Last Revised: January 6, 2021
Users in different regions might be subject to different data protection standards. This document has a section dedicated to European Union consumers and their privacy rights, as well as a section dedicated to California consumers and their privacy rights.
We may collect your personal or contact information, information about your use of the Thrive ZP Services, including your responses and information about your device or platform on which you access the App (together, your “Information”).
If you have reason to believe that a child under the age of 13 has provided Personal Data to Thrive through the Services please contact us and we will endeavor to delete that information from our databases.
You may update or delete your account or update your mailing preferences by contacting our support team at Privacy@thriveglobal.com. We will strive to quickly and efficiently update or delete your Information at your request—unless we have a legitimate business or legal reason to keep that information or unless requests require disproportionate technical effort, risk the privacy of others, or would be extremely impractical. Before acting on your request to update or delete your Information, we may ask you to verify your identity.
The California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of their personal information to third parties for their direct marketing purposes. To make such a request, please send an email to email@example.com (include My California Privacy Rights in the subject line). Please note that we are only required to respond to one request per customer per year.
Scope. This section applies if you are a User in the EU (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, to the extent applicable, Switzerland).
Data Controller. Thrive Global Holdings Inc. is the data controller for processing Personal Data provided to us through the Services. To find out our contact details, please see the “Contact Us” section below.
You can also contact DPR Group, who has been appointed as Thrive’s Data Protection Representative in the EU pursuant to Article 27 of the General Data Protection Regulation on matters related to the processing of your Personal Data. If you want to raise a question to Thrive, or otherwise exercise your rights in respect of your personal data (described below), please contact DPR Group as follows:
|Austria||DPR Group, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria|
|Belgium||DPR Group, Place de L’Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium|
|Bulgaria||DPR Group, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria|
|Croatia||DPR Group, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia|
|Cyprus||DPR Group, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus|
|Czech Republic||DPR Group, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic|
|Denmark||DPR Group, Lautruphøj 1-3, Ballerup, 2750, Denmark|
|Estonia||DPR Group, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia|
|Finland||DPR Group, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland|
|France||DPR Group, 72 rue de Lessard, Rouen, 76100, France|
|Germany||DPR Group, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany|
|Greece||DPR Group, 24 Lagoumitzi str, Athens, 17671, Greece|
|Hungary||DPR Group, EMKE Building, Rákóczi Út 42, Budapest, 1072, Hungary|
|Ireland||DPR Group, Phoenix House, Monahan Road, Cork, T12 H1XY, Republic of Ireland|
|Italy||DPR Group, BPM 335368, Via Roma 12, 10073 , Turin, Italy|
|Latvia||DPR Group, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia|
|Lithuania||DPR Group, Vilniaus g.31, Vilnius, LT- 01402, Lithuania|
|Luxembourg||DPR Group, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg|
|Malta||DPR Group, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta|
|Netherlands||DPR Group, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands|
|Poland||DPR Group, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland|
|Portugal||DPR Group, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal|
|Romania||DPR Group, World Trade Centre, Piata Montreal no 10, Entrance F, 1st Floor, Sector 1, Bucharest, 11469, Romania|
|Slovakia||DPR Group, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia|
|Slovenia||DPR Group, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia|
|Spain||DPR Group, Puerta de las Naciones, Ribera del Loira 46, Madrid, 28042, Spain|
|Sweden||DPR Group, S:t Johannesgatan 2, 4th floor, Malmo, SE – 211 46, Sweden|
|United Kingdom||DPR Group, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom|
Your Rights. Subject to applicable EU law, you have the following rights in relation to your Personal Data that we hold about you:
The Services are not directed to EU data subjects who are children who are under the age of 16. Thrive does not knowingly collect Personal Data from children who are under 16. If you have reason to believe that a child under the age of 16 has provided Personal Data to Thrive through the Services please contact us and we will endeavor to delete that information from our databases.
