Privacy Policy
Privacy Policy
Privacy Policy
Introduction
Heads is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, share, and protect personal data in connection with our services, including our internal staff-facing applications, point-of-sale systems, and public-facing website. It also outlines your rights and how to exercise them.
This policy is intended to comply with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection laws in the jurisdictions where Heads operates, including the Nordic countries.
Scope
This Privacy Policy applies to personal data processed by Heads in its role as a data controller. It covers processing through:
Our website (e.g. contact forms, cookies, analytics)
Our applications (apps) such as the POS, ERP or Backoffice system delivered to our enterprise customers and used by their authorized staff, made available through the internet or via the Apple App Store and Google Play
Internal communications and administrative processes
This policy does not apply to data processed by Heads solely in its role as a data processor on behalf of customers. It also does not apply to customer-facing mobile applications, as Heads’ apps are designed solely for internal staff use.
Our applications and services are intended solely for adult use by authorized staff members and are not intended for children under the age of 16.
Legal Basis for Processing
Heads processes personal data based on the following legal grounds:
Performance of a contract
Compliance with a legal obligation
Legitimate interests of Heads or its customers
Consent (when required by law)
Types of Data Collected
Depending on your relationship with Heads and how you interact with us, we may process the following types of personal data:
From staff and internal users of the Heads applications:
Full name, email address, and contact details
Employment information (e.g. title, store location, role)
Login credentials (e.g. username, password)
Location data (if enabled on company devices)
App Permissions on iOS Devices
Bluetooth Access: The application requests Bluetooth access as needed to enable connection with external hardware such as barcode scanners or printers.
Location Access: The application requests location access (if function is enabled) to verify store assignments and prevent fraud. Location access can be managed or disabled through device settings.
App usage data, interaction logs, and activity history
Device information (e.g. device ID, OS version)
From visitors to our website or individuals contacting us:
Name and contact details submitted via forms or emails
IP address and browser/device data
Cookie and usage data (see “Cookies and Tracking” below)
Collection of Data
We collect personal data:
Directly from staff as part of employment or onboarding
When using our apps or internal tools
From website form submissions and cookie-based tracking
From customer representatives during business interactions
Use of Personal Data
We use personal data for the following purposes:
To provide and maintain our services and internal systems
To authenticate and manage staff access to our apps
To support internal business operations and communications
To ensure system security and detect unauthorized access
To improve app functionality and user experience
To comply with legal obligations, such as tax or employment law
To manage recruitment processes (when applicable)
Use of Customer Data Within our Apps
Our appplications allows authorized staff to view and manage customer-related information stored in our systems. This customer data is processed solely in accordance with the overarching Heads customer agreements and privacy standards.
Please note that customers do not have direct access to the app. Customers wishing to exercise their rights under applicable data protection laws (e.g. access, correction, deletion of their data) should contact Heads via the details provided at the end of this policy.
Payment Data
Heads does not store or process payment card data directly. All transactions are handled by third-party payment service providers that are compliant with the PCI DSS security standard. Heads only stores relevant transaction metadata necessary for business records and customer service.
Cookies and Tracking Technologies
Heads uses cookies and similar technologies on its public-facing websites. These cookies help improve the user experience and collect analytics about website performance and behavior.
Consent for non-essential cookies is collected in compliance with GDPR using Consent Mode v2. Users can accept, decline, or customize their preferences via our cookie banner.
We use the following types of cookies:
Necessary cookies (essential for website functionality)
Functional cookies (enhance features and personalization)
Analytics cookies (track website usage, e.g. Google Analytics 4)
Marketing cookies (used for advertising and remarketing, e.g. Google Ads, LinkedIn)
App Tracking Transparency
Heads software applications does not track users across third-party apps or websites, nor does it collect device IDs for advertising or tracking beyond its direct business operations.
Location Data
If location tracking is enabled within our applications (on company-managed devices), location data may be used to verify store assignments, enhance fraud detection, or generate usage analytics. Location data is collected only with appropriate permissions and can be disabled on the device.
