Legal

Privacy Policy

Last updated: June 2025  ·  Effective date: June 2025

---

1. Who we are

WarmHeadstart is a curated workshop and professional community format. Our registered trading name is WarmHeadstart; our contact address is Sofia, Bulgaria. References to "we", "us", or "our" in this policy refer to WarmHeadstart.

For questions about this policy or your data, contact us at hello@warmheadstart.com.

2. What data we collect and why

Workshop applications and registrations

When you apply for or register to attend a WarmHeadstart workshop, we collect:

• Your name and professional email address
• Your current role and company (for cohort curation and introductions)
• Your answers to any topic-fit or context questions in the application form
• Payment information (processed by our payment provider; we do not store card details)

We use this data solely to assess fit, confirm your place, send logistics, and enable introductions among attendees who have consented to them.

Community membership

If you join the WarmHeadstart community following an event, we hold your name, email address, professional context, and any preferences you provide. Community participation is voluntary and always opt-in.

Website and analytics

Our website uses privacy-respecting analytics (no cross-site tracking, no fingerprinting). We may collect aggregated, anonymised data on page visits to understand which content is useful. We do not use advertising pixels or third-party behavioural tracking.

Correspondence

If you contact us by email or through a contact form, we retain that correspondence to respond to you and, where relevant, to maintain a record of your interaction with us.

3. Legal basis for processing (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data under the following legal bases:

• Contract performance — processing necessary to deliver the workshop or community service you have signed up for.
• Legitimate interests — communicating with you about your registration, responding to enquiries, and maintaining basic business records. We have assessed that these interests do not override your rights.
• Consent — for any optional communications (newsletters, community updates, event announcements). You may withdraw consent at any time.
• Legal obligation — retaining financial records as required by applicable law.

4. How we store and protect your data

Attendee and community data is stored in HubSpot CRM (US-based, Privacy Shield successor framework, Standard Contractual Clauses in place). Payment processing is handled by Stripe or the applicable payment provider; we do not store payment card data ourselves.

Access to your data is restricted to those who need it to deliver our services. We do not share your data with third parties for marketing, research, or any other purpose.

We retain registration and community data for as long as the relationship is active, or for up to three years after your last interaction with us, unless a longer period is required by law (e.g. financial records, typically seven years).

5. What we do not do

• We do not publish or share attendee lists with other participants without mutual consent.
• We do not sell, rent, or trade your personal data to any third party.
• We do not use your data to send promotional messages unless you have explicitly opted in.
• We do not use social media tagging, event check-in platforms, or public RSVP tools that expose your attendance.
• We do not use AI-powered profiling or automated decision-making that produces legal or similarly significant effects.

6. Your rights

Under GDPR and equivalent legislation, you have the right to:

• Access the personal data we hold about you
• Rectification of inaccurate or incomplete data
• Erasure ("right to be forgotten") where no overriding legal obligation requires us to retain the data
• Restriction of processing in certain circumstances
• Data portability — receiving your data in a structured, machine-readable format
• Object to processing based on legitimate interests
• Withdraw consent at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, email us at hello@warmheadstart.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

7. Cookies

We use a small number of essential and analytics cookies. Please see our Cookie Policy for full details.

8. Changes to this policy

We may update this policy from time to time. If we make material changes, we will update the "last updated" date at the top of this page and, where we hold your email address, notify you directly. Continued use of our services after changes take effect constitutes acceptance of the revised policy.