Check out Thrive's new app
Cultivating Wellbeing is the first gardening for health and wellbeing app. Create your personalised plan, find expert tips and garden your way to better health.
Find out moreLast updated: 26th November 2024
PRIVACY POLICY
This page is designed to help you understand why and how we use your personal data. By personal data we mean information that relates to a living individual and which can identify or be identified with that individual.
We’re Thrive a national charity who promoted the use of gardening to improve health and wellbeing. A charitable company with number 01415700 and registered office at Thrive, Geoffrey Udall Centre Beech Hill, Reading, RG7 2AT
We may use your personal data to:
The above is an overview of how your personal data may be processed and is by no means exhaustive – please see below for information on how specific types of personal data are collected, processed and shared.
Below, we have tried to provide you with as much information as we possibly can to explain how your personal data may be used.
You may contact us by:
Thrive will comply at all times with Data Protection Legislation.
“Data Protection Legislation” means (i) the UK General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), the Law Enforcement Directive (LED) (Directive (EU) 2016/680) and any applicable national implementing laws as amended from time to time; (ii) the Data Protection Act 2018 to the extent that it relates to processing of personal data and privacy; and (iii) all applicable laws in respect of the processing of personal data and privacy.
HOW IS YOUR DATA PROCESSED TO ENABLE YOU TO ACCESS THE APP?
Data collected directly from you
We obtain the following personal data directly from you:
We refer to this information as the “access data”.
We will only collect the minimum amount of personal data needed for the purpose of using the app.
How long is access data kept for?
We retain your access data for up to 7 years after the date on which your membership account is closed.
How do we use your access data?
We use your access data to log you in to the app and to verify that you are a real person. Our legal basis for processing this data is contractual necessity. Without this processing we wouldn’t be able to authorise you to access and use the app.
Where and how is data collected from the app stored?
Data is stored in the UK (using London-based server locations). We are storing data in a recognised document storage solution.
We use encrypted data transfer with SSL certificates from device to server.
How is your payment data processed?
We use Apple and Google’s in-built payment systems for subscription payments. This means that we do not have access to any financial information, such as bank account or credit card details or corresponding address details for your bank.
HOW IS YOUR DATA PROCESSED TO PROVIDE INFORMATION AND SUPPORT?
Where do we obtain your health data from?
When you first register for the app and at various points after that we will ask you to answer questions about your wellbeing goals, physical space and available days to carry out your wellbeing plan. We refer to this personal data below as “circumstances data”.
How long is your circumstances data kept for?
We retain all your circumstances data for up to 7 years after the date on which your membership account is closed, after which it will either be deleted or anonymized.
How do we use your circumstances data?
We use your circumstances data to provide you with tailored information and support and so that it can be used in the generation of reports on app usage.
Our legal basis for processing this data is legitimate interest, you can withdraw at any time by notifying us using the contact details contained in the “Your rights and how to exercise them” below, and deleting the app. The circumstances data will not relate to your health.
HOW IS YOUR DATA PROCESSED TO ENABLE YOU TO LOG INFORMATION?
Where do we obtain your ‘thoughts’ data from?
Once you have registered to use the app, you may submit notes in the ‘My Thoughts’ area and update your wellbeing status using the app. We refer to this personal data below as “thoughts data”.
How long is your thoughts data kept for?
We retain all your thoughts data for up to 7 years after the date on which your membership account is closed, after which it will either be deleted or anonymized.
How do we use your thoughts data?
We store your thoughts data so that it is readily accessible to you and can be used by Thrive and third parties in the generation of reports on usage of the app.
Our legal basis for processing this data is your consent, which you can withdraw at any time by notifying us using the contact details contained in the “Your rights and how to exercise them” below, and deleting the app.
Please note that without your consent to do this, we will be unable to provide you access to the app. This is because we are not able to disable the thoughts functionality.
HOW IS YOUR DATA PROCESSED TO ALLOW ANONYMISED STATISTICS TO BE SHARED WITH OTHERS?
We also use your thoughts data to generate anonymous statistics that may then be used by us and shared with third party for research purposes. This means that your circumstances data and thoughts data may be used to generate statistics, but you won’t be identifiable from that data. Our legal basis for processing this data is consent, which you can withdraw at any time by notifying us using the contact details contained in the “Your rights and how to exercise them” below, and deleting the app.
As the data involved relates to your health, we will only obtain data with your explicit consent.
HOW IS YOUR DATA PROCESSED TO ENABLE US TO SEND YOU INFORMATION ABOUT THE APP, OUR COMPANY AND THE DEVELOPMENT OF THE APP?
