Effective as of February 10, 2019
- Explain the way we use information that you share with us in order give you a great experience with our Website;
- Ensure that you understand what information we collect with your permission, what we do with it and with whom we share it; and
- Explain your rights under applicable law.
2. Information we collect
The information we collect includes personal identifiers, commercial information, electronic network activity and geolocation data, and can be divided into the following broad categories:
- Technical Data includes internet protocol (IP) address, your login data, device type, device version, browser type and version, browser plug-ins types, time zone setting and location, traffic data, search criteria, weblogs and other communications data, operating system and platform and other technology on the devices you use to access the Website.
- Usage Data includes information about how you use our Website or Service, such as the particular pages you interact with, how often you visit, how long you’re on the Website, surveys, the service you’re looking at and the emails you interact with.
- Verification Data includes proof of identity and proof of address as further detailed in our Subject Access Request Form.
- Financial Data includes details about your payment history and services or products you have purchased from us.
- Identity Data includes full name, address, telephone number, email address, username, password.
- Image Data includes photographs and videos of you that you provide.
More specifically, we may collect and store the following information relating to you:
2.1 Anonymous data
2.2 Direct Interactions
We collect information from you when you voluntarily submit information directly to us or via our Website. For members, this refers to personal data you provide when, for example, you create or join a group, complete a profile, or by corresponding with us via phone, email or live chat. This personal information may include name, age, address, phone and email, as necessary to set up your account. If you connect to the Website using credentials from a third-party application (e.g., Facebook), you authorize us to collect your authentication information, such as your username and encrypted access credentials. We may also collect other information available on or through your third-party application account, including, for example, your name, profile picture, country, hometown, email address, date of birth, gender, friends’ names and profile pictures, and networks.
In addition to the information we may collect upon your initial registration, we may ask you for personal information at other times. We will not share that information in a manner that identifies you as an individual with any other entity unless we have your permission.
2.3 Information submitted by you for inclusion on the Website
2.4 Tracking technologies
2.5 Automated technologies or interactions
As you interact with our Website, we may automatically collect technical and usage data about your device, browsing actions and patterns. For example, we collect information which may include your IP address, browser type, your location, language preferences, device information and access times. While an IP address does not identify an individual by name, it may, with the cooperation of the ISP, be used to locate and identify an individual. Your IP address can reveal what geographic area you are connecting from, or which ISP you are using. Finally, other websites you visit have IP addresses, and we may collect the IP addresses of those websites and their pages. We also collect IP addresses for system administration and to report aggregate information to any sponsors. We may also receive information from our web logs, which automatically record anything a web server sees, which may include email addresses you enter into a form or pages viewed by a user at a particular IP address. We collect this personal data by using cookies, pixel tags and other similar tracking technologies. The sole purpose of passively collecting your information is to improve your experience when using our Website.
2.6 Promotions & surveys
2.7 Information received from our service providers and partners
We may also receive information about you from our service providers and partners, which we use to personalize our Service, to measure ad quality and responses to ads, to display ads that are more likely to be relevant to you, and to offer you opportunities to purchase products or services that we believe may be of interest to you.
3. How we use the information we collect
We have set out below, in a table format, a description of all the ways we process your personal data, and the legal basis we rely on to do so.
|Purpose/Activity||Type of Data||Legal Basis|
|To allow you to visit the Website||Technical Data
|To allow you to create a Solutions Group||Identity Data
|To manage our relationship with you. For example general enquiries such as how the Website works, complaints and payment queries||Any data you choose to share with us or request us to view||Consent|
|To administer and protect the Website (including troubleshooting, fraud prevention, spam prevention, security incident prevention and correction, data analysis, testing, system maintenance, support, reporting and hosting of data), operate the Website (including notifying you of any changes), optimize your user experience, and send you service and support messages such as updates, patches and security alerts||Financial Data
|To send you promotional messages, marketing, advertising and other such information we think may be of interest to you, either directly or through one of our partners; you may opt out from receiving certain messages, as described in Section 7||Financial Data
|To enable you to partake in a prize draw, competition, referral scheme, rewards program, promotional activities, events, complete a survey or invite you to participate in Website testing||Financial Data
|To analyze your use of the Website and deliver relevant website content and third-party advertisements, for example by providing customized, personalized, or localized content, recommendations, features, and advertising.||Usage Data||Consent|
|For purposes of legitimate interests|
|To maintain and retain records in connection with actual and potential legal claims and regulatory investigations; and for governance & compliance purposes||Financial Data
|Necessary for the compliance with a legal obligation to which we are subject|
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason, and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please email us at email@example.com.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4. How we share the information we collect
This section describes how the information collected or generated through your use of the Website may be shared by us with third parties. The information we may disclose for a business purpose includes personal identifiers, commercial information, electronic network activity and geolocation data. We have never sold our users’ personal information and in no event will we ever sell your personal information.