Third-Party Services and Tools
Heads uses trusted service providers for analytics, hosting, advertising, and security. These include:
Google Analytics 4
Purpose: Website and app analytics
Region: Global
Privacy Policy: https://policies.google.com/privacy
Google Ads
Purpose: Marketing & remarketing
Region: Global
Privacy Policy: https://policies.google.com/privacy
LinkedIn Insights
Purpose: B2B marketing
Region: Global
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
LeadInfo
Purpose: B2B visitor analytics
Region: EU-based
Privacy Policy: https://www.leadinfo.com/en/privacy/
Apple iCloud
Purpose: Optional cloud sync
Region: Global
Privacy Policy: https://www.apple.com/legal/privacy/
All subprocessors are subject to data processing agreements and, where applicable, Standard Contractual Clauses (SCCs) for international transfers.
Data Transfers Outside the EEA
Personal data may be processed outside of the EEA when using third-party services. Heads ensures such transfers comply with GDPR through approved legal mechanisms, including SCCs or adequacy decisions.
Data Security
Heads applies a combination of organizational, technical, and physical safeguards to protect personal data. These include:
Access control and role-based permissions
Anonymization where applicable
Regular staff training
Incident detection and response procedures
Internal audits and risk assessments
Data accessed or stored via our apps is encrypted in transit using secure protocols such as TLS, and encrypted at rest where applicable.
Access to app data is restricted to authorized personnel only.
Access to internal systems and the application is restricted to authorized personnel.
Data Retention
Personal data is retained only for as long as needed to fulfill its intended purpose, or to meet legal obligations. Specific retention periods include:
Staff and internal user data: Retained during employment and for up to 12 months after departure.
Financial and transactional records: Retained for 7 years for compliance with tax and accounting laws.
Job applicant data: Retained for 6 months unless consent is provided for longer storage.
Website analytics and cookie data: Retained between 14 and 26 months depending on the service provider.
Data Subject Rights
In accordance with GDPR and other applicable privacy laws, you have the right to:
Access your personal data
Correct inaccurate or outdated data
Request deletion of your personal data
Request restriction of processing
Object to data processing based on legitimate interest
Withdraw consent (where processing is based on consent)
Request data portability (when applicable)
To exercise your rights, please contact our Data Protection Officer (DPO) using the details below. For security, we may ask for verification before processing your request.
In-App Account and Data Deletion
The Heads applications do not support individual account creation, as accounts and access credentials are provisioned directly by enterprise administrators in accordance with business agreements.
Due to legal and compliance obligations associated with transactional data handled by our systems, individual users are not permitted to directly delete their accounts or associated data from within the app.
To request account deletion or inquire about personal data removal, users must contact their organization’s designated system administrator or the Heads Data Protection Officer (DPO) as listed below. All deletion requests are subject to review and approval in line with applicable employment, contractual, and regulatory obligations.
Contact Information
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact:
Data Protection Officer
Email: dpo@heads.com
You also have the right to file a complaint with your local supervisory authority if you believe your data has been processed unlawfully.
Updates to This Policy
This Privacy Policy may be updated to reflect changes in legal requirements, technology, or company operations. The latest version will always be available on our website and within the app, where applicable.
This Privacy Policy was last updated on April 18, 2025.
Introduction
Heads is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, share, and protect personal data in connection with our services, including our internal staff-facing applications, point-of-sale systems, and public-facing website. It also outlines your rights and how to exercise them.
This policy is intended to comply with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection laws in the jurisdictions where Heads operates, including the Nordic countries.
Scope
This Privacy Policy applies to personal data processed by Heads in its role as a data controller. It covers processing through:
Our website (e.g. contact forms, cookies, analytics)
Our applications (apps) such as the POS, ERP or Backoffice system delivered to our enterprise customers and used by their authorized staff, made available through the internet or via the Apple App Store and Google Play
Internal communications and administrative processes
This policy does not apply to data processed by Heads solely in its role as a data processor on behalf of customers. It also does not apply to customer-facing mobile applications, as Heads’ apps are designed solely for internal staff use.
Our applications and services are intended solely for adult use by authorized staff members and are not intended for children under the age of 16.
Legal Basis for Processing
Heads processes personal data based on the following legal grounds:
Performance of a contract
Compliance with a legal obligation
Legitimate interests of Heads or its customers
Consent (when required by law)
Types of Data Collected
Depending on your relationship with Heads and how you interact with us, we may process the following types of personal data:
From staff and internal users of the Heads applications:
Full name, email address, and contact details
Employment information (e.g. title, store location, role)
Login credentials (e.g. username, password)
Location data (if enabled on company devices)
App Permissions on iOS Devices
Bluetooth Access: The application requests Bluetooth access as needed to enable connection with external hardware such as barcode scanners or printers.
