Harp+Works Logo

Privacy Policy

Effective date: January 1 2026
Last updated: February 19 2026

HarpWorks (“we”, “us” or “our”) is committed to protecting your privacy and handling your personal data in a transparent, lawful, and secure manner. This Privacy Policy explains how we collect, use, store, share, and protect your personal data in connection with our venture lab, studio services, and digital platforms, in accordance with applicable data protection laws (including the EU General Data Protection Regulation – GDPR, UK GDPR/Data Protection Act 2018, and other relevant laws).

1. Who We Are & Scope

HarpWorks is a venture lab and studio providing business setup, experimentation, lead generation, design, and no-code web development services.

This Privacy Policy applies to personal data collected:

  • Through our website(s) and digital products;
  • Through enquiries, forms, communications, and event interactions;
  • Through business engagements with clients, founders, consultants, suppliers, and partners;
  • Through venture experimentation and product development activities conducted within the HarpWorks Lab.

We act as the data controller for personal data processed under this policy.

2. Data Protection Principles

We follow established data protection principles:

  • Lawful, fair, and transparent processing
  • Purpose limitation — collected for specific, explicit purposes
  • Data minimisation — only necessary data collected
  • Accuracy and currency of records
  • Storage limitation — retained only as required
  • Integrity and confidentiality — appropriate security safeguards

3. Types of Personal Data We Collect

“Personal Data” means information capable of identifying you. Depending on your interaction with HarpWorks, we may collect:

  • Identity data: names, role, company or venture affiliation;
  • Contact data: email address, phone number, social handles, postal address;
  • Professional & venture data: company information, project materials, CVs, credentials, founder information;
  • Technical & usage data: IP address, device/browser information, behavioural analytics, interaction data with websites or prototypes;
  • Marketing & preference data: communication preferences, event participation, campaign responses;
  • Sensitive data (limited cases): only where necessary for compliance, contractual obligations, or explicit consent.

4. How We Collect Personal Data

We collect personal data through:

  • Direct interactions: enquiry forms, onboarding, communications, discovery sessions, applications, events;
  • Automated technologies: cookies, analytics, and product interaction tracking (see Section 11);
  • Third-party sources: public professional platforms, referrals, collaborators, partners, and tools integrated into our workflow.

5. Legal Bases for Processing

We process personal data only where lawful, including:

  • Contractual necessity — delivering services or collaborations;
  • Legal obligations — compliance, record-keeping, and regulatory requirements;
  • Legitimate interests — business operations, venture development, analytics, product improvement, relationship management;
  • Consent — marketing communications or specific experimental activities where required.

6. How We Use Your Personal Data

We may use personal data to:

  • Deliver services: venture setup, design, lead generation, and digital product development;
  • Operate and improve platforms: analytics, testing, optimisation, experimentation within HarpWorks Lab;
  • Communicate: respond to enquiries, coordinate projects, send updates and operational notices;
  • Marketing and growth: share insights, opportunities, and content where consent or lawful basis exists;
  • Security and risk management: protect systems, detect fraud, ensure safe operations;
  • Compliance: meet legal and contractual obligations.

7. Sharing Personal Data

We may share personal data with:

  • Service providers and infrastructure partners (hosting, analytics, communications, automation tools);
  • Professional advisors (legal, financial, accounting);
  • Collaborators, venture partners, or group entities where required for delivery or experimentation;
  • Regulators or authorities when legally required.

All recipients are expected to maintain appropriate confidentiality and security standards.

8. International Transfers

Given the global nature of digital tools and collaborations, personal data may be transferred outside your jurisdiction. Where this occurs, appropriate safeguards (including contractual protections or lawful mechanisms) are implemented.

9. Data Security & Storage

We implement technical and organisational safeguards designed to protect personal data from unauthorised access, loss, alteration, or disclosure. However, no internet transmission can be guaranteed fully secure.

10. Data Retention

Personal data is retained only as long as necessary to fulfil the purposes for which it was collected, including operational, contractual, legal, accounting, and dispute-resolution requirements. Data no longer required will be securely deleted or anonymised.

11. Cookies & Tracking Technologies

We use cookies and similar technologies to support website functionality, analytics, and product experimentation. Further details are provided in our Cookie Policy.

12. Your Rights

Subject to applicable law, you may have rights to:

  • Access personal data held about you
  • Correct inaccurate or incomplete data
  • Request deletion or restriction
  • Object to processing based on legitimate interests
  • Withdraw consent where applicable
  • Request portability of your data

Requests may require identity verification.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect operational, legal, or technological developments. Updates will be published with a revised “Last updated” date.

14. Contact Information

For privacy requests or questions, contact:

Akwasi Kissi-Prah
Harp + Partners
Email: akwasi@harpandpartners.com
Postal: 82 A James Carter Rd, Mildenhall, IP28 7DE, UK