4.1 Marketing and advertising
We may send you promotional communications about our Website or our advertising partners, including relevant advertising for third-party products and services that may be of interest to you. We may also share aggregate user information in a non-personally identifiable manner with advertisers and other third parties in order to present to users more targeted advertising, products and services. We do not provide any personally identifiable information to third-party advertising companies.
4.2 Service providers
To provide you with the best experience on our Website, we may use third parties who automatically process your Usage Data on our behalf. Where possible, we will make sure this data is anonymized.
For your information, click here to view some examples of how third parties process your personal data.
4.3 Promotions and surveys
When one or more of our business partners co-sponsor a service, promotion, contest/sweepstakes, or survey, we may share some or all of the information collected in connection with such service, promotion, contest/sweepstakes, or survey with the co-sponsor(s). If we intend to share such information, you will be notified prior to the collection of that information. If you do not want your information to be shared, you will be able to choose not to allow the transfer by not using or signing up for that particular service, promotion, contest/sweepstakes, or survey.
5. Cookies and other tracking technologies
A cookie is a small text file that is placed on your computer, mobile phone, or other device when you visit a website. The cookie will help website providers to recognize your device the next time you visit their website. There are other similar technologies such as pixel tags (transparent graphic images placed on a web page or in an email, which indicate that a page or email has been viewed), web bugs (similar to pixel tags), and web storage, which are used in desktop software or mobile devices.
There are also technologies such as mobile device identifiers and SDK integrations to help companies recognize your device when you return to an app or otherwise use a service.
Our policy regarding cookies can be found here.
6. Information collected by third parties
Please read these third parties’ privacy policies to find out how they collect and process your personal information.
7. Email Opt-out
Users who no longer wish to receive email updates or other notifications may opt out of receiving these communications by following the instructions contained in the applicable email. Please know that such a decision will not stop advertising or content that is generated prior to the time when we can accomplish the removal of your information.
8. Credit Card Processing
Credit card transactions are handled by a third-party processor that receives credit card numbers and other personally identifying information only to verify credit card accounts and process transactions.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, altered or disclosed, used or accessed in an unauthorized way. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know it. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. However, the transmission of data via the internet is not completely secure and we cannot guarantee that unauthorized parties will not be able to defeat those measures: unauthorized entry or use, hardware or software failure, and other factors may compromise the security of our user information at any time.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
10. Children and COPPA compliance
We believe that parents should supervise their children’s online activities and consider using parental control tools available from online services and software manufacturers that help provide a child-friendly online environment. These tools can also prevent children from otherwise disclosing online their name, address and other personal information without parental permission.
11. Business transitions
12. California user consumer rights
California residents may choose to opt out of our disclosure of personal information about them to third parties for direct marketing purposes. As detailed above, our policy is not to disclose personal information collected online to a third party for direct marketing purposes without your approval. If you choose to opt-out at any time after granting approval, email firstname.lastname@example.org.
If you are a California resident, you also have the right to:
- request that we disclose to you the categories of personal information we collected about you, including the categories we disclosed to a third party for a business purpose; the categories of sources from which the personal information is collected; the business or commercial purpose for collecting that information; the categories of third parties with whom we share that information; the actual personal information we collected from you. This enables you to receive a copy of the personal data we hold about you.
- request that we delete any personal information we have collected from you. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons and our need to keep appropriate archives for our business operations.
- not be discriminated against for exercising any of the rights granted to you under the California Consumer Privacy Act of 2018.