Location Access: The application requests location access (if function is enabled) to verify store assignments and prevent fraud. Location access can be managed or disabled through device settings.
App usage data, interaction logs, and activity history
Device information (e.g. device ID, OS version)
From visitors to our website or individuals contacting us:
Name and contact details submitted via forms or emails
IP address and browser/device data
Cookie and usage data (see “Cookies and Tracking” below)
Collection of Data
We collect personal data:
Directly from staff as part of employment or onboarding
When using our apps or internal tools
From website form submissions and cookie-based tracking
From customer representatives during business interactions
Use of Personal Data
We use personal data for the following purposes:
To provide and maintain our services and internal systems
To authenticate and manage staff access to our apps
To support internal business operations and communications
To ensure system security and detect unauthorized access
To improve app functionality and user experience
To comply with legal obligations, such as tax or employment law
To manage recruitment processes (when applicable)
Use of Customer Data Within our Apps
Our appplications allows authorized staff to view and manage customer-related information stored in our systems. This customer data is processed solely in accordance with the overarching Heads customer agreements and privacy standards.
Please note that customers do not have direct access to the app. Customers wishing to exercise their rights under applicable data protection laws (e.g. access, correction, deletion of their data) should contact Heads via the details provided at the end of this policy.
Payment Data
Heads does not store or process payment card data directly. All transactions are handled by third-party payment service providers that are compliant with the PCI DSS security standard. Heads only stores relevant transaction metadata necessary for business records and customer service.
Cookies and Tracking Technologies
Heads uses cookies and similar technologies on its public-facing websites. These cookies help improve the user experience and collect analytics about website performance and behavior.
Consent for non-essential cookies is collected in compliance with GDPR using Consent Mode v2. Users can accept, decline, or customize their preferences via our cookie banner.
We use the following types of cookies:
Necessary cookies (essential for website functionality)
Functional cookies (enhance features and personalization)
Analytics cookies (track website usage, e.g. Google Analytics 4)
Marketing cookies (used for advertising and remarketing, e.g. Google Ads, LinkedIn)
App Tracking Transparency
Heads software applications does not track users across third-party apps or websites, nor does it collect device IDs for advertising or tracking beyond its direct business operations.
Location Data
If location tracking is enabled within our applications (on company-managed devices), location data may be used to verify store assignments, enhance fraud detection, or generate usage analytics. Location data is collected only with appropriate permissions and can be disabled on the device.
Third-Party Services and Tools
Heads uses trusted service providers for analytics, hosting, advertising, and security. These include:
Google Analytics 4
Purpose: Website and app analytics
Region: Global
Privacy Policy: https://policies.google.com/privacy
Google Ads
Purpose: Marketing & remarketing
Region: Global
Privacy Policy: https://policies.google.com/privacy
LinkedIn Insights
Purpose: B2B marketing
Region: Global
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
LeadInfo
Purpose: B2B visitor analytics
Region: EU-based
Privacy Policy: https://www.leadinfo.com/en/privacy/
Apple iCloud
Purpose: Optional cloud sync
Region: Global
Privacy Policy: https://www.apple.com/legal/privacy/
All subprocessors are subject to data processing agreements and, where applicable, Standard Contractual Clauses (SCCs) for international transfers.
Data Transfers Outside the EEA
Personal data may be processed outside of the EEA when using third-party services. Heads ensures such transfers comply with GDPR through approved legal mechanisms, including SCCs or adequacy decisions.
Data Security
Heads applies a combination of organizational, technical, and physical safeguards to protect personal data. These include:
Access control and role-based permissions
Anonymization where applicable
Regular staff training
Incident detection and response procedures
Internal audits and risk assessments
Data accessed or stored via our apps is encrypted in transit using secure protocols such as TLS, and encrypted at rest where applicable.
Access to app data is restricted to authorized personnel only.
Access to internal systems and the application is restricted to authorized personnel.
Data Retention
Personal data is retained only for as long as needed to fulfill its intended purpose, or to meet legal obligations. Specific retention periods include:
Staff and internal user data: Retained during employment and for up to 12 months after departure.
Financial and transactional records: Retained for 7 years for compliance with tax and accounting laws.
Job applicant data: Retained for 6 months unless consent is provided for longer storage.
Website analytics and cookie data: Retained between 14 and 26 months depending on the service provider.
