Last Updated: May 23, 2022
Welcome to Thrive Global Holdings Inc. (“Thrive”, “we”, “us” and/or “our”). Our website (“Site”) also allows you (“Users,” “you,” or “your”) to easily access and use content, including features, resources and other information intended to help you change the way you live and work. Our mobile application and services (“App”) helps Users achieve behavior change through “too small to fail” incremental microsteps, personal assessments, video micro-learning, inspiring stories and other content and resources. Collectively, the services we provide through the Site and the App from time to time are defined as the “Service(s)”.
Users in different regions might be subject to different data protection standards and based on their employer DPA (Data Protection Agreement) with Thrive Global (For App Users Only). This document has a section dedicated to European Union consumers and their privacy rights, as well as a section dedicated to California consumers and their privacy rights.
INFORMATION WE COLLECT
When you interact with us through the Services, we collect information that, alone or in combination with other information, could be used to identify you (“Personal Data”), described below.
I. App Users
- Account information, such as your name, email address, and other contact details.
- Profile information, such as a profile photo, biography, country information, and demographic information (such as your racial and ethnic origin, as well as gender and age).
- App engagement information, such as your responses to and interaction with wellness surveys, webinars, and learning activities.
- [Activity information, if you choose to link the App to a connected wearable device and upload data such as your heart rate, sleep pattern, and walking or running speed].
- Communications with us or within the App, including when you chat with us or contact us with questions or feedback, or use social features within the App.
- Location Information. When enabled by you, we collect location information provided by your device.
II. Site Users
Personal Data You Provide Us. We collect information that visitors to the Site enter when you sign up on the Site (e.g., email and password) or send to us electronically, for example when completing any “free text” boxes in our forms (such as on our “Contact Us” page, support request or survey submission), requesting information, registering for an event, or subscribing to email lists. While the type of data we collect depends on the nature of the inquiry, it typically includes name and contact details, company information, and phone number.
III. Automatically Collected Data
When you use the Site or the App, the following information is created and automatically logged in our systems:
- Log data: Information (“log data”) that your browser automatically sends whenever you visit the Site, or that the App automatically sends when you use the Services. Log data includes your IP address (so we understand which country you are connecting from when you visit the Site), browser type and settings, the date and time of your request, and how you interacted with the Services.
- Device information: Includes type of device you are using, operating system, settings, unique device identifiers, network information and other device-specific information. Information collected may depend on the type of device you use and its settings.
- Usage Information: Information about how you use our Site and the App, such as the types of content that you view or engage with, the features you use, the actions you take, the other Users you interact with and the time, frequency and duration of your activities.
IV. Service Data
Service Data does not include any Personal Data or other data provided to us or to the Services by a User (including a User who has access to the Services in connection with an enterprise relationship between a Customer and Thrive).
HOW WE USE INFORMATION
We use your Personal Data collected for the following purposes:
To authenticate Users and provide the Services. This processing is necessary to provide you with access to and use of the Services.
As necessary for certain legitimate business interests, which include the following:
- To respond to your inquiries and fulfill your requests for products and services;
- To customize our Services for you. For example, we use information on your use of Services features, including information that we obtain through cookies and other technologies, to better understand your needs and interests in order to personalize your experience with our Services by presenting content or functionalities tailored to your interests;
- To send administrative information to you, for example, information regarding the Site or the App, and changes to our terms, conditions, and policies;
- To conduct research, and provide aggregate and anonymized information on your use of our Services to third parties (such as device manufacturers);
- If you ask us to delete your data and we are required to fulfill your request, to keep basic data to identify you and prevent further unwanted processing;
- To prevent fraud or criminal activity, misuse of our products or services, and ensure the security of our IT systems, architecture and networks; and
- To (a) comply with legal obligations and legal process; (b) respond to requests from public and government authorities including public and government authorities outside your country of residence; (c) enforce our Terms and Conditions Agreement; (d) protect our operations or those of any of our affiliates; (e) protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (f) allow us to pursue available remedies or limit the damages that we may sustain, as required or permitted by the law.
For individuals in the European Union (“EU”) and Switzerland, please see the “European Union (EU) Users” section below for information on what we mean by legitimate business interests and your rights.