If you wish to exercise any of the rights set out above, please email us at email@example.com. You may also call this toll-free number: 844-445-6877. We will respond to you within 45 days of receipt of your request. We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that your personal data is not disclosed to any person who does not have the right to receive it. We may also contact you to ask you for further information, in relation to your request, to speed up our response.
California residents may file grievances and complaints with California Department of Consumer Affairs, 400 R Street, STE1080, Sacramento, CA 95814; or by phone at 916-445-1254 or 800-952-5210; or by email to firstname.lastname@example.org. We would, however, appreciate the chance to deal with your concerns before you approach the DCA, so please email us at email@example.com in the first instance.
13. Users located outside of the United States
14. EU users’ rights under the GDPR
If you are located in the European Union, or if the EU’s General Data Protection Regulation (“GDPR”) otherwise applies to your data as processed by us, you have the right to:
- request access to your personal data. This enables you to receive a copy of the personal data we hold about you and our full list of third parties who process your data, and to check that we are lawfully processing it.
- request confirmation as to whether or not your personal data is being processed.
- request the correction of your personal data that you consider to be inaccurate. This enables you to have any incomplete or inaccurate data we hold about you corrected. However, we may need to verify your identity and the accuracy of the new data you provide to us.
- request erasure of your personal data. This enables you to ask us to delete or remove personal data, for example: i) where there is no good reason for us continuing to process it; ii) where you have successfully exercised your right to object to processing (see below); iii) where we may have processed your information unlawfully; iv) where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons and our need to keep appropriate archives for our business operations. These reasons will be notified to you at the time of your request. In addition, as explained in Section 2.3, certain information may always be publicly available to others and other information is made publicly available to others by default.
- object to processing of your personal data. This enables you to object to the processing of your personal data if you feel it impacts on your fundamental rights and freedoms. For example, this can be where we are processing your personal data for direct marketing purposes. In some cases, we may have compelling legitimate grounds to process your information which can override your right to object.
- request restriction of processing of your personal data. This gives you the option to ask us to suspend the processing of your personal data in the following scenarios: i) if you want us to establish the data’s accuracy; ii) where our use of the data is unlawful but you do not want us to erase it; iii) where you need us to hold the data, even if we no longer require it e.g. to establish or defend legal claims; or iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate ground to use it.
- request transfer of your personal data. If you request us to do so, we will provide to you, or a third party of your choice, your personal data in a commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use, or where we have used the information to perform a contract with you.
- withdraw consent to the processing of your data. If you request us to do so, we will no longer process your data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide our Service for you. Also, we will advise you of this at the time you withdraw your consent.
- not have a decision made about you based solely on automated processing.
If you wish to exercise any of the rights set out above or request details about the specific legal basis we are relying on to process your personal data, please email us at firstname.lastname@example.org using the Subject Access Request Form.
We will respond to you within 30 days of receipt of your request. Occasionally it may take us longer than 30 days if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise your other legal rights). This is a security measure to ensure that your personal data is not disclosed to any person who does not have the right to receive it. We may also contact you to ask you for further information, in relation to your request, to speed up our response.
You will not have to pay a fee to access your personal data (or to exercise any of your other legal rights). However, we may charge a reasonable fee (or refuse to comply) if your request is clearly unfounded, repetitive or excessive.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please email us at email@example.com in the first instance.
15. Data retention
If you are located in the European Union, or if the GDPR otherwise applies to your data as processed by us, we will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or internal reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for compliance, governance, legal and/or regulatory purposes in which case we may use this information indefinitely without further notice to you.
16. Cooperation with law enforcement; fraud protection
We fully cooperate with law enforcement agencies in identifying those who use our Website or Service for illegal activities. We reserve the right to disclose information about users who we believe are in violation of applicable laws or regulations, or as required to respond to a subpoena, court orders or other legal process requiring such disclosure. We also reserve the right to report to law enforcement agencies any activities that we reasonably believe to be unlawful and to exchange information with other companies and organizations for fraud protection.
Please note that if you opt out of receiving notices from us, change notices will still govern your use of the Website, and you are responsible for reviewing such legal notices for changes, as posted on the Website.
18. Who we are
For the purposes of the GDPR, Thrive Movement International, Inc., located at PO Box 40, Capitola CA 95010 USA is the Data Controller and is responsible for your personal data. This means that we determine the purposes and ways of the processing of your personal data.