Data Subject Rights
In accordance with GDPR and other applicable privacy laws, you have the right to:
Access your personal data
Correct inaccurate or outdated data
Request deletion of your personal data
Request restriction of processing
Object to data processing based on legitimate interest
Withdraw consent (where processing is based on consent)
Request data portability (when applicable)
To exercise your rights, please contact our Data Protection Officer (DPO) using the details below. For security, we may ask for verification before processing your request.
In-App Account and Data Deletion
The Heads applications do not support individual account creation, as accounts and access credentials are provisioned directly by enterprise administrators in accordance with business agreements.
Due to legal and compliance obligations associated with transactional data handled by our systems, individual users are not permitted to directly delete their accounts or associated data from within the app.
To request account deletion or inquire about personal data removal, users must contact their organization’s designated system administrator or the Heads Data Protection Officer (DPO) as listed below. All deletion requests are subject to review and approval in line with applicable employment, contractual, and regulatory obligations.
Contact Information
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact:
Data Protection Officer
Email: dpo@heads.com
You also have the right to file a complaint with your local supervisory authority if you believe your data has been processed unlawfully.
Updates to This Policy
This Privacy Policy may be updated to reflect changes in legal requirements, technology, or company operations. The latest version will always be available on our website and within the app, where applicable.
This Privacy Policy was last updated on April 18, 2025.
Introduction
Heads is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, share, and protect personal data in connection with our services, including our internal staff-facing applications, point-of-sale systems, and public-facing website. It also outlines your rights and how to exercise them.
This policy is intended to comply with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection laws in the jurisdictions where Heads operates, including the Nordic countries.
Scope
This Privacy Policy applies to personal data processed by Heads in its role as a data controller. It covers processing through:
Our website (e.g. contact forms, cookies, analytics)
Our applications (apps) such as the POS, ERP or Backoffice system delivered to our enterprise customers and used by their authorized staff, made available through the internet or via the Apple App Store and Google Play
Internal communications and administrative processes
This policy does not apply to data processed by Heads solely in its role as a data processor on behalf of customers. It also does not apply to customer-facing mobile applications, as Heads’ apps are designed solely for internal staff use.
Our applications and services are intended solely for adult use by authorized staff members and are not intended for children under the age of 16.
Legal Basis for Processing
Heads processes personal data based on the following legal grounds:
Performance of a contract
Compliance with a legal obligation
Legitimate interests of Heads or its customers
Consent (when required by law)
Types of Data Collected
Depending on your relationship with Heads and how you interact with us, we may process the following types of personal data:
From staff and internal users of the Heads applications:
Full name, email address, and contact details
Employment information (e.g. title, store location, role)
Login credentials (e.g. username, password)
Location data (if enabled on company devices)
App Permissions on iOS Devices
Bluetooth Access: The application requests Bluetooth access as needed to enable connection with external hardware such as barcode scanners or printers.
Location Access: The application requests location access (if function is enabled) to verify store assignments and prevent fraud. Location access can be managed or disabled through device settings.
App usage data, interaction logs, and activity history
Device information (e.g. device ID, OS version)
From visitors to our website or individuals contacting us:
Name and contact details submitted via forms or emails
IP address and browser/device data
Cookie and usage data (see “Cookies and Tracking” below)
Collection of Data
We collect personal data:
Directly from staff as part of employment or onboarding
When using our apps or internal tools
From website form submissions and cookie-based tracking
From customer representatives during business interactions
Use of Personal Data
We use personal data for the following purposes:
To provide and maintain our services and internal systems
To authenticate and manage staff access to our apps
To support internal business operations and communications
To ensure system security and detect unauthorized access
To improve app functionality and user experience
To comply with legal obligations, such as tax or employment law
To manage recruitment processes (when applicable)
Use of Customer Data Within our Apps
Our appplications allows authorized staff to view and manage customer-related information stored in our systems. This customer data is processed solely in accordance with the overarching Heads customer agreements and privacy standards.
Please note that customers do not have direct access to the app. Customers wishing to exercise their rights under applicable data protection laws (e.g. access, correction, deletion of their data) should contact Heads via the details provided at the end of this policy.
Payment Data
Heads does not store or process payment card data directly. All transactions are handled by third-party payment service providers that are compliant with the PCI DSS security standard. Heads only stores relevant transaction metadata necessary for business records and customer service.
Cookies and Tracking Technologies
Heads uses cookies and similar technologies on its public-facing websites. These cookies help improve the user experience and collect analytics about website performance and behavior.
