This Privacy Policy (“Privacy Policy”) is effective on February 2024.

  1. Overview

This Privacy Policy applies to Brave Peace Pty Ltd, Heat’s affiliates and subsidiaries (collectively, "we", "us", "our" and "Heat"). This Privacy Policy describes how Heat collects and uses the Personal Information (as defined in section 2) , including through our websites: It also describes the choices available to you regarding uses of your Personal Information and how you can access and update this information.

At Heat, we are committed to protecting the privacy of our users. We do not share any Personal Information with Third Parties (as defined in section 2) in ways that are not disclosed in this Privacy Policy.

Visitors to the Site can access much of the Site, including viewing events, checking show dates, browsing information about Heat policies, and accessing help content. Heat’s products available to members and visitors are collectively referred to as "Services".

By using the Site, you acknowledge the collection, use and disclosure of your Personal Information as described below. This Privacy Policy may change from time to time, so please check back periodically. If we make material changes to this Privacy Policy, we will notify you here, by e-mail, or by means of a notice on the Site's home page prior to the change becoming effective.


  1. Definitions

The following capitalized terms shall have the meanings herein as set forth below.

  • "Agent" means any Third Party that Processes Personal Information pursuant to the instructions of, and solely for, Heat or to which Heat discloses Personal Information for use on its behalf.
  • "Employee" refers to any current, temporary, permanent, prospective or former Agent, director, contractor, worker, or retiree of Heat and/or its subsidiaries worldwide.
  • "Personal Information" is any information or opinion relating to an identified or identifiable natural person ("Individual"), without limitation to meaning given to the terms ‘personal information’ in the Privacy Act 1988 (Cth) (“Australian Privacy Law”), ‘personal data’ in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) and California Consumer Privacy Act of 2018 (“CCPA”).
  • "Process" or "Processing" means any operation or set of operations which is performed upon Personal Information or sets thereof, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • "Services" means all of Heat’s products available to Heat’s customers.
  • "Site" includes Heat’s website,
  • "Third Party" is any company, natural or legal person, public authority, agency, or body other than the Individual, Heat or Heat’s Agents.


  1. How We Collect and Use Your Personal Information

3.1 Mobile Application

When you download one of our mobile applications onto your device and use our Services, if applicable, we automatically collect information on the type of device you use (device identifier) and operating system version.

We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. We do not link the information we store within the analytics software to any Personal Information you submit within the mobile application.

3.2 Your IP Address

We use your IP address to help diagnose problems with our servers and to administer the Site. Your IP address is used to help identify you. and to gather broad demographic information about our members. Under the GDPR, your IP address constitutes Personal Information under the GDPR, and where you can reasonably be identified also constitutes Personal Information under the Australian Privacy Law. Your IP address is recorded when visiting the Site, joining our mailing list and making purchases. This enables us to detect and prevent fraudulent activity.

3.3 Cookies and Tracking Technologies

Technologies such as cookies or similar technologies are used by Heat and our partners, , or analytics or service providers (e.g. advertising, analytics, and monitoring partners). These technologies are essentially small data files placed on your computer, tablet, mobile phone or other device (collectively, "devices") and are used in analyzing trends, administering the Site, tracking users' movements around the Site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies on an individual as well as aggregated basis (such information constituting Personal Information under the GDPR, due to a natural person being associated with such online identifier).

We use cookies for authentication and tracking. You can set your browser to accept or reject all cookies, or notify you when a cookie is sent. If you reject cookies or delete our cookies, you may still use our Site, but your ability to use some features or areas of our Site may be limited. Your continued use of our Site will be considered as your acceptance of the use of cookies on our Site as described above.

3.4 Log Files

As is true of most websites, we gather certain information automatically and store it in log files. This information may include IP addresses, browser type, internet service provider ("ISP"), referring/exit pages, operating system, date/time stamp, clickstream data, and/or similar data.

We may combine this automatically collected log information with other information we collect about you. We do this to improve Services we offer you, and to improve marketing, analytics, or site functionality.

Please note, Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

3.5 Behavioral Targeting/Re-Targeting

We may partner with Third-Party ad networks to either display advertising on our Site or to manage our advertising on other sites. Our ad network partners may use cookies and web beacons to collect information about your activities on this and other websites to provide you targeted advertising based upon your interests. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt out. Please note this does not opt you out of being served other advertising. You will continue to receive other ads.