We will use your access data (see the “How is your data processed to enable you to access the app” section above for more details as to what this data is) to contact you and provide you with information about our activities and developments and improvements to the app. We do so on the basis of our legitimate interests in keeping you up-to-date with changes in our business and products. In doing so, we will offer you an opportunity to refuse marketing when your details are first collected and in subsequent messages.
WHO DO WE SHARE PERSONAL DATA WITH?
Internally, we only grant access to personal data to those people that need access to that data to carry out their role.
Externally, we may share from time to time share personal data with the following categories of recipients:
and where we share personal data with service providers we will always ensure that the service provider is committed contractually to only use personal data in compliance with our instructions and data protection law;
Transfers of personal data outside of the European Economic Area (EEA)
The EEA is a group of countries that share the same basic data protection law, and therefore the law assumes that where your personal data is transferred between these countries it enjoys a similar level of protection.
We generally store and process personal data inside the EEA. However, in some circumstances the third parties who assist us in providing the services (suppliers), may transfer personal data outside the EEA.
Where suppliers do so, we require our suppliers to do so in compliance with UK data protection laws, typically requiring them to enter into standard contractual clauses approved by the European Union as providing equivalent protection to what would be in place had the personal data remained in the EEA.
We can provide more information on the non-EEA countries to which we transfer your personal data on request.
YOUR RIGHTS AND HOW TO EXERCISE THEM
The law gives you certain rights in respect of the personal data that we hold about you. Below is a short overview of those rights (for more information about the rights you have in respect of your personal data please visit the Information Commissioner’s Office website: www.ico.org.uk).
With some exceptions designed to protect the rights of others, you have the right to a copy of the personal data that we hold about you.
You can request access to the personal data we hold on you and we will provide this free of charge in the first instance, we may make a reasonable charge for additional copies of that data beyond the first copy, based on our administrative costs.
Where you have given us your personal data (i.e. you have input it into the app), you may have the right to receive your copy of this data in a common electronic format. If you wish, we can provide copies of this data to other people, if it is technically feasible to do so.
You have the right not to be subject to solely automated decisions, including profiling, which have a legal or similarly significant effect on you.
Thrive will not use automated processing for decision making.
You have the right to have the personal data we hold about you corrected if it is factually inaccurate. This right does not extend to matters of opinion.
You have the right to a request for data portability, which allows you to obtain your personal data in order to reuse it across different services. We will respond to a request for data portability without undue delay and within one month of receipt.
In some limited circumstances, you have the right to have personal data that we hold about you erased (“the right to be forgotten”). This right is not generally available where we still have a valid legal reason to keep the data (for example, in connection with a legal claim or because we are obliged to do so by law).
You have the right to object to our processing of your personal data where we rely on “legitimate interests” as our legal basis for processing, but we may be able to continue processing if our interest outweighs your objection.
You have the right to require us to stop using your personal data to send you marketing information. If you want us to stop sending you marketing information, the quickest and most efficient way is to use the provided “unsubscribe” links in our communications (although you can contact us direct if you prefer).
You also have the right in some circumstances to request that temporary restrictions are placed on how we process your personal data, For example, if you contest its accuracy or where we are processing it on the basis of our legitimate interest and you contest our assessment that our interest overrides your rights.
If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time, in which case we will stop that processing unless we have another legal basis on which to continue.
Please be advised that in certain circumstances withdrawal of consent to continue processing your personal data may have further impact on your future access to, or benefit from, the service or part of the service.
To withdraw your consent, you can select to delete your data for the “settings” pages of the app.
To exercise any of your rights you can:
We will respond to your request within one calendar month of receiving the request. If your request is complex, or you make more than one request, we may need to extend our response time. This would be by a maximum of three calendar months, starting from the day of receipt.
Please note that to protect your privacy, we may ask you to prove your identity before we take any steps in response to a request you have made. The time limit for response will begin again once we have received this.
We treat the protection of your personal data with the utmost importance but if you have cause to complain, we would always ask that you contact us first, so we can attempt to resolve the matter for you. However, you also have the right to lodge a complaint about our handling of your personal data with the Information Commissioner’s Office. You can contact them on 0303 123 1113 or via their website www.ico.org.uk/make-a-complaint
Thrive Data Protection Officer (DPO)
Our DPO monitors privacy compliance internally and communicates on privacy matters, GDPR and data protection provisions.
Data Protection Officer:
Andrew Storm
Email: Andrew.storm@thrive.org.uk
CHANGES TO THIS POLICY
We may change this privacy policy at any time. Where we make significant changes, for instance where we use your personal data for materially different purposes, we will email you to let you know.
If there is any change in the purpose of data collection, we will update this privacy policy.
Cultivating Wellbeing is the first gardening for health and wellbeing app. Create your personalised plan, find expert tips and garden your way to better health.
Find out more