Consent for non-essential cookies is collected in compliance with GDPR using Consent Mode v2. Users can accept, decline, or customize their preferences via our cookie banner.
We use the following types of cookies:
Necessary cookies (essential for website functionality)
Functional cookies (enhance features and personalization)
Analytics cookies (track website usage, e.g. Google Analytics 4)
Marketing cookies (used for advertising and remarketing, e.g. Google Ads, LinkedIn)
App Tracking Transparency
Heads software applications does not track users across third-party apps or websites, nor does it collect device IDs for advertising or tracking beyond its direct business operations.
Location Data
If location tracking is enabled within our applications (on company-managed devices), location data may be used to verify store assignments, enhance fraud detection, or generate usage analytics. Location data is collected only with appropriate permissions and can be disabled on the device.
Third-Party Services and Tools
Heads uses trusted service providers for analytics, hosting, advertising, and security. These include:
Google Analytics 4
Purpose: Website and app analytics
Region: Global
Privacy Policy: https://policies.google.com/privacy
Google Ads
Purpose: Marketing & remarketing
Region: Global
Privacy Policy: https://policies.google.com/privacy
LinkedIn Insights
Purpose: B2B marketing
Region: Global
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
LeadInfo
Purpose: B2B visitor analytics
Region: EU-based
Privacy Policy: https://www.leadinfo.com/en/privacy/
Apple iCloud
Purpose: Optional cloud sync
Region: Global
Privacy Policy: https://www.apple.com/legal/privacy/
All subprocessors are subject to data processing agreements and, where applicable, Standard Contractual Clauses (SCCs) for international transfers.
Data Transfers Outside the EEA
Personal data may be processed outside of the EEA when using third-party services. Heads ensures such transfers comply with GDPR through approved legal mechanisms, including SCCs or adequacy decisions.
Data Security
Heads applies a combination of organizational, technical, and physical safeguards to protect personal data. These include:
Access control and role-based permissions
Anonymization where applicable
Regular staff training
Incident detection and response procedures
Internal audits and risk assessments
Data accessed or stored via our apps is encrypted in transit using secure protocols such as TLS, and encrypted at rest where applicable.
Access to app data is restricted to authorized personnel only.
Access to internal systems and the application is restricted to authorized personnel.
Data Retention
Personal data is retained only for as long as needed to fulfill its intended purpose, or to meet legal obligations. Specific retention periods include:
Staff and internal user data: Retained during employment and for up to 12 months after departure.
Financial and transactional records: Retained for 7 years for compliance with tax and accounting laws.
Job applicant data: Retained for 6 months unless consent is provided for longer storage.
Website analytics and cookie data: Retained between 14 and 26 months depending on the service provider.
Data Subject Rights
In accordance with GDPR and other applicable privacy laws, you have the right to:
Access your personal data
Correct inaccurate or outdated data
Request deletion of your personal data
Request restriction of processing
Object to data processing based on legitimate interest
Withdraw consent (where processing is based on consent)
Request data portability (when applicable)
To exercise your rights, please contact our Data Protection Officer (DPO) using the details below. For security, we may ask for verification before processing your request.
In-App Account and Data Deletion
The Heads applications do not support individual account creation, as accounts and access credentials are provisioned directly by enterprise administrators in accordance with business agreements.
Due to legal and compliance obligations associated with transactional data handled by our systems, individual users are not permitted to directly delete their accounts or associated data from within the app.
To request account deletion or inquire about personal data removal, users must contact their organization’s designated system administrator or the Heads Data Protection Officer (DPO) as listed below. All deletion requests are subject to review and approval in line with applicable employment, contractual, and regulatory obligations.
Contact Information
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact:
Data Protection Officer
Email: dpo@heads.com
You also have the right to file a complaint with your local supervisory authority if you believe your data has been processed unlawfully.
Updates to This Policy
This Privacy Policy may be updated to reflect changes in legal requirements, technology, or company operations. The latest version will always be available on our website and within the app, where applicable.
This Privacy Policy was last updated on April 18, 2025.
Get in touch
If you are ready to transform your business, or just want to say hi, feel free to shoot us a message!
Get in touch
If you are ready to transform your business, or just want to say hi, feel free to shoot us a message!
Get in touch
If you are ready to transform your business, or just want to say hi, feel free to shoot us a message!

© heads

© heads