Legal

Privacy Policy

Last updated: 7 June 2026. This policy explains what personal data we collect, why, and your rights over it. We only process personal data (referred to below as "data") to the extent needed to run a functional, user-friendly website and to deliver the services we offer.

1. Who is responsible for your data

The party responsible for this website (the "controller") for the purposes of data protection law, including the UK GDPR and the EU General Data Protection Regulation (GDPR), is:

Joy Brian Godwin, trading as Joy Strategix
Email: joybrian@joybrian.uk
Website: https://joybrian.uk

We operate fully remotely. The fastest way to reach us about anything in this policy, including any request about your data, is by email at the address above. A postal address can be provided on request.

If you have any questions about this policy or how your data is handled, contact us at the email above.

2. Your rights

In relation to the processing of your data, you have the right:

To confirmation of whether data concerning you is being processed, and access to that data and information about how it is processed (Art. 15 GDPR). To correct or complete inaccurate or incomplete data (Art. 16 GDPR). To request deletion of your data (Art. 17 GDPR) or, where further processing is required, to request restriction of processing (Art. 18 GDPR). To receive your data in a portable format and have it transmitted to another controller where technically feasible (Art. 20 GDPR). To object to future processing of your data carried out on the basis of our legitimate interests (Art. 21 GDPR), including objecting to processing for direct marketing at any time. To withdraw any consent you have given, at any time, with future effect (Art. 7 Para. 3 GDPR). And to lodge a complaint with a supervisory authority if you believe your data is being processed unlawfully (Art. 77 GDPR). In the UK that authority is the Information Commissioner's Office (ICO).

3. How long we keep your data

Your data is deleted or blocked as soon as the purpose for storing it no longer applies, unless we are required by law (for example tax or accounting rules) to keep it longer, or unless stated otherwise below.

4. Cookies and consent

We use a small number of cookies. Some are strictly necessary to make the site work and to remember your cookie preferences, so the consent banner does not reappear on every visit. Where cookies are not strictly necessary, we only set them after you have given consent through our cookie banner. The legal basis for strictly necessary cookies is our legitimate interest in operating a secure, functional website (Art. 6 Para. 1 lit. f GDPR); for all other cookies it is your consent (Art. 6 Para. 1 lit. a GDPR). You can refuse or delete cookies at any time through your browser settings, though some features may then not work fully.

5. Contacting us and form submissions

When you contact us by email, through our contact form, or through our waitlist form, the information you provide (such as your name, email address, and the details of your message) is used solely to handle and respond to your enquiry. Our website forms are delivered using Formspree, a service of Formspree, Inc. (USA), which processes the submission and forwards it to us. The legal basis is the steps taken at your request prior to entering a contract and our legitimate interest in responding to you (Art. 6 Para. 1 lit. b and lit. f GDPR). We keep this data only as long as needed to deal with your enquiry and any resulting relationship, subject to legal retention requirements. Formspree's privacy policy: https://formspree.io/legal/privacy-policy/

6. Booking a call (Calendly)

To let you book a call with us, we use Calendly, a service of Calendly LLC (USA). When you schedule through Calendly, the data you enter (such as your name, email address, and any details you add) is processed by Calendly to manage the booking and send reminders. The legal basis is the steps taken at your request prior to a contract and our legitimate interest in arranging meetings efficiently (Art. 6 Para. 1 lit. b and lit. f GDPR). Calendly's privacy policy: https://calendly.com/privacy

7. Email, marketing and CRM (HubSpot)

We use HubSpot, a service of HubSpot, Inc. (USA), to manage contacts, handle enquiries, and, where you have opted in, to send you emails and newsletters. If you sign up to hear from us, the data you provide (such as your name and email address) and basic engagement data (such as whether an email was opened or a link clicked) is processed to send and improve our communications. The legal basis for marketing emails is your consent (Art. 6 Para. 1 lit. a GDPR), and for managing enquiries and our client relationships it is our legitimate interest and the performance of a contract (Art. 6 Para. 1 lit. f and lit. b GDPR). You can withdraw consent or unsubscribe at any time using the link in any email or by contacting us. HubSpot's privacy policy: https://legal.hubspot.com/privacy-policy

8. Fonts (Google Fonts)

To display our website consistently we use Google Fonts, provided by Google Ireland Limited. When fonts are loaded, your browser may connect to Google servers, which can involve your IP address being processed. The legal basis is our legitimate interest in a consistent, well-presented website (Art. 6 Para. 1 lit. f GDPR). Google's privacy policy: https://policies.google.com/privacy

9. Hosting and security (Cloudflare)

Our website is delivered and secured using Cloudflare, a service of Cloudflare, Inc. (USA), acting as a content delivery network. When you visit, your request passes through Cloudflare's servers, and standard access data may be processed, including your IP address, the pages you view, your browser type and version, your operating system, the referring website, and the time and frequency of your visits. This is used to deliver the site quickly and to protect it from attacks and abuse. The legal basis is our legitimate interest in the secure, performant operation of our website (Art. 6 Para. 1 lit. f GDPR). Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/

10. Our social media profiles

We maintain profiles on LinkedIn and Instagram to share our work and communicate with clients and prospects. If you visit or interact with these profiles, the platform processes your data under its own privacy policy, and we have no control over and limited access to that processing. If you are logged in to the platform, it may link your activity to your account. The legal basis for our presence is our legitimate interest in promoting our services and engaging with our audience (Art. 6 Para. 1 lit. f GDPR). See LinkedIn's policy at https://www.linkedin.com/legal/privacy-policy and Instagram's at https://help.instagram.com/519522125107875

11. International transfers

Some of the providers above are based outside the UK and EU, including in the United States. Where your data is transferred internationally, we rely on appropriate safeguards such as the providers' standard contractual clauses or equivalent mechanisms. This can carry additional risk, as access and enforcement may be harder than within the UK or EU.

12. Changes to this policy

We may update this policy from time to time to reflect changes in our tools, services, or the law. The current version is always the one published on this page, with the last updated date shown at the top. If you have any questions, contact us at joybrian@joybrian.uk.

← Back home