Jymbron is an educational platform focused on physics-based 3D game design. We're based in Valladolid, Spain, and we work with students across Europe and beyond.

Our data controller details:

Jymbron
C. del Puente Colgante, 17
47007 Valladolid, Spain
Email: help@jymbron.com
Phone: +34915482844

We gather different types of information depending on how you interact with us. Here's the breakdown:

Information You Give Us Directly

When you sign up for programs, contact us, or create an account, you provide:

• Full name and contact details (email, phone number)
• Postal address for course materials or certificates
• Educational background and experience level
• Payment information (processed through secure third-party providers)
• Portfolio materials or project submissions
• Questions or feedback you send our way

Technical Data We Collect Automatically

Like most websites, we gather some technical details when you visit:

• IP address and general location data
• Browser type and operating system
• Pages visited and time spent on our site
• Referring websites and search terms used
• Device information (mobile, desktop, screen resolution)

Learning Platform Data

If you're enrolled in our programs, we track:

• Course progress and completion rates
• Quiz scores and assignment submissions
• Forum posts and peer interactions
• Video viewing patterns and engagement metrics
• Project files and feedback exchanges

We're pretty focused in our data use. Everything serves a specific educational purpose.

Purpose	Legal Basis Under GDPR	Data Types Used
Providing course access and materials	Contract performance	Contact info, account data, payment records
Tracking learning progress	Contract performance	Platform activity, submissions, completion data
Sending course updates and announcements	Legitimate interest	Email address, enrollment status
Improving course content and platform	Legitimate interest	Usage patterns, feedback, engagement metrics
Processing payments and issuing receipts	Contract performance, legal obligation	Payment details, billing address
Responding to inquiries and support requests	Contract performance, legitimate interest	Contact info, communication history
Marketing communications (with consent)	Consent	Email address, course interests
Legal compliance and fraud prevention	Legal obligation	Transaction records, account activity

We use cookies to make the site work properly and understand how people use it. When you first visit, you'll see a banner letting you choose which cookies to accept.

Essential Cookies

These keep the site functional. They remember your login, maintain your session, and handle security. We can't run the platform without them.

Analytics Cookies

These help us see which pages get visited most, where people drop off, and what content needs improvement. We use this data to make better courses.

Preference Cookies

These remember your settings like language preference or volume levels in video players. Makes things more convenient for return visits.

You can manage cookie preferences through your browser settings, though blocking essential cookies will limit site functionality.

We don't sell your data. Period. But we do share limited information with service providers who help run the platform:

Payment Processors

When you enroll in a course, your payment details go directly to our payment gateway. We never see or store full credit card numbers. These processors comply with PCI-DSS standards and operate under strict security protocols.

Email Service Providers

We use external platforms to send course updates, announcements, and (if you opted in) marketing emails. They only receive the information needed to deliver messages.

Cloud Hosting Partners

Our platform runs on cloud servers that store course content, user data, and learning materials. These providers maintain EU-based data centers and follow GDPR requirements.

Analytics Providers

We share anonymous usage data with analytics tools to understand how people navigate the site. This data is aggregated and doesn't identify individuals.

Legal Requirements

Sometimes we're legally required to share information with authorities. This only happens when we receive valid legal requests or need to protect our rights and safety.

We primarily store data within the European Economic Area. However, some service providers operate globally, which means your information might be processed outside the EU.

When data leaves the EU, we ensure adequate protection through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions confirming destination countries have suitable protections
• Certification schemes like the EU-US Data Privacy Framework
• Additional safeguards and security measures specified in our contracts

If you have questions about where your data is stored or processed, reach out and we'll provide specific details.

European data protection law gives you significant control over your information. Here's what you can do:

Access Your Data

Request a copy of everything we hold about you. We'll provide it in a readable format within 30 days. Just email help@jymbron.com with "Data Access Request" in the subject line.

Correct Inaccuracies

If something's wrong in your profile or records, let us know. You can update most information through your account settings, or contact us for assistance.

Delete Your Information

Ask us to erase your data when it's no longer needed or if you withdraw consent. Some exceptions apply (like legal record-keeping requirements), but we'll delete everything possible.

Restrict Processing

Request that we limit how we use your data while you contest its accuracy or legality. During this time, we'll store but not actively process your information.

Object to Processing

Challenge how we use your data, especially for marketing or profiling. We'll stop unless we can demonstrate compelling legitimate grounds.

Data Portability

Get your data in a machine-readable format to transfer to another service. This applies to information you provided under contract or consent.

Withdraw Consent

If we're processing data based on your consent, you can revoke it anytime. This doesn't affect the lawfulness of processing before withdrawal.

We don't hold onto information forever. Here's our retention approach:

Data Category	Retention Period	Reason
Account information (active users)	Duration of account plus 6 months	Service provision and support
Course completion records	10 years	Certificate verification and accreditation
Payment transaction records	7 years	Tax and legal compliance
Marketing consent records	3 years from last interaction	Demonstrating compliance
Website analytics data	26 months	Understanding usage patterns
Support correspondence	3 years from resolution	Service improvement and dispute resolution
Inactive account data	Deleted after 2 years inactivity	Data minimization principle

When retention periods expire, we securely delete or anonymize your data. Some aggregated, non-identifiable information might be kept indefinitely for statistical purposes.

Protecting your data is fundamental. We implement multiple security layers:

Technical Safeguards

• SSL/TLS encryption for all data transmission
• Encrypted database storage for sensitive information
• Regular security audits and vulnerability assessments
• Firewall protection and intrusion detection systems
• Secure backup systems with encrypted storage
• Multi-factor authentication for staff access

Organizational Measures

• Strict access controls limiting who can view personal data
• Confidentiality agreements for all staff and contractors
• Regular security training for team members
• Incident response procedures for potential breaches
• Privacy impact assessments for new processing activities

If Something Goes Wrong

In the unlikely event of a data breach that poses risk to your rights, we'll notify you within 72 hours and report to the Spanish Data Protection Agency. We'll explain what happened, what data was affected, and what steps we're taking.

Our programs are designed for adults and individuals over 16. We don't knowingly collect information from children under 16 without parental consent.

If you're under 16 and interested in our courses, please have a parent or guardian contact us. We'll work with them to ensure appropriate protections are in place.

If we discover we've inadvertently collected data from a child without proper consent, we'll delete it immediately.

We update this policy occasionally to reflect changes in our practices or legal requirements. When we make significant changes, we'll notify you via email or through a prominent notice on our website.

The date at the top shows when we last revised this document. We recommend checking back periodically, especially if you're enrolled in ongoing programs.

Continuing to use our services after changes take effect means you accept the updated policy.

We hope to resolve any concerns directly, but you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos):

Agencia Española de Protección de Datos
C/ Jorge Juan, 6
28001 Madrid, Spain
Website: www.aepd.es

You can also contact your local EU data protection authority if you're based elsewhere in the European Union.