3.6 Social Media Widgets

Our site includes social media features and other similar features or interactive mini-programs that run on our Site. These features may collect your IP address, which page you are visiting on our Site, and may set a cookie to enable the features to function properly. Social media features and widgets are either hosted by a Third Party or hosted directly on our Site. Your interactions with these features and the social media pages themselves (e.g. posts, responses on surveys, competitions) are governed by the Privacy Policy of the company providing them.

3.7 Single Sign-On

You can log in to our Site using sign-in services. These services will authenticate your identity and provide you the option to share certain Personal Information with us such as your name and email address to pre-populate our sign-up form. Additionally, any Personal Information we collect from you to register for our loyalty program (if available).

3.8 Information We Request Directly From You

The Site's signup forms, purchase forms, contact us forms, surveys and contests may require you to give us certain information including but not limited to contact information (such as your name and email address), unique identifiers (such as a username and password), and demographic information (such as your post/ZIP code or age). Purchase forms require financial information (such as your account or credit card numbers and billing address) as well. You may be asked to provide a shipping address if the products you purchase will be delivered by mail. We also have CCTV installed in some of our stores and head office premises, as indicated by signage at the premises, and this will capture your images. Should you injure yourself in our store, our sales staff or customer services departments may collect also your Personal Information.

3.9 User Data Supplementation

We may receive information about you from other sources, including publicly available databases or Third Parties from whom we have lawfully purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new users, and provide products and services that may be of interest to you. If you provide us with Personal Information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.

Examples of the types of Personal Information that may be obtained from public sources or purchased from Third Parties and combined with information we already have about you, may include:

  • Address information about you from Third-Party sources, such as the U.S. Postal Service, to verify your address so we can properly ship your products to you and to prevent fraud; and
  • Purchased marketing data about our users from Third Parties that is combined with information we already have about you, to create more tailored event recommendations.

3.10 Human Resources Data

Heat collects Personal Information from current, prospective, and former Employees, including their contact points in case of a medical emergency, and beneficiaries under any insurance policy ("Human Resources Data"). We collect this Human Resources Data in three primary ways:

  • Human Resources Data that you give to us;
  • Human Resources Data that we receive from other sources (e.g. third party background checks); and
  • Human Resources Data we collect automatically (e.g. when you use our systems and devices).

The Human Resources Data we collect may include title, name, address, phone number, email address, date of birth, passport number, driver's license number, Social Security number or other government-issued identification number, financial information related to credit checks, bank details for payroll, taxation and superannuation details, information that may be recorded on a CV or application form, language abilities, contact information of third parties in case of an emergency and beneficiaries under any insurance policy. We may also collect Human Resources Data that is Personal Information of a sensitive nature ("Sensitive Personal Information") such as details of health and disability including mental health, medical leave, and maternity leave, next of kin; information about national origin or immigration status; biometric information (from time and attendance scanning in selected stores); and optional demographic information such as ethnicity, which helps us achieve our diversity goals.

3.11 Unsolicited Personal Information

In the event we collect Personal Information from you, or a Third Party, in circumstances where we have not requested or solicited that information (known as unsolicited information), and it is determined by Heat (in its absolute discretion) that the Personal Information is not required, we will destroy the information to ensure that the information is de-identified. However, where such unsolicited information is collected in connection to your future potential employment with Heat, we may keep this Personal Information.


  1. How we use your Personal Information

4.1 Contact Information

Your contact information is used to contact you when necessary in connection with transactions entered into by you on the Site. Your credit or debit card information, details utilised for buy-now-pay-later schemes (offered through a third party provider) and/or demographic information will not be disclosed. Your billing address will also not be disclosed unless it is also the shipping address. For some purchases, we may require additional permission from you to disclose other Personal Information such as your email address. A notice of what Personal Information and how it will be used will appear during the checkout process.

We also use customer contact information we collect in order to send you information and offers from Heat. We carefully select the information we send in an effort to provide you information that offers real value to you, such as discounts or exclusive offers. You may opt-out of notifications by editing your email subscription.

4.2 Feedback and Ratings

If you buy a product on the Site, we may solicit you by email for your feedback on the experience. Feedback may include ratings, reviews, names, taglines and/or photos. If you choose to give us feedback and you make your feedback public, it will be displayed on the Site in association with the specific product. In the event that you discontinue your membership, all feedback and your member profile will be considered not public and will not be published on the Site. To request removal of your Personal Information from these posted feedbacks, please contact us. For further information, please see section 9.4 below.