You use Services at your own risk. Thrive takes steps to protect the Personal Data provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from the Services may not be secure. Therefore, you should keep this in mind when disclosing Personal Data to us and take special care in deciding what information you disclose to us over the Internet or send to us via e-mail. We cannot control the actions of other Users with whom you may choose to share information. Therefore, we cannot, and do not, guarantee that information or content posted by a User on or through the Services will not be viewed by unauthorized persons. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.
In addition to the Thrive ZP Services, Thrive may offer certain programs for Thrive ZP users to participate in, such as webinars, events, stories, etc. (“Thrive ZP Program”). By participating in a Thrive ZP Program, you agree that (i) Thrive may copy, modify, display, distribute, or otherwise use, for any business purpose, any audio, pictures, video, information of or disclosed by you (including any health or personal information of yourself or your family whom you have valid authorization to do so), and/or other materials you submit to Thrive or otherwise are recorded by Thrive during the applicable Thrive ZP Program, and (ii) you release and hold harmless Thrive from any liability or damages that may arise from such use.
Your access to and use of the Services is subject to any additional terms applicable to such Services that may be posted on the Services from time to time, including without limitation, Thrive’s Terms and Conditions Agreement at https://www.thriveglobal.com/thrive/terms.
The European Court of Justice (the highest court in the EU) had struck down the Privacy Shield process as a complaint mechanism by which EU personal data may be transferred from the EU to the USA.
Thrive Global was using Privacy Shield enrolment with the FTC as the method by which we ensured the data transfers are GDPR-compliant, Thrive had to cease to do so and replace it with another mechanism. Thrive is currently using the Standard Contractual Clauses (SCCs) for EU to USA data transfers as an alternative to Privacy Shield.
Thrive Global’s main administrative offices are based in the USA and that’s where we process personal information collected through our Apps. When you provide personal information to us, we request your consent to transfer that personal information to the USA. The USA does not have an adequacy decision from the European Commission, which means that the Commission has not determined that the laws of the USA provide adequate protection for personal information. Although the laws of the USA do not provide legal protection that is equivalent to EU data protection laws, we safeguard your personal information by treating it in accordance with this GDPR Privacy Notice. We take appropriate steps to protect your privacy and implement reasonable security measures to protect your personal information in storage. We use secure transmission methods to collect personal data through our websites and Apps. We also enter into Standard Contractual Clauses agreement with our data processors that require them to treat personal information in a manner that is consistent with this Notice.
This privacy statement has been prepared based on provisions of multiple legisations, including the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA), the U.S. Health Information Technology for Economic and Clinical Health Act (HITECH), and Art. 13/14 of regulation (EU) 2016/679 General Data Protection Regulation (GDPR).
The DPO shall be the HIPAA Privacy Officer.
Thrive Global does not sell your personal information for payment or other monetary consideration. However, because California law broadly defines a “sale” of your personal information to include the act of making cookie and other similar data available to third party advertising and analytics providers when you use Thrive Global Services (even though we never receive any money in exchange), we are required to disclose those practices here.
Your California Privacy Rights – California Consumer Privacy Act (“CCPA”)
If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), beginning January 2020 you have certain rights with respect to that information. In particular, you have a right to request that we provide you with the following information:
To exercise your rights under CCPA, please send an email to Privacy@Thriveglobal.com.
A California resident who has provided Personal Data, as defined under California Civil Code section 1798.83, to a business with whom he/she has established a business relationship for personal, family, or household purposes (a “California Customer”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. In general, if the business has made such a disclosure of Personal Data, upon receipt of a request by a California Customer, the business is required to provide a list of all third parties to whom Personal Data was disclosed in the preceding calendar year, as well as a list of the categories of Personal Data that were disclosed. California Customers may request further information about our compliance with this law by emailing Privacy@Thriveglobal.com. Please note that we are required to respond to one request per California Customer each year, and we are not required to respond to requests made by means other than through this email address.
Thrive Global Holdings, Inc.
New York, NY 10012
If you are an individual in the EU, you can also contact DPR Group, who has been appointed as Thrive’s Data Protection Representative in the EU pursuant to Article 27 of the General Data Protection Regulation. Please read the European Union (EU) Users section above to learn how to contact DPR Group.