At Thrive CSR Ltd, we always take data security and data privacy extremely seriously. Our aim has always been to provide our customers and their staff and applicants with the highest levels of data security and be accountable for the information held on our application. As such we regularly review and expand our security practices.
This document covers how we deal with your privacy and GDPR rights and then how cookies are used on your website and platform.
Data Controller or Processor
We act as a data controller in respect of any information which we collect about our customers. We will never share this or any customer data in our possession with anyone else save as required at law or if we were to sell our business. Thrive CSR adheres to strict data security, access, integrity policies.
We act as a data processor in respect of any information which applicants upload onto the Thrive CSR platform. In providing our service, we do not own or make decisions about the use of the information stored or processed on Thrive CSR. We do not use this data for our own purposes. In fact, to the extent we do access it, it is only as reasonably necessary to provide you with our services (which may include responding to support requests) or as required by law.
In accordance with the GDPR, we have updated our terms of business so that it is clear that we will only ever use personal data which we process on our customers’ behalf in accordance with our customers’ instructions (to the extent consistent with the functionality of Thrive CSR). We will also promise to implement industry standard security, technical, physical and administrative measures against unauthorized processing of such information and against loss, destruction of, or damage to, personal information.
How Does Thrive CSR Facilitate the Rights of Individuals Under GDPR?
The right to be informed.
Thrive CSR enables our customer to define their own privacy statements. Using this privacy statement, a customer is able to notify applicants of the details of personal data being collecting and why purpose. Within Thrive CSR a customer can make it mandatory for an applicant to accept before proceeding with registration to the system and then again for any application they ‘start’ in the system. We also allow a customer to define granular options for communication.
The right of access.
All applicants and staff whose data is stored by Thrive CSR can request to see and update their details at any time by contact email@example.com, who will provide the appropriate contact for the customer and assist with the process to provide access.
The right to rectification.
All applicants and staff whose data is stored by Thrive CSR can request rectification to their details or data at any time by contact firstname.lastname@example.org, who will provide the appropriate contact for the customer and assist with the process to provide rectification.
The right to erasure.
Thrive CSR enables our customers to comply with an individual’s request for the deletion or removal of personal data from the platform.
If our customers are satisfied that there is no compelling reason for continued processing, they can delete the personal data from the Thrive CSR Platform. For more information contact email@example.com, who will provide the appropriate contact for the customer and assist with the process to provide erasure.
The right to restrict processing.
Should an applicant wish to object to the processing of their personal data, the individual’s platform record can be suspended. Up to the point of award, the ‘withdrawal’ feature can be used to suspend an application, and after an award the ‘on hold’ feature can be used to suspend processing. For more information contact firstname.lastname@example.org, who will provide the appropriate contact for the customer and assist with the process required to restrict processing.
The right to object.
Should an applicant wish to object to any aspect of their data or its processing through Thrive CSR, the individual’s platform record can be suspended and any in progress applications ‘withdrawn’ and awards put ‘on hold’. For more information contact email@example.com, who will provide the appropriate contact for the customer and assist with the process required to put processing on hold.
Rights related to automated decision making and profiling.
In Thrive CSR no decisions are made without human intervention.
If you have any further questions or queries with any of the details above, please feel free to contact Thrive CSR at firstname.lastname@example.org
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore, it is recommended that you do not disable cookies.
Our marketing website (www.thrive-platform.com) uses the following cookies, all cookies are optional:
- Security_Check – Thrive cookie used to check for unusual site access – Set for 365 days
- Hubspotuk – Hubspot cookie used for marketing tracking – Set for 6 months
- Mf_user – Mouseflow cookie used for marketing tracking – Set for 3 months
Our software platform uses the following cookies, all cookies are mandatory:
- Admin_Module – Thrive cookie used to secure access to the platform – Set for 7 days
- Admin_Cookie – Thrive cookie used to secure access to the platform – Set for 365 days
- 2FA_Temp_Cookie – Thrive cookie used to secure access to the platform – Set only for the current session
- Thrive_CSRF* – Thrive cookies used to secure access to the platform – Set for 1 day