We strongly discourage you from disclosing any Personal Information, such as email addresses, phone numbers or credit card information, in your feedback, especially if you've chosen to make it public. If you disclose any Personal Information in your feedback that you have chosen to make public, anyone will be able to see this information on our Site.

From time to time, Heat may want to reprint or reuse feedback as a testimonial or quote outside of the Site. When such occasions arise, we will contact you to obtain your consent.

4.3 Demographic Information

We use demographic information to tailor the Site to the interests of our users.

4.4 Marketing

We may use your Personal Information to contact you and provide you with marketing materials via social and direct messages, email, SMS, messaging applications and telephone. If you no longer wish to receive marketing materials from us, you may:

  • Contact us at; or
  • Click on the unsubscribe link on any marketing email you receive from us.

If you opt out of receiving marketing materials, you may continue to receive transaction-related emails regarding your purchases, information through other platforms and other non-marketing communications.

Without limitation to section 4.5, under the Australian Privacy Law, if you have provided inferred or implied consent (e.g. not opting out where an opt-out opportunity has been provided to you) or if it is within your reasonable expectation that we send you direct marketing communication given the transaction or communication you have had with us, then we may also use your Personal Information for the purpose of sending you such direct marketing communications.

4.5 Processing Required by Law

We may access, preserve, process, and disclose your Personal Information, other account information, and content if we believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) respond to your requests; (iii) protect yours', ours' or others' rights, property, or safety; (iv) to enforce Heat policies or contracts; (v) to collect amounts owed to Heat; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) if we, in good faith, believe that disclosure is otherwise necessary or advisable.

4.6 Human Resources Data

  • Workflow management, including assigning, managing and administering projects
  • Human resources administration and communication
  • Payroll and the provision of benefits
  • Compensation, including bonuses and long-term incentive administration, stock plan administration, compensation analysis, including monitoring overtime and compliance with labor laws, and company recognition programs
  • Job grading activities
  • Performance and employee development management
  • Organizational development and succession planning
  • Benefits and personnel administration
  • Absence management
  • Helpdesk and IT support services
  • Regulatory compliance
  • Internal and/or external or governmental compliance investigations
  • Internal or external audits
  • Litigation evaluation, prosecution, and defense
  • Diversity and inclusion initiatives
  • Restructuring and relocation
  • Emergency contacts and services
  • Employee safety
  • Compliance with statutory requirements
  • Processing of Employee expenses and travel charges; and
  • Acquisitions, divestitures, and integrations.

4.7 Other Uses

In addition to direct marketing and individual or market research, we may use your Personal Information for other purposes in which we have a legitimate interest, such as:

  • when it is disclosed or used for a purpose related to the primary purposes of collection detailed above and you would reasonably expect your Personal Information to be used or disclosed for such a purpose in accordance with Australian Privacy Law; and
  • anti-fraud protection, or any other purpose disclosed to you at the time you provide Personal Information to us or when you provide us with your consent.


  1. User Profiles

When you join Heat, the profile you create on our Site will be publicly accessible unless otherwise indicated. You may change the privacy settings of your profile through your account portal.

Due to the nature of the goods and services we provide, it is only practicable or reasonable for Heat to transact and correspond with you on a named basis.


  1. Other Sites/Third Party Vendors and Their Privacy Policies

The Site may contain links to other websites. Heat is not responsible for the privacy practices or the content of such websites or for the privacy policies and practices of other third parties.


  1. Disclosure of Your Personal Information

Where appropriate and in accordance with local laws and requirements, we may share certain of your Personal Information, in various ways and for various reasons, with the following categories recipients:

7.1 Service Providers

We may disclose your Personal Information to Third Party service providers who require access to such information for the purpose of providing specific services to us. These Third Parties will generally only be able to access your Personal Information in order to provide us with their services and will not be able to use it for their own purposes. Such Third Party service providers may include IT services providers, payment services providers, and customer services providers.

Heat  has executed appropriate contracts with the service providers that permit use or sharing of Personal Information necessary to perform the contracted services on our behalf or to comply with applicable legal requirements.

7.2 Related Entities and Business Partners

Heat may share Personal Information with our business partners and affiliates for our and our affiliates' internal business purposes or to provide you with a product or service that you have requested.

