How we handle personal data, in plain English.

Overview

This Privacy Policy explains how Ramon Logan Jr. (“we”, “our”, or “us”) collects, uses, shares, retains, and protects personal data when you visit ramonloganjr.com, contact us, or otherwise interact with the Platform.

We design our practices to align with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK GDPR; the UAE Federal Decree Law No. 45 of 2021 on the Protection of Personal Data Protection (UAE PDPL); the Kingdom of Saudi Arabia Personal Data Protection Law (KSA PDPL); the Singapore Personal Data Protection Act (PDPA); the Philippines Data Privacy Act of 2012 (DPA); the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA); and comparable laws across the MENA, APAC, USA, and UK regions in which our audience resides.

For the purposes of GDPR-style legislation, Ramon Logan Jr. is the data controller for personal data processed through the Platform. The controller's contact details are set out in the closing card at the bottom of this page.

What personal data we collect

We collect personal data in the following categories:

Information you provide directly

• Contact-form submissions: name, email address, and the free-text content of your message; any additional context (organisation, project type, budget, timeline) that you choose to include.
• Correspondence: the contents of emails, scheduling requests, and any documents you choose to share with us.
• Account-related data: if and when the Platform exposes authenticated areas, we will collect the identifiers and credentials necessary to operate them (for example, an email address, a hashed password, OAuth identifiers, or multi-factor enrolment metadata).

Information collected automatically

• Device & connection data: IP address, user-agent string, device type, operating system, browser, screen dimensions, language, and referring URL.
• Usage data: pages viewed, navigation paths, time on page, clicks, and other interaction signals captured for analytics and performance.
• Cookies & similar technologies: see the Cookie Policy for a full breakdown of the cookies, local-storage keys, and tags we may set and the categories under which they fall.
• Diagnostic data: error reports, stack traces, and performance traces generated by client-side tooling when something goes wrong.

Information received from third parties

• Service providers: hosting platforms, content-delivery networks, email-delivery providers, and analytics processors may relay technical data to us in the course of delivering their service.
• Public sources: where you have made information publicly available (for example, on a professional network) and use that channel to contact us, we may receive limited profile data through that channel.

How we use personal data

We process personal data for the following purposes:

• Operate and secure the Platform: serve pages, route requests, authenticate users where applicable, detect and prevent abuse, and maintain the integrity of our systems.
• Respond to enquiries: read, evaluate, and reply to messages you send through the contact form or by email; schedule meetings; and progress any commercial relationship that may follow.
• Improve the Platform: analyse aggregate usage to inform editorial, design, performance, and accessibility decisions.
• Comply with legal obligations: respond to lawful requests from regulators, courts, or law-enforcement authorities and to enforce our Terms of Use.
• Communicate with you: send transactional notices about the Platform, and (only with your express opt-in) newsletters or commercial communications, from which you can unsubscribe at any time.

Lawful bases & consent

Where the GDPR, UK GDPR, or a comparable regime applies, we rely on the following lawful bases:

• Performance of a contract (or steps taken at your request prior to entering into one): to handle enquiries and deliver requested services.
• Legitimate interests: to operate, secure, and improve the Platform, to protect against fraud and abuse, and to keep our records accurate; balanced against your rights and reasonable expectations.
• Consent: for non-essential cookies and similar technologies, marketing communications, and any optional processing that requires explicit opt-in. You can withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Legal obligation: to comply with applicable laws and regulations.

For Users in jurisdictions that do not use a “lawful basis” framework (for example, the United States), we process personal data in line with notice-and-choice principles and applicable sectoral law (such as the CCPA/CPRA where it applies).

Sharing & third-party processors

We do not sell personal data, and we do not “share” personal data for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA. We disclose personal data only as follows:

• Service providers acting as processors (including hosting providers, content-delivery networks, email-delivery services, error tracking, and analytics processors) bound by written agreements that require them to process personal data only on our instructions and to maintain appropriate security.
• Professional advisers (legal, accounting, insurance) under duties of confidentiality.
• Successors in interest if any part of the business is reorganised, merged, or transferred.
• Authorities where required by law, court order, or a valid legal process, or where we believe in good faith that disclosure is necessary to protect rights, safety, or property.

