Privacy Policy

Last updated: April 2026

CJT Media ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This policy explains what data we collect, how we use it, and your rights under the UK GDPR, the EU GDPR, and the Australian Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs).

1. Who we are

CJT Media is an ecommerce growth agency operated by Jordan Mulder as an Australian sole trader (ABN 55 198 063 367). "CJT Media" is a trading name pending formal business name registration. Jordan Mulder is the data controller for this website. The primary point of contact for any privacy matter is jordan@cjtmedia.com.

We are a small business and are not required to appoint a Data Protection Officer under Article 37 of the UK/EU GDPR. Jordan Mulder handles all privacy matters personally.

2. What data we collect

We only collect data you actively give us or that's needed to make the site work:

• Contact form submissions: name, email, phone (optional), website URL, and any message you send us.
• Calendar bookings (via Calendly): name, email, phone (optional), and any intake answers you provide when booking a call. This is handled by Calendly as our processor. See Calendly's privacy policy.
• Call recordings and transcripts: if you join a booked call, the session may be hosted on Zoom and recorded / transcribed by Fireflies.ai so we can share notes with you afterwards. You will be notified before any recording starts and can decline. See the Zoom privacy policy and Fireflies.ai privacy policy.
• Cookies & analytics: if you consent, we use Google Tag Manager, Google Analytics, and may use Meta or TikTok pixels to understand how people use the site. See the cookies section below.
• Server logs: IP address, browser type, referring pages, and timestamps, collected automatically by our hosting provider (Netlify) for security and diagnostics.

3. How we use your data

We use your data to:

• Respond to enquiries and deliver the services you request (e.g. the free audit).
• Administer client relationships and deliver contracted work (if you become a client).
• Understand site performance and improve the website (only with your analytics consent).
• Meet our legal, tax, and accounting obligations.

4. Legal basis for processing

Under UK/EU GDPR, we process your data on these legal bases:

• Consent: for analytics and marketing cookies.
• Legitimate interest: responding to enquiries you've sent us and running our business.
• Contract: delivering services to clients.
• Legal obligation: accounting and tax record-keeping.

5. Who we share your data with

We only share data with the service providers (processors) we use to run the business:

• Netlify: website hosting and form handling.
• Calendly: booking and scheduling.
• Zoom: video calls.
• Fireflies.ai: call recording, transcription and note-taking (only for calls where you have been notified).
• Google: analytics (GA4) and tag management (GTM).
• Meta & TikTok: advertising pixels (only with your consent).
• Email and accounting providers: to communicate with you and meet legal obligations.

We never sell your data. Where processors are based outside the UK/EU, we rely on appropriate safeguards (Standard Contractual Clauses or equivalent).

6. Cookies

We use a small number of cookies, grouped into three categories:

• Strictly necessary (always on): cjt_consent, a browser storage entry that remembers whether you accepted or rejected non-essential cookies on this site.
• Analytics (only with your consent): Google Analytics 4 cookies (e.g. _ga, _ga_*) and Google Tag Manager, used to measure anonymous, aggregated usage of the site.
• Marketing (only with your consent): pixels and cookies from Meta (e.g. _fbp), TikTok (e.g. _ttp) and Google Ads, used to measure the performance of our advertising.

Analytics and marketing cookies are only set after you click "Accept all" on the cookie banner. Until then, Google Consent Mode keeps them in a denied state. You can change your choice at any time by clearing this site's storage in your browser.

7. How long we keep your data

We keep personal data only for as long as we need it. Our standard retention periods are:

• Enquiry form submissions (non-clients): up to 24 months after our last contact, then deleted.
• Client records and correspondence: for the duration of the engagement, plus 7 years after the engagement ends, to meet Australian Taxation Office record-keeping obligations.
• Calendly booking data: retained by Calendly on our behalf per their retention policy. We delete our own copy of a booking once it is no longer needed.
• Call recordings & transcripts (Fireflies.ai): kept for the duration of the client engagement and deleted on request, or within 12 months of the call if you are not a client.
• Google Analytics 4 data: retained for 14 months (the default user-level retention in GA4).
• Server logs (Netlify): retained by our hosting provider for a short period for security and diagnostics.
• Cookie consent preference: stored in your browser until you clear it.

If you ask us to delete your data, we will do so unless we are required to keep it for a legal or tax reason, in which case we will tell you why and for how long.

8. Your rights

Under the UK GDPR and EU GDPR, you have the right to:

• Access the personal data we hold about you.
• Have inaccurate data corrected.
• Have your data deleted ("right to erasure").
• Restrict or object to processing.
• Receive a portable copy of your data.
• Withdraw consent at any time (for consent-based processing, without affecting the lawfulness of processing before withdrawal).
• Lodge a complaint with a supervisory authority. In the UK that is the Information Commissioner's Office (ICO). In the EU, it is your local data protection authority.

Under the Australian Privacy Act and the Australian Privacy Principles, you also have the right to:

• Request access to the personal information we hold about you.
• Ask us to correct personal information that is inaccurate, out of date or incomplete.
• Make a privacy complaint. We ask that you contact us first so we can try to resolve it. If you are not satisfied, you can complain to the Office of the Australian Information Commissioner (OAIC).

To exercise any of these rights, email jordan@cjtmedia.com. We will respond within 30 days.

9. Security

We take the security of your data seriously. Measures include: serving the site over HTTPS, using reputable processors (Netlify, Calendly, Zoom, Fireflies.ai, Google) that publish their own security and compliance information, using strong authentication on the accounts we use to run the business, and limiting access to personal data to people who genuinely need it. No system is 100% secure. If you become aware of a specific issue, please contact us at jordan@cjtmedia.com and we will investigate promptly.

10. Children

Our services are aimed at businesses. We don't knowingly collect data from anyone under 16.

11. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top will reflect any changes. Material changes will be highlighted on the homepage.

12. Contact

For any data or privacy questions: jordan@cjtmedia.com.