Heat may also provide Personal Information to business partners with whom we may jointly offer products or services, or whose products or services we believe may be of interest to you. In such cases, our business partner's name will appear, along with Heat.

7.3 Third Party Marketing

Heat may allow Third-Party advertising partners to set tracking tools (e.g., cookies) to collect information regarding your activities (e.g., your IP address, page(s) visited, time of day) as described in section 3.3. We may also share such anonymized information as well as selected Personal Information (such as demographic information and past purchase history) we have collected with Third-Party advertising partners. These advertising partners may use this information (and similar information collected from other websites) for purposes of delivering targeted advertisements to you when you visit non- Heat related websites within their networks as discussed in Section 3.16. This practice is commonly referred to as "interest-based advertising" or "online behavioral advertising." We may allow access to other data collected by the Site to facilitate transmittal of information that may be useful, relevant, valuable or otherwise of interest to you.

If you prefer that we do not share your Personal Information with Third-Party advertising partners, you may opt out of such sharing at no cost by following the instructions in section 8.

7.4 Regulatory Bodies

We may disclose your Personal Information:

  • to data protection regulatory authorities
  • to law enforcement agencies and in response to an enquiry from a government agency; and
  • to other regulatory authorities with jurisdiction over our activities.

7.5 Replacement Providers

In the event that we sell or buy any business assets, we may disclose your Personal Information to the prospective seller or buyer of such business or assets.

If Heat or substantially all of its assets are acquired by a Third Party, Personal Information held by us about our clients will be one of the transferred assets. If we are involved in a financing due diligence, reorganization, bankruptcy, receivership, or transition of service to another provider, then your Personal Information may be one of the transferred assets.

7.6 Professional advisors and auditors

We may disclose your Personal Information to professional advisors (such as legal advisors and accountants) or auditors for the purpose of providing professional services to us.


  1. International Data Transfers

Our headquarters are in the Byron Bay Australia, but our customers are based all over the world. The Personal Information that we collect from you may be transferred to, and stored at, destinations both within and outside the United States. In particular, it may be stored in or transferred to Australia and the European Union.

By submitting your Personal Information to Heat, you expressly agree and consent to the disclosure, transfer, storing or Processing of your Personal Information in such locations (which may be outside Australia). In providing this consent, you understand and acknowledge that counties outside Australia do not always have the same privacy protection obligations as Australia in relation to Personal Information.

In compliance with data protection laws (including the Australian Privacy Law and GDPR), we will take steps that are reasonable in the circumstances to ensure that your Personal Information is stored and transferred in a way which is secure and does not breach the privacy principles in the Australian Privacy Law and GDPR. Specifically, under the Australian Privacy Law, by providing your consent to such transfers, we are not required to take such steps as may be reasonable in the circumstances.

If we transfer your Personal Information overseas and where the country or territory in question does not maintain adequate information protection standards, we will take all reasonable steps to ensure that your information is treated securely and in accordance with this Privacy Policy.


  1. Your Rights in Relation to Your Personal Information under the GDPR

In accordance with data protection laws, you may have various rights in relation to the information which we hold about you.

To get in touch with us about any of these rights, please contact us at

We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.

For those individuals in the European Union who engage with us, under the GDPR you have the following rights in section 9.1-9.8 relation to your Personal Information.

9.1 Right to object

This right enables you to object to us Processing your Personal Information where we do so for one of the following reasons:

  • because it is in our legitimate interests to do so
  • to enable us to perform a task in the public interest or exercise official authority
  • to send you direct marketing materials; or
  • for scientific, historical, research, or statistical purposes.

9.2 Right to withdraw consent

Where we have obtained your consent to Process your Personal Information for certain activities, you may withdraw this consent at any time and we will cease to use your information for that purpose unless we consider that there is an alternative legal basis to justify our continued Processing of your information for this purpose, in which case we will inform you of this condition.

9.3 Data Subject Access Requests

You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.

9.4 Right to erasure

You have the right to request that we "erase" your Personal Information in certain circumstances. Normally, this right exists where:

  • The information are no longer necessary
  • You have withdrawn your consent to us using your Personal Information, and there is no other valid reason for us to continue
  • The Personal Information has been Processed unlawfully
  • It is necessary for the Personal Information to be erased in order for us to comply with our obligations under law or
  • You object to the Processing and we are unable to demonstrate overriding legitimate grounds for our continued Processing.

