Heroic Man Privacy Policy

Effective date: [02/09/2025]

This Privacy Policy explains how Heroic Man (the "Company", "we", "us", or "our") collects, uses, discloses, and protects your personal data when you visit our websites, join our newsletter, work with us 1:1 or in groups, attend our events/retreats, or interact with our advertising (including LinkedIn Ads and the LinkedIn Insight Tag).

We act as data controller for this processing. This notice is written to meet the requirements of the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). If you are in the EEA, we apply equivalent standards and appropriate transfer safeguards (see International Transfers).

1) Who we are & how to contact us

Controller: [Heroic Man Ltd]
Email: [support@heroicman.com]

2) The data we collect

We collect, use, and store the following categories of personal data:

A. Identity & Contact – name, email, phone, postal address, job title, employer, social profile/handle.
B. Account & Profile – login details, preferences, interests, programme membership, attendance, community participation.
C. Communications – emails, messages, DM interactions, call notes/coaching notes.
D. Transaction & Payment – purchases, amounts, currency, billing address, last-4 of card (via payment processor), refunds.
E. Event/Retreat Data – registrations, dietary preferences, emergency contact, travel details (if provided), waivers.
F. Special Category Data (sensitive) – information relating to physical/mental health, breathwork/medical history, injuries, or other wellbeing data you choose to share in forms, intake, or sessions. We only process this with your explicit consent (see Lawful Bases).
G. Child Data – our services are primarily for adults. We only process a child’s data (e.g., Fathers & Sons events) with verified parental consent.
H. Technical & Usage – IP address, device, browser, approximate location, pages viewed, actions on site, referring source, cookies and similar technologies.
I. Marketing & Advertising – email engagement (opens/clicks), ad interactions, audience membership for LinkedIn/other platforms where permitted.

We may receive data from third parties such as: payment processors (e.g., Stripe), scheduling tools (e.g., Calendly), video/event platforms (e.g., Zoom/Eventbrite), community/LMS platforms (e.g., Skool), analytics and advertising partners (e.g., LinkedIn), and social networks.

3) Why we use your data (purposes) & lawful bases

PurposeCategoriesLawful BasisProvide and administer our coaching, programmes, events, retreats, and communityA, B, C, D, EContract (Art. 6(1)(b)); Legitimate Interests (service delivery)Manage accounts, payments, invoices, and fraud preventionA, C, DContract; Legal Obligation (tax/records); Legitimate InterestsClient onboarding, assessments, and supportA, B, C, EContract; Legitimate InterestsProcess Special Category Data for breathwork/intake/health-related safetyFExplicit Consent (Art. 9(2)(a)); you may withdraw at any timeRun events safely (e.g., emergency contacts, dietary needs)A, ELegitimate Interests; Vital Interests (in an emergency)Send service communications (e.g., confirmations, updates)A, B, CContract; Legitimate InterestsSend marketing (newsletter, offers, updates)A, B, IConsent (PECR) or Soft Opt‑in for similar products/services; You can opt out anytimeMeasure and improve our content, products, and servicesA, B, H, ILegitimate InterestsAnalytics, cookies, retargeting (e.g., LinkedIn Insight Tag)H, IConsent (for non‑essential cookies under PECR)Respond to enquiries, support, complaintsA, CLegitimate InterestsLegal, compliance, and record-keepingA–ILegal Obligation; Legitimate Interests

4) Marketing & your choices

  • Email/SMS marketing: We rely on consent (or PECR soft opt‑in where you bought something similar from us and didn’t opt out). You can unsubscribe at any time using the link in our emails or by contacting us.

  • LinkedIn advertising: We use the LinkedIn Insight Tag for measurement, audience creation, and retargeting. This uses cookies and similar tech and may build audiences based on site activity. We only deploy advertising/analytics cookies with your consent via our cookie banner. You can control LinkedIn ad settings in your LinkedIn account and via our Cookie Preferences link (see Cookies below).

We do not sell your personal data.

5) Cookies & similar technologies

We use first- and third‑party cookies, pixels, and local storage to (i) make the site work, (ii) measure performance, and (iii) personalise/retarget ads (e.g., LinkedIn Insight Tag). Under PECR, we will only set non‑essential(analytics/advertising) cookies with your consent.