International data transfers

We operate from the United Arab Emirates and engage service providers that may store or process personal data in the European Union, the United Kingdom, the United States, Singapore, the Philippines, and other jurisdictions. Where personal data is transferred from a jurisdiction with data-export restrictions (such as the EU/UK or the UAE under the PDPL), we rely on one or more of the following safeguards:

• transfer to a jurisdiction recognised by the relevant authority as providing an adequate level of protection;
• the European Commission's Standard Contractual Clauses (or the UK International Data Transfer Agreement / Addendum) with our processors;
• equivalent contractual safeguards required by the UAE PDPL, KSA PDPL, Singapore PDPA, Philippines DPA, or other applicable regimes; and
• your explicit consent or another derogation permitted by law, where appropriate.

Data retention

We keep personal data only for as long as is necessary for the purpose for which it was collected, including to meet legal, accounting, or reporting requirements:

• Contact-form submissions and correspondence: retained for up to twenty-four (24) months from last interaction, after which they are deleted or anonymised unless a longer retention period is required to establish, exercise, or defend legal claims.
• Server and access logs: retained for up to ninety (90) days for security and abuse-prevention purposes, then deleted or aggregated.
• Analytics data: retained in aggregate, non-identifiable form for as long as is needed to inform product decisions.
• Consent records: retained for the duration of the consent plus a reasonable period for evidential purposes.

Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. These include encryption in transit (TLS), restricted access on a need-to-know basis, hardened deployment pipelines, regular dependency review, and least-privilege defaults for any integrated third-party service.

No method of transmission or storage is fully secure, and we cannot guarantee absolute security. If a personal-data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority and affected individuals as required by applicable law.

Your rights

Subject to applicable law, you have one or more of the following rights in relation to your personal data:

• Access: confirm whether we process your personal data and request a copy.
• Rectification: ask us to correct inaccurate or incomplete data.
• Erasure (“right to be forgotten”): ask us to delete personal data where there is no overriding lawful basis to retain it.
• Restriction: ask us to limit how we process your data in specific circumstances.
• Objection: object to processing carried out on the basis of legitimate interests, including profiling.
• Portability: receive personal data you have provided to us in a structured, commonly used, machine-readable format.
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
• Lodge a complaint: with the supervisory authority of your habitual residence, place of work, or the place of the alleged infringement.
• Non-discrimination: exercise any of these rights without adverse treatment (CCPA/CPRA).

To exercise any of these rights, write to hello@ramonloganjr.com. We will respond within the timeframes mandated by the applicable law (generally thirty (30) days, extendable for complex requests). We may need to verify your identity before fulfilling certain requests.

Children

The Platform is not directed at children under the age of sixteen (16), and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

AI, automated decisions & training data

We do not subject your personal data to fully automated decision-making that produces legal or similarly significant effects on you. Where we use AI-assisted tools internally (for example, to draft copy or to triage enquiries), a human remains in the loop and retains editorial responsibility.

We do not use the contents of your contact-form submissions or correspondence to train external large-language or other machine-learning models, and we contractually require our processors to apply the same restriction unless you have given specific, informed consent.

Region-specific disclosures

European Union & United Kingdom

For the purposes of the GDPR and UK GDPR, the data controller is Ramon Logan Jr., reachable at hello@ramonloganjr.com. You have the right to lodge a complaint with your local supervisory authority.

United Arab Emirates

Processing within the UAE is conducted in line with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and its implementing regulations. Data-subject requests are coordinated through our UAE office of record at the address above.

Kingdom of Saudi Arabia, Qatar, Bahrain, Kuwait, Oman

Where personal data is collected from individuals in the wider GCC, we observe the principles set out in the relevant local data-protection legislation, including KSA PDPL, Qatar Law No. 13 of 2016, and equivalent frameworks.

Asia-Pacific

For Users in Singapore (PDPA), the Philippines (DPA), Hong Kong (PDPO), and comparable APAC jurisdictions, you may contact us at the address above to exercise the rights granted under applicable local law.

United States · California (CCPA/CPRA)

California residents have the right to know, the right to delete, the right to correct, the right to opt out of any “sale” or “sharing” of personal information, the right to limit the use of sensitive personal information, and the right to non-discrimination. We do not sell or share personal information as defined by the CCPA/CPRA. To submit a verifiable consumer request, email hello@ramonloganjr.com.

Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The “Effective” date in the header indicates when the current version took effect. Material changes will be highlighted on the Platform; where applicable law requires fresh consent, we will request it.