We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so.

When complying with a valid request for the erasure of Personal Information we will take all reasonably practicable steps to delete the relevant information.

9.5 Right to restrict Processing

You have the right to request that we restrict our Processing of your Personal Information in certain circumstances, for example if you dispute the accuracy of the Personal Information that we hold about you or you object to our Processing of your Personal Information for our legitimate interests. If we have shared your Personal Information with Third Parties, we will notify them about the restricted Processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on Processing your Personal Information.

9.6 Right to rectification

You have the right to request that we rectify any inaccurate or incomplete Personal Information that we hold about you. If we have shared this Personal Information with Third Parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the Third Parties that we have disclosed the inaccurate or incomplete Personal Information to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.

Please note, the Site also gives you the opportunity to modify the account information you have provided to us through our edit account page. If you have created a public profile on our Site, you can modify the profile information you have provided to us by editing feedback in your profile. Modifying your account information or profile information in this way will not modify information which we have collected as part of a purchase in our transactions database.

9.7 Right of information portability

In certain circumstances, you may have the right to transfer your Personal Information between service providers. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your information in a commonly used machine-readable format so that you can transfer the information. Alternatively, we may directly transfer the information for you.

9.8 Right to complain

You have the right to lodge a complaint with your local data protection authority.

Information on how to contact each of the European data protection authorities can be found on the European Commission website here.


  1. Retention of Your Personal Information

We will not keep your Personal Information for longer than is necessary for the purposes for which we have collected it, unless we believe that the law or other regulation requires us to keep it (for example, because of a request by a tax authority or in connection with any anticipated litigation) or if we require it to enforce our agreements.

In general, we will retain your Personal Information for as long as your account is active, and for as long as is required under legislation after you delete your account and, following that period, we will only retain your Personal Information for as long as is reasonably necessary in the circumstances.

When it is no longer necessary to retain your Personal Information, we will delete the Personal Information that we hold about you from our systems. While we will endeavour to permanently erase your Personal Information once it reaches the end of its retention period, some of your Personal Information may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our Employees will not have any access to it or use it again.


  1. Our Security Precautions

We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once it is received. The Personal Information that you provide to us is stored on servers, which are located in secured facilities with restricted access, and protected by protocols and procedures designed to maintain the security of your Personal Information when you complete a transaction or access your Personal Information. We will take reasonable steps to protect your Personal Information from misuse, loss, unauthorised access, modification or disclosure through such security measures; and destroy or permanently de-identify information where it is no longer required (refer to section 10).

However, no server, computer or communications network or system, or data transmission over the Internet can be guaranteed to be 100% secure. Therefore, we cannot guarantee its absolute security. You send information over the internet entirely at your own risk. Although we will do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted over the internet and we do not warrant the security of any information, including Personal Information, which you transmit to us over the internet.

By using the Site or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Site. If we learn of a security system’s breach, we may endeavor to attempt to notify you electronically by posting a notice on the Site or sending an e-mail to you. You may have a legal right to receive this notice in writing.

If you have any questions about security on our Website, you can contact us at


  1. Legal conditions for Processing your Personal Information

For our customers located in the EU, the GDPR requires us to provide you with certain information regarding our legal bases for processing your Personal Information. We have set these out below.

12.1 Where using your information is in our legitimate interest

We are allowed to use your Personal Information where it is in our interests to do so, and those interests aren't outweighed by any potential prejudice to you.

We believe that our use of your Personal Information is within a number of our legitimate interests, including but not limited to:

  • To enable us to provide our products to our customers
  • To provide you with marketing communications about our products and services
  • To help us understand our customers better and provide better, more relevant products to them
  • To help us keep our systems secure and prevent unauthorized access or cyber-attacks and
  • To drive commercial value for the benefit of our shareholders.

We don't think that any of the activities set out in this Privacy Policy will prejudice you in any way. However, you do have the right to object to us Processing your Personal Information on this basis. We have set out details regarding how you can go about doing this in section 9 above.

12.2 Where you give us consent to use your Personal Information

We are allowed to use your Personal Information where you have specifically consented. In order for your consent to be valid:

  • It has to be given freely, without us putting you under any type of pressure
  • You have to know what you are consenting to – so we'll make sure we give you enough information
  • You should only be asked to consent to one thing at a time – we therefore avoid "bundling" consents together so that you don't know exactly what you're agreeing to and
  • You need to take positive and affirmative action in giving us your consent – we're likely to provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion.

