cookies for playback analytics if you accept cookies. You can decline cookies via the banner shown on your first visit — this disables Mux tracking cookies while still allowing video playback.

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Mux, Inc. — video streaming infrastructure (USA; Standard Contractual Clauses apply).
  • Our email provider — for transactional and newsletter emails.
  • Hosting provider — server infrastructure located in the EU.

6. Data Retention

We retain your account data for as long as your account is active. After account deletion, all personal data is immediately and permanently erased. Purchase records may be retained for up to 7 years to comply with Greek tax law.

7. Your Rights (GDPR)

Under the GDPR you have the right to:

  • Access — request a copy of your data (available via Dashboard → Privacy & Data → Download My Data).
  • Rectification — correct inaccurate data via your profile settings.
  • Erasure — delete your account and all data via Dashboard → Privacy & Data → Delete Account.
  • Restriction — ask us to restrict processing in specific circumstances.
  • Portability — receive your data in a machine-readable format (JSON download).
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — unsubscribe from newsletters at any time via the unsubscribe link in any email or in your profile settings.

To exercise any right, use the tools in your dashboard or contact us. You may also lodge a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr.

8. Changes to This Policy

We may update this policy. Significant changes will be communicated via email or a notice in the platform. Continued use after the effective date constitutes acceptance.