Marketing. We may contact you to tell you about content, services or products we believe will be of interest to you. If we do, where required by law, for example if you are a User in the EU, we will only send you marketing information if you consent to us doing so at the time you provide us with your Personal Data. You may opt out of receiving such emails by following the instructions contained in each promotional email we send you or by updating your user settings. In addition, if at any time you do not wish to receive future marketing communications, please contact us at [email protected] We will continue to contact you via email regarding the provision of our Services and to respond to your requests.
Usage Data. We glean valuable insights from your use of and interactions with the Services, including the aggregated and/or anonymized data that is derived from your and others’ use of the Services. We may create such aggregated and/or anonymized data from or using your interactions and contributions to the Services (including your content) and other metrics related to your usage of the Services. We use such aggregated and/or anonymized data in connection with our internal operations and functions, including, but not limited to, operational analytics and reporting, internal financial reporting and analysis, audit functions and archival purposes, as well as in connection with our other business purposes.
PARTICIPATION IN THRIVE PROGRAMS
In addition to the Services, we may offer certain programs for Thrive Users to participate in, such as webinars, events, stories, promotional contests, etc. (each a “Thrive Program”). By participating in a Thrive Program and submitting to Thrive Global any requested Personal Data or other information, you expressly agree that (i) Thrive may, for the duration of the Thrive Program and thereafter, copy, modify, display, distribute, or otherwise use, for any legitimate business purpose, any audio, pictures, video, information of or disclosed by you (including any health or personal information of yourself or your family whom you have valid authorization to do so), and/or other materials you submit to Thrive or otherwise are recorded by Thrive during the applicable Thrive Program, and (ii) you release and hold harmless Thrive from any liability or damages that may arise from such use. IF YOU DO NOT AGREE, PLEASE DO NOT PARTICIPATE IN ANY THRIVE PROGRAMS.
SHARING AND DISCLOSURE OF INFORMATION
How we share information pursuant to our lawful business purposes: There are certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, unless required by the law, as set forth below:
- Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your Personal Data and other information may be transferred to a successor or affiliate as part of that transaction along with other assets.
- Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) act in urgent circumstances to protect the personal safety of users of the Site or the App, or the public, or (iv) protect against legal liability.
How we share information at your direction: We may share or disclose your information at your direction, such as when you authorize a third-party service to access your account. Additionally, we may provide you the option to share reports on your engagement with the Services, including statistics such as the frequency and duration of your use of the App, with Customers.
How you share information on the App: You may choose to voluntarily share information with other Users on the Services, such as when you post public information on the App or chat or otherwise engage with the User community on the App.
If you have elected to receive marketing communications from us, we retain information about your marketing preferences until you opt out of receiving these communications and in accordance with our policies.
To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we use your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case it is no longer Personal Data.
UPDATE YOUR INFORMATION
If you need to change or correct your Personal Data, or wish to have it deleted from our systems, you may contact us as described in the “Contact Us” section below. We will address your request as required by applicable law.
EUROPEAN UNION (EU) USERS – GDPR
Scope. This section applies if you are a User in the EU (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, to the extent applicable, Switzerland).
Legitimate Business Interest
Thrive Global Holdings Inc. is the data controller for processing Personal Data provided to us through the Services.
EU Users may contact DataRep, who has been appointed as Thrive’s Data Protection Representative in the EU pursuant to Article 27 of the General Data Protection Regulation on matters related to the processing of your Personal Data. If you want to raise a question to Thrive, or otherwise exercise your rights in respect of your personal data (described below), please contact DataRep as follows:
- send an email to [email protected];
- fill in the online form at www.dpr.eu.com/thriveglobal, or
- mail your inquiry to DataRep at the most convenient of the addresses in the table below. Please ensure the post is addressed to ‘DataRep’ and not to ‘Thrive Global Holdings, Inc.’ directly, to ensure that your communications are received by DataRep. Please refer clearly to Thrive in your correspondence.