You can manage preferences at any time via the Cookie Preferences link on our site, and through your browser settings. Blocking some cookies may impact site functionality.

Categories we use:

  • Strictly necessary (site security, basic functionality)

  • Performance/analytics (aggregate usage and improvements)

  • Advertising/retargeting (LinkedIn and similar partners)

6) Disclosures & recipients

We share data with trusted service providers (processors) under contract who help us run our business, for example:

  • Technology & Hosting: website host, cloud storage, email service, CRM.

  • Payments: Stripe or similar.

  • Scheduling & Video: Calendly; Zoom/Google Meet.

  • Community/LMS: Skool or similar.

  • Events/Bookings: Eventbrite or similar.

  • Analytics & Ads: LinkedIn (Insight Tag, lead gen forms), analytics tools.

  • Professional services: accountants, lawyers, insurers (where necessary).

We require processors to keep data secure, act only on our instructions, and delete/return data at end of service.

We may also share data where required by law, to protect rights/safety, during business reorganisation, or with your consent.

7) International transfers

Some recipients are located outside the UK/EEA. Where we transfer personal data internationally, we use appropriate safeguards, such as:

  • the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (SCCs);

  • other mechanisms permitted by law.

You can request copies of relevant transfer safeguards by contacting us.

8) Data retention

We keep personal data only as long as necessary for the purposes above, including to meet legal, accounting, or reporting requirements. Typical periods:

  • Client & transaction records: up to 7 years (tax/legal).

  • Coaching notes/intake (non‑special category): up to 6 years after last interaction unless you ask us to delete sooner where permitted.

  • Special Category Data (health/wellbeing): retained only with consent and usually deleted within 24 months after programme/event completion unless we are required to keep it longer for safety/legal reasons.

  • Marketing data: until you unsubscribe or after 24 months of inactivity, whichever occurs first.

We will securely delete or anonymise data when it is no longer needed.

9) Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, least‑privilege practices, regular reviews, and processor due diligence. However, no method is 100% secure.

10) Your rights (UK/EEA)

You have the right to:

  • Access your personal data and get a copy;

  • Rectify inaccurate or incomplete data;

  • Erase data in certain circumstances;

  • Restrict processing in certain circumstances;

  • Data portability to another controller (where technically feasible);

  • Object to processing based on legitimate interests, including profiling;

  • Object at any time to direct marketing (we will stop immediately);

  • Withdraw consent at any time (this won’t affect prior lawful processing).

To exercise rights, contact us at [privacy@heroicman.com]. We may ask for verification to protect your data. We aim to respond within one month.

Complaints: You can complain to the UK Information Commissioner’s Office (ICO) at www.ico.org.uk or 0303 123 1113. We would appreciate the chance to resolve concerns first.

11) Children’s privacy

Our website, programmes, and marketing are primarily aimed at adults (18+). Where we run family or youth‑inclusive events, we will only process a child’s data with the verified consent of a parent/guardian and for event safety/admin purposes.

12) Automated decision-making & profiling

We do not make decisions with legal or similarly significant effects solely by automated means. We may use profiling for marketing (e.g., LinkedIn retargeting segments) based on your consent to advertising cookies. You can withdraw consent via our cookie preferences at any time.

13) LinkedIn Insight Tag & Lead Gen Forms (detail)

  • We use the LinkedIn Insight Tag to understand ad performance, build audiences, and show relevant ads. This allows LinkedIn to set/read cookies and connect your visit to your LinkedIn account if you are logged in. We only load this tag with your cookie consent.

  • If you submit LinkedIn Lead Gen Forms, LinkedIn sends us the fields you agree to share (e.g., name, email, job title). We use these details to respond to your request and for follow‑up marketing in line with this policy. You can opt out at any time.

  • See your LinkedIn privacy settings and our Cookie Preferences for controls.

14) Changes to this policy

We may update this notice from time to time. We will change the "Effective date" above and, where appropriate, notify you by email or site banner.

15) How to contact us

Questions or requests about this policy or your data?
Email: [support@heroicman.com]