Thrive Tribe are the healthy lifestyle provider for Enhance Health Checks.
Here at Thrive Tribe we take your privacy very seriously and will only use your personal information for the purposes laid out below. When you provide us your information we are holding it on the legal grounds of Contractual Agreement and will keep it safe and secure. We routinely collect and use personal data about individuals, including permanent staff, freelancers, contracted staff, or business partners. We are aware of our responsibilities to handle your personal data with care, to keep it secure and comply with applicable privacy and data
How we use your information
This privacy notice tells you what to expect when Thrive Tribe collects personal information. It applies to information we collect about:
- What legal grounds do we collect your data
- visitors to our website;
- people who communicate with us;
- job applicants and our current and former employees;
- complaints regarding your personal data
- access to personal information
- right to be forgotten
- identified individuals in our productions
- people who make a complaint to us
- changes to this privacy notice
- how to contact us
You should be aware that although Thrive Tribe will be principally responsible for controlling and looking after your personal data and we may pass your details to other members within the organisation when looking for input on other services. Your data will comply with the standards set out in this policy and when we pass it on to an external third party to process your information we will stipulate how they must process your data, ensure it is held securely and they are transparent with any data breaches of your data.
- Any personal data we hold on your employment is stated following and your contract, along with all processors we use
- All paperwork is stored in lockable filing cabinets.
- We will only keep your data in line with our records management policies, unless we have an exception to this, in which case we will contact you to ensure you understand the reasons why we will to hold for longer.
When you provide us with your information we hold it on the legal grounds of consent. Your data will be held in a secure and compliant manner for the duration of the programmes and then for up to an additional seven years, depending on the type of data.
Client data is stored on our 1s4h database which is ISO certified and provided by external company ANC.
You have the right to access, change and erase your data, if not in conflict with our programme terms and conditions. If you have any concerns you may contact us at email@example.com. If you are not happy with our response then you have the right to contact the governing body at ico.org.uk.
Internal: What legal grounds do we collect your data?
In terms of employment we will collect your data as per your consent and under the terms stated in your contract, allowing us to administer your contract holding only the minimal required data to do so. We share your information with the following organisations. All of the following are GDPR compliant;
Cycle to Work
E-Learning platforms such as Litmos Heroes, IG toolkit
Visitors to our website
WHAT ARE COOKIES?
Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors or use the cookie control system if available upon their first visit.
WEBSITE VISITOR TRACKING
This website uses tracking software to monitor its visitors to better understand how they use it. The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.
DOWNLOADS & MEDIA FILES
Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third party antivirus software or similar applications.
We accept no responsibility for third party downloads and downloads provided by external third party websites and advise users to verify their authenticity using third party antivirus software or similar applications.
CONTACT & COMMUNICATION WITH US
Users contacting this us through Thrive Tribe websites do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use.
Where we have clearly stated and made you aware of the fact, and where you have given your express permission, we may use your details to send you products/services information through a mailing list system. This is done in accordance with the regulations named above.
EMAIL MAILING LIST & MARKETING MESSAGES
We operate an email mailing list program, used to inform subscribers about products, services and/or news we supply/publish. Users can subscribe through an online automated process where they have given their explicit permission. Subscriber personal details are collected, processed, managed and stored in accordance with the regulations named in ‘The policy’ above. Subscribers can unsubscribe at any time through an automated online service, or if not available, other means as detailed in the footer of sent marketing messages (or unsubscribe from all Mailchimp lists). The type and content of marketing messages subscribers receive, and if it may contain third party content, is clearly outlined at the point of subscription.
Email marketing messages may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data.
EXTERNAL WEBSITE LINKS & THIRD PARTIES
Although we only look to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website.
Shortened URL’s: URL shortening is a technique used on the web to shorten URL’s (Uniform Resource Locators) to something substantially shorter. This technique is especially used in social media and looks similar to this (example: https://bit.ly/2IYPgR2). Users should take caution before clicking on shortened URL links and verify their authenticity before proceeding.
We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should therefore note they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.
SOCIAL MEDIA POLICY & USAGE
We adopt a Social Media Policy to ensure our business and our staff conduct themselves accordingly online. While we may have official profiles on social media platforms users are advised to verify authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for user passwords or personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.
There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page. You can find further information about some social media privacy and usage policies in the resources section below.
Resources & Further Information
- Thrive Tribe’s Privacy Notice
- Overview of the GDPR – General Data Protection Regulation
- Data Protection Act 1998
- Privacy and Electronic Communications Regulations 2003
- The Guide to the PECR 2003
Job applicants, current and former employees
When individuals apply to work at Thrive Tribe, we will only use the information they supply to us, within the company, and to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Disclosure and Barring Service we will not do so without informing them beforehand unless the disclosure is required by law. We use a recruitment platform Comeet which is GDPR compliant.
Personal information about unsuccessful candidates will be held in line with our records management policy after the recruitment exercise has been completed, it will then be destroyed or deleted.
Once a person has taken up employment with Thrive Tribe, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with Thrive Tribe has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.
Complaints regarding your personal data
Thrive Tribe tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading, inappropriate or data has been unfairly shared, lost or held inappropriately. We would also welcome any suggestions for improving our procedures. You have the right to complain to the governing body at ICO.org.uk
How to voice your concerns to us
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Thrive Tribe collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to firstname.lastname@example.org
If you are unhappy with our response you have the right to escalate this to the Information Commissioner’s Office (ICO) @ https://ico.org.uk/concerns/
Access to personal information
Thrive Tribe tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’, without any cost to the individual. If we do hold information about you we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form within one calendar month
To make a request for any personal information we may hold you need to put the request in writing, addressing it to information governance lead at email@example.com. we will ensure a response to you in a machine readable format is provided within one calendar month.
If we do hold information about you due to it being erased due to the retention dates being expired or through a previous request for erasure, we will inform you. Any further question can be submitted to our IG lead and should you feel the response not be adequate you have the opportunity to escalate to the ICO.
Right to be forgotten
Within GDPR every individual has the right for their data to be forgotten or erased, unless there are legal grounds which do not allow the erasure, such as:
- legal obligations, such as the HMRC or legal investigation
- contractual obligation must be fulfilled by the company
- public task or interest where it is helping with the detection or prevention of a criminal act
Should you request to be forgotten, or give authority to a 3rd party, such as your solicitor, we will confirm the identity and then proceed to remove your personally identifiable data from our records and send you an audit. We will keep the minimum data to identify you as a living person, in case of an audit by the ICO or a second request should come in, so as to prove we have acted in accordance with the GDPR.
Again, should you not be happy with the process we have gone through you have the right to complain to our IG Lead, and in turn if the response is not adequate you retain the right to escalate this to the ICO
People who make a complaint to us
When we receive a complaint from a person we log the details of the complaint and validate them against our records. This normally contains the identity of the complainant and any other individuals involved in the complaint. We will only use the personal information we collect to process the complaint.
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for 12 months from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on May 2018
How to contact us
Information Governance department,
1st Floor office
11 Rick Roberts Way
Edited & customised by Thrive Tribe.