|Austria||DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria|
|Belgium||DataRep, Place de L’Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium|
|Bulgaria||DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria|
|Croatia||DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia|
|Cyprus||DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus|
|Czech Republic||DataRep, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic|
|Denmark||DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark|
|Estonia||DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia|
|Finland||DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland|
|France||DataRep, 72 rue de Lessard, Rouen, 76100, France|
|Germany||DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany|
|Greece||DataRep, 24 Lagoumitzi str, Athens, 17671, Greece|
|Hungary||DataRep, EMKE Building, Rákóczi Út 42, Budapest, 1072, Hungary|
|Ireland||DataRep, Phoenix House, Monahan Road, Cork, T12 H1XY, Republic of Ireland|
|Italy||DataRep, BPM 335368, Via Roma 12, 10073 , Turin, Italy|
|Latvia||DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia|
|Lithuania||DataRep, Vilniaus g.31, Vilnius, LT- 01402, Lithuania|
|Luxembourg||DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg|
|Malta||DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta|
|Netherlands||DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands|
|Poland||DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland|
|Portugal||DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal|
|Romania||DataRep, World Trade Centre, Piata Montreal no 10, Entrance F, 1st Floor, Sector 1, Bucharest, 11469, Romania|
|Slovakia||DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia|
|Slovenia||DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia|
|Spain||DataRep, BPM 335368, Avd. Castilla La Mancha Nº 70-1 (Nave A), 45270, Mocejon-Toledo, Spain|
|Sweden||DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE – 211 46, Sweden|
|United Kingdom||DataRep, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom|
Your Rights. Subject to applicable EU law, you have the following rights in relation to your Personal Data that we hold about you:
- Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of all Personal Data you are lawfully entitled to receive along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
- Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
- Right to erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent, where applicable. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
- Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
- Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by us by automated means. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:a
- If we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing or
- If we are processing your Personal Data for direct marketing.
- Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
- Rights in relation to automated decision-making: You have the right to be free from decisions based solely on automated processing of your Personal Data (including profiling) which produce a significant legal effect on you, unless this is necessary in relation to a contract between you and us or you provide your explicit consent to this use.
- Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.
In compliance with the Privacy Shield Principles, Thrive Global commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact the DataRep (as noted below) or [email protected].
Thrive Global has further committed to refer unresolved Privacy Shield complaints to JAMS Privacy Shield Program, an alternative dispute resolution provider located in the United Kingdom. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. Further, in limited situations, EU and Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism. In cases of onward transfer of personal information to third parties of data of EU and Swiss individuals received pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield, Thrive Global remains liable.
Name and Address of Sub-Processor
|Microsoft Azure||One Microsoft Way, Redmond, WA 980527 US|
|1600 Amphitheatre Pkwy Mountain View, CA 94043 US|
|Segment||100 California Street, Suite 700 San Francisco, CA 94111 US|
|Sailthru||One World Trade Center, Suite 48A New York, NY 10007 US|
|Fivetran||405 14th St floor 11, Oakland, CA 94612 US|
|Looker||101 Church Street, 4th Floor, Santa Cruz, CA 95060 US|
Site Only Subprocessors
|Salesforce||The Landmark @ One Market, Suite 300 San Francisco, CA 94105 US|
|Touchcast||609 Greenwich Street, 5th Floor, New York, NY 10014|
|Talend||400 South El Camino Real, Suite 1400, San Mateo, California 94402|
|6Sense||450 Mission St, San Francisco, CA 94105|
App Only Subprocessors
|Amazon Web Services*||410 Terry Avenue North, Seattle, WA 98109 US|
|Okta*||100 First Street, 6th Floor San Francisco, CA 94105 US|
|Qualtrics||333 W River Park Dr, Provo, UT 84604, US|
|Atlassian Inc||350 Bush Street, Floor 13, San Francisco, CA 94104|
|Instabug*||564 Market St, San Francisco, CA 94104, United States|
*Some Subprocessors are used for a limited number of features and may not be applicable depending on the Customer.
CALIFORNIA PRIVACY DISCLOSURE
CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
California’s “Do Not Sell My Info” Law
Thrive Global does not sell your personal information for payment or other monetary consideration. However, because California law broadly defines a “sale” of your personal information to include the act of making cookies and other similar data available to third party advertising and analytics providers when you use Thrive Global Services (even though we never receive any money in exchange), we are required to disclose those practices here.
Notices to California Residents
Your California Privacy Rights – California Consumer Privacy Act (“CCPA”)
If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), beginning January 2020 you have certain rights with respect to that information. In particular, you have a right to request that we provide you with the following information:
- The categories and specific pieces of personal information we have collected about you.
- The categories of sources from which we collect personal information.
- The purposes for collecting, using, disclosing, or selling personal information.
- The categories of third parties with which we share or disclose personal information.