As part of our relationship with you, we may ask you for specific consents to allow us to use your information in certain ways. If we require your consent, we will provide you with sufficient information so that you can decide whether or not you wish to consent.

You have the right to withdraw your consent at any time. We have set out details regarding how you can go about this in this Privacy Policy.

12.3 Where using your Personal Information is necessary for us to carry out our obligations under our contract with you

We are allowed to use your Personal Information when it is necessary to do so for the performance of our contract with you. For example, we need to collect your payment details in order to be able to process payments for our products and services.

12.4 Where Processing your Personal Information is necessary for us to carry out our legal obligations

As well as our obligations to you under any contract, we also have other legal obligations that we need to comply with and we are allowed to use your Personal Information when we need to in order to comply with those other legal obligations

12.5 Where processing your Sensitive Personal Information is necessary for us to exercise our rights or carry out our employment and social security law obligations

If you are an Employee, sometimes it will be necessary for us to process your Sensitive Personal Information during the course of any employment relationship with you.

If you are an Employee, we may process your Sensitive Personal Information for the purpose of ensuring our compliance with our equal opportunities obligations where this is in accordance with local law, but we may also process other elements of your Sensitive Personal Information during the course of your employment for other reasons.

If you are an Employee, where appropriate and in accordance with any local laws and requirements, we may also process your medical data to enable us to provide you with adequate support if you suffer from a health condition or disability, for example by sharing medical information about you with an occupational health specialist, in order to determine prognosis and return to work arrangements, and to assess your working capacity more generally.

12.6 Where processing your Sensitive Personal Information is necessary for us to assess your work capacity

If you are an Employee, where we wish to engage an occupational health specialist in order to determine prognosis and return to work arrangements and to assess your working capacity more generally, applicable data protection law may provide this advisor with a legal basis for processing this Sensitive Personal Information. This can only be used by health professionals who have an obligation of professional secrecy.

12.7 Where processing your Personal Information is necessary for us to establish, exercise or defend legal claims

If you are an Employee, sometimes it may be necessary for us to process Personal Information and Sensitive Personal Information in connection with exercising or defending legal claims. Applicable data protection law may allow us to do this where the processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.


  1. Children’s Privacy

Users must be 18 years of age or older to purchase products through the Site. The Services are not directed to children under 16 years of age, and Heat does not knowingly collect Personal Information from children under 16 years of age. If you learn that your child has provided us with Personal Information without your consent, you may alert us at If we learn that we have collected any Personal Information from children under 16 years old, we will promptly take steps to delete such information and terminate the child's account.


  1. California Consumer Privacy Act of 2018 (“CCPA”)

The categories of Personal Information we have collected about consumers and disclosed about consumers for a business purpose in the preceding 12 months are:

Identifiers such as a real name, alias, postal address, email address, unique personal or online identifier, Internet Protocol address, account name;

  • Categories of personal information including physical characteristics or description, telephone number, credit card number, debit card number; education and employment or employment history (for recruiting and employment purposes);
  • Characteristics of protected classifications under California or federal law limited to gender and age;
  • Commercial information, including products or services purchased, obtained, or considered; other purchasing or consuming histories or tendencies;
  • Internet or other electronic network activity information, including, browsing history, search history, and information regarding a consumer’s interaction with an internet website, or advertisement;
  • Geolocation data;
  • Professional or employment-related information; and
  • Inferences drawn from any of the information identified to create a profile about a consumer reflecting the consumer’s preferences, intelligence, abilities, and aptitudes.

We do not sell Personal Information and have not sold Personal Information about consumers in the preceding 12 months.

Personal Information subject rights under the CCPA may apply to certain individuals and households. These rights include the right to: (i) know what Personal Information is being collected about them, (ii) know whether their Personal Information is sold or disclosed and to whom, (iii) say no to the sale of Personal information, (iv) access their Personal Information, and (v) equal service and price, even if privacy rights are exercised.


  1. Redress and Accountability

If you have any questions or concerns about this Privacy Policy, Heat practices, or how to lodge a complaint with the appropriate authority, please email us at

Information on how to contact each of the European data protection authorities can be found on the European Commission website.