The Privacy Policy
You'll Actually
Read.

Who is actually
behind all this?

Hello. I'm Jaymes Payten. Real person, not a faceless corporation. Not a robot. Not a data-harvesting operation disguised as a marketing consultant. Just a bloke who has been in marketing for 25 years and has somehow ended up with a website and a legal obligation to tell you how it works.

For the purposes of this policy, "I", "me", and "Jaymes" all mean the same person: Jaymes Payten, sole trader, operating at jpayten.com. "You" means you, the human reading this. "The site" means jpayten.com and all its pages.

I am the data controller. Which is a very official-sounding title that basically means: I decide how your data is handled, and I take responsibility for it. Unlike some people in this industry, I take that seriously.

What data do I
actually collect?

Let's be specific, because vague privacy policies are the worst. Here is precisely what I collect and from where:

When you fill in a form on this site (like the Book a Call form), I collect your first name, last name, mobile number including international dialling code, email address, and the message you send me. I also log the time of submission and which page the form was on. That is it.

When you browse the site, standard analytics tools may collect anonymised data such as which pages you visited, how long you spent on them, your approximate geographic location (country or city level, not your actual address), the device and browser you used, and how you found the site. Think of it as the digital equivalent of a shop owner knowing "roughly 200 people came in today, most of them from Dubai, most arrived via Instagram." Nothing creepy.

I do not collect your date of birth, your financial information, your health data, your political opinions, your relationship status, your shoe size, or what you had for breakfast. None of that is relevant to whether I can help your brand grow.

Why do I even
need any of this?

Fair question. Here is a list of legitimate reasons, presented without any of the legal padding that usually surrounds these things:

• To reply to you. If you fill in a form and ask me something, I need your contact details to, well, contact you. Revolutionary concept, I know.
• To send you the autoresponder email. When you submit a form, a confirmation email goes out from hello@jpayten.com. I need your email address for that. Makes sense.
• To understand how the site is performing. Analytics help me know which pages are useful and which are not pulling their weight. I use this to make the site better for the next person who visits.
• To measure marketing campaigns. If I run an ad and someone fills in a form, I need to know the ad worked. This is how I track conversions on success pages. I am upfront about this. The pixels are only on success pages. They do not follow you around the internet like a lost puppy.
• To comply with legal obligations. Sometimes I have to keep records for legal or tax reasons. I do the minimum required and nothing more.

What I will never do with your data: sell it, rent it, swap it for a favour, share it with random third parties who will then spam you into oblivion, or use it to bombard you with stuff you did not ask for. If you contact me, I will contact you back. That is the full extent of the transaction.

How long do I
keep your data?

Not forever. Here is the general rule: I keep your data for as long as there is a legitimate reason to have it, and then I delete it. No warehousing your information in some forgotten database because I forgot to clean it up. That is not how I operate.

Form submissions are kept for up to two years, or until our business relationship ends, whichever comes first. After that, they are gone. If we end up working together, I will keep your contact details for the duration of that relationship plus a reasonable period afterwards.

Analytics data is typically aggregated and anonymised, meaning it stops being about you specifically fairly quickly. The raw data that could identify you is generally retained for no more than 14 months in line with standard analytics platform settings.

Email correspondence I keep for up to three years, because sometimes you need to look back at what was agreed. After that, unless there is a legal reason to keep it, it goes.

Do I sell your
data? Absolutely not.

Let me be very clear about this one, because it matters: I do not sell your personal data. I never have. I never will. Your name, your email, your phone number — these are yours. Not a commodity. Not an asset on my balance sheet. Mine to look after, yours to keep.

There are, however, a small number of third-party tools and platforms that I use to run this site, and by necessity some of your data passes through them. In the interest of total transparency, here they are:

• Email delivery services (such as Postmark or similar) to send the autoresponder email when you submit a form. They see your email address to deliver the message. That is the full extent of their access.
• Analytics platforms (such as Google Analytics) to understand site traffic. Data passed is anonymised where possible. Google's privacy policy applies to their handling of this data.
• Advertising platforms (Meta, Google Ads, LinkedIn) for conversion tracking. Pixels only fire on success pages after a form is completed. They are told "a conversion happened." They are not given your personal details.
• Website hosting providers who physically serve the pages. They handle standard server logs. This is unavoidable on any website.

All third-party tools I use are required to handle data responsibly under their own privacy policies and, where relevant, under GDPR. I do not use a third-party tool unless I am satisfied it meets a reasonable standard of privacy. If one of them ever changes their practices in a way I am not comfortable with, I find a different one.

Your rights.
They're quite good, actually.

Under GDPR and applicable data protection law, you have a proper set of rights when it comes to your personal data. Most companies bury these in paragraph nineteen of their policy. I'm putting them front and centre, because they matter.

• The right to know. You can ask me at any time what personal data I hold about you. I will tell you, clearly and completely, within 30 days.
• The right to a copy. You can request a copy of the data I hold about you, in a portable, readable format. No charge. No fuss.
• The right to correct it. If something I have on you is wrong, you can ask me to fix it. I will. Promptly.
• The right to delete it. The famous "right to be forgotten." You can ask me to delete your personal data, and unless I have a legal obligation to keep it, I will do exactly that.
• The right to object. If you think I am using your data in a way that is not justified, you can object to it. I will take that seriously and respond within 30 days.
• The right to restrict processing. You can ask me to stop actively using your data while a dispute is being sorted out. I will respect that.
• The right to withdraw consent. If you gave consent for something and you change your mind, you can withdraw it at any time. No penalties. No guilt trip. No "are you sure?" emails.
• The right to complain to a regulator. If you feel I have handled your data badly and I have not resolved it to your satisfaction, you can complain to the relevant data protection authority. In the UAE, that is the TDRA. In the UK, it is the ICO. I would rather you came to me first, but the right is yours.

To exercise any of these rights, just email hello@jpayten.com with the subject line "Data Request." That is all you need to do. I will handle the rest.

Cookies.
Not the chocolate chip kind.

The site uses cookies. Cookies are small text files that get placed on your device when you visit a website. They do things like remember your preferences and help analytics tools track visits. They do not contain your personal information in a readable form, and they are not a way of spying on you. They are more like a sticky note on your browser that says "this person has visited before."

For the full, gloriously entertaining breakdown of exactly which cookies are used, why they exist, and what you can do about them, I have written a dedicated Cookies Policy that is, if I do say so myself, also worth a read.

Read the Cookies Policy →

Changes to this policy
and how to reach me.

I will update this policy from time to time. Not for fun, and not to hide anything, but because the law changes, the tools I use change, and occasionally I think of a better way to explain something. The date at the top of this page will always reflect the last update. If I make a significant change, I will do my best to let you know.

If you have any questions about any of this, please do not sit there wondering. I am a real person and I respond to emails. The fact that this policy is written in plain English is intentional — it means you can actually ask a specific question, and I can actually answer it, without either of us needing a translator.