- The categories of personal information disclosed about you for a business purpose
- The categories of personal information sold about you and the categories of third parties to which the personal information was sold, by category or categories of personal information for the categories of third parties to which the personal information was sold and the business or commercial purpose for selling personal information.
You also have a right to:
- Receive explicit notice of further sale of personal information about a consumer that has been sold to a third party by a business and an opportunity to exercise the right to opt-out of such further sale;
- Opt-out from the sale of personal information, which you can exercise by visiting our section above entitled “California’s Do Not Sell My Info Law”;
- Request that we delete personal information under certain circumstances, subject to a number of exceptions;
- Not be discriminated against for exercising rights set out in the CCPA.
How to Exercise Your Rights Under CCPA
To exercise your rights under CCPA, please send an email to [email protected].
A California resident who has provided Personal Data, as defined under California Civil Code section 1798.83, to a business with whom he/she has established a business relationship for personal, family, or household purposes (a “California Customer”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. In general, if the business has made such a disclosure of Personal Data, upon receipt of a request by a California Customer, the business is required to provide a list of all third parties to whom Personal Data was disclosed in the preceding calendar year, as well as a list of the categories of Personal Data that were disclosed. California Customers may request further information about our compliance with this law by emailing [email protected] Please note that we are required to respond to one request per California Customer each year, and we are not required to respond to requests made by means other than through this email address.
The Services are not directed to children who are under the age of 16. Thrive does not knowingly collect Personal Data from children who are under 16. If you have reason to believe that a child under the age of 16 has provided Personal Data to Thrive through the Services please contact us and we will endeavor to delete that information from our databases.
LINKS TO OTHER WEBSITES
Some cookies expire after a certain amount of time, or upon logging out (session cookies); others remain on your computer or terminal device for a longer period (persistent cookies). Our Site uses first party cookies (cookies set directly by Thrive) as well as third party cookies, as described below.
Type of Cookies Used. The Site uses the technologies described below.
|Analytics/performance||We use “analytics” cookies that allow us to recognize and count the number of visitors and to see how visitors move around the site when they are using it. This helps us to improve the way our Site works, for example by making sure users are finding what they need easily. The collected data provides us only with anonymous traffic statistics (like number of page views, number of visitors, and time spent on each page). These cookies also may allow us to track how often posts on third party websites, such as social media sites, are clicked on.||App:Segment Site: Facebook Google Analytics Parsely LinkedIn Pardot Twitter 6Sense Sailthru Salesloft||Segment Facebook Google Analytics Parsely LinkedIn Pardot Twitter 6sense Sailthru Salesloft|
Technologies used on the App. We use Segment on the App to track how Users interact with our App to make better informed product decisions. The information collected includes event-based data to determine the value of individual features and demographic information on Users, which may include a User’s locations and device configurations, age and gender. For more information on Segment’s privacy practices, visit https://www.twilio.com/legal/privacy. We also use Google Analytics, a web analytics service provided by Google Inc., to gather statistics on your use of the App. For more information on Google Analytics privacy practices, read here.
Your Choices. On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:
- Internet Explorer
- Mozilla Firefox
- Google Chrome
- Apple Safari
Please note that if you limit the ability of websites to set cookies, you may be unable to access certain parts of the Site and you may not be able to benefit from the full functionality of the Site.
If you access the Site on your mobile device, you may not be able to control tracking technologies through the settings.
You use Services at your own risk. Thrive takes steps to protect the Personal Data provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from the Services may not be secure. Therefore, you should keep this in mind when disclosing Personal Data to us and take special care in deciding what information you disclose to us over the Internet or send to us via email. We cannot control the actions of other Users with whom you may choose to share information. Therefore, we cannot, and do not, guarantee that information or content posted by a User on or through the Services will not be viewed by unauthorized persons. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.
OTHER TERMS AND CONDITIONS
Your access to and use of the Services is subject to any additional terms applicable to such Services that may be posted on the Services from time to time, including without limitation, Thrive’s Terms and Conditions Agreement at https://community.thriveglobal.com/terms.
DATA PROTECTION OFFICER
You may contact the Data Protection Officer at the contact address noted below.
Thrive Global Holdings, Inc.
New York, NY 10012
If you are an individual in the EU, you can also contact DataRep, who has been appointed as Thrive’s Data Protection Representative in the EU pursuant to Article 27 of the General Data Protection Regulation. Please read the European Union (EU) Users section above to learn how to contact DataRep.