DATA PROTECTION AND PRIVACY POLICY

1. INTRODUCTION

Thrive Women Limited ("we," "us," "our") is committed to protecting your privacy and personal data. This policy explains how we collect, use, store, and protect your personal information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. DATA CONTROLLER

Thrive Women Limited is the data controller for personal data processed through our website, services, and membership programmes.

Contact Details:

Email: [email protected]

Address: 26 Redacre Road, Manchester, England, M18 8RE

Data Protection Queries: [email protected]

3. WHAT PERSONAL DATA WE COLLECT

3.1 Information You Provide Directly

Contact Information: Name, email address, phone number, postal address

Account Information: Username, password, profile information

Payment Information: Billing details, payment method information

Communication: Messages, emails, feedback, and support requests

Membership Information: Membership level, preferences, participation data

Professional Information: Job title, company, industry, professional interests

3.2 Information We Collect Automatically

Technical Data: IP address, browser type, device information, operating system

Usage Data: Pages visited, time spent, clicks, navigation patterns

Cookies and Tracking: As detailed in our Cookie Policy

Location Data: General geographic location based on IP address

3.3 Information from Third Parties

Social Media: Profile information if you connect social media accounts

Payment Processors: Transaction confirmation from Stripe

Partners and Sponsors: Information relevant to sponsored content and services

4. LAWFUL BASIS FOR PROCESSING

We process personal data under the following lawful bases:

4.1 Contract (Article 6(1)(b))

Providing membership services

Processing payments

Delivering requested content and communications

4.2 Legitimate Interests (Article 6(1)(f))

Website functionality and security

Business development and marketing

Fraud prevention and detection

Improving our services and user experience

Internal analytics and reporting

4.3 Consent (Article 6(1)(a))

Marketing communications (where required)

Optional cookies and tracking

Sharing data with third parties for promotional purposes

4.4 Legal Obligation (Article 6(1)(c))

Tax and accounting requirements

Regulatory compliance

Law enforcement requests

5. HOW WE USE YOUR PERSONAL DATA

5.1 Service Provision

Creating and managing your account

Processing membership applications and payments

Providing access to content and services

Facilitating community interactions

Customer support and communications

5.2 Marketing and Communications

Sending newsletters and updates

Promoting relevant services and opportunities

Facilitating sponsor and partner communications

Event invitations and notifications

5.3 Business Operations

Website analytics and improvement

Fraud prevention and security

Legal compliance and reporting

Business planning and development

5.4 Personalisation

Customising content and recommendations

Improving user experience

Tailoring services to your interests

6. DATA SHARING AND DISCLOSURE

6.1 We May Share Data With:

Service Providers:

Payment processors (Stripe)

Email service providers

Website hosting and IT support

Analytics providers

Customer support platforms

Business Partners:

Sponsors and hub partners (with appropriate consent)

Event organisers and speakers

Affiliated organisations and collaborators

Legal Requirements:

Law enforcement agencies

Regulatory authorities

Courts and legal advisors

As required by legal proceedings

Business Transfers:

In the event of merger, acquisition, or sale of business assets

6.2 International Transfers

We may transfer personal data outside the UK to:

Service providers in other countries

International business partners

Cloud storage and processing services

All transfers are protected by appropriate safeguards including:

Adequacy decisions

Standard contractual clauses

Binding corporate rules

Certification schemes

7. DATA RETENTION

7.1 Retention Periods

We retain personal data for:

Active Members: Duration of membership plus 7 years

Marketing Data: 3 years from last engagement (unless consent withdrawn)

Financial Records: 7 years for tax and accounting purposes

Legal Claims: Until statute of limitations expires

Website Analytics: 26 months maximum

7.2 Deletion

Data is securely deleted when retention periods expire or upon valid erasure requests.

8. YOUR RIGHTS UNDER UK GDPR

8.1 Right of Access

You can request copies of your personal data and information about how it's processed.

8.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure

You can request deletion of your personal data in certain circumstances:

Data no longer needed for original purpose

Consent withdrawn (where consent was the lawful basis)

Data processed unlawfully

Legal obligation to delete

8.4 Right to Restrict Processing

You can request restriction of processing in certain circumstances:

Accuracy of data is contested

Processing is unlawful but you prefer restriction to erasure

Data needed for legal claims

Objection to processing is pending verification

8.5 Right to Data Portability

You can request your data in a structured, machine-readable format for transfer to another controller.

8.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

8.7 Rights Related to Automated Decision-Making

You have rights regarding automated decision-making and profiling, including the right to human intervention.

8.8 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time.

9. EXERCISING YOUR RIGHTS

To exercise your rights:

Email: [email protected]

Post: 26 Redacre Road, Manchester, England, M18 8RE

Include: Your name, contact details, and specific request

We will respond within one month of receiving your request. Complex requests may take up to three months with explanation for the delay.

10. DATA SECURITY

10.1 Technical Measures

Encryption of data in transit and at rest

Secure authentication and access controls

Regular security updates and patches

Network security and firewalls

Secure data centres and hosting

10.2 Organisational Measures

Staff training on data protection

Access controls and need-to-know basis

Regular security risk assessments

Incident response procedures

Vendor security requirements

10.3 Data Breach Response

In the event of a data breach:

Assessment within 72 hours

Notification to ICO if high risk

Notification to affected individuals if high risk

Remedial action and prevention measures

11. COOKIES AND TRACKING

We use cookies and similar technologies as detailed in our separate Cookie Policy. This includes:

Essential cookies for website functionality

Analytics cookies to understand usage

Marketing cookies for personalised advertising

Preference cookies to remember your settings

12. CHILDREN'S PRIVACY

Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from children under 18. If we become aware of such collection, we will delete the data promptly.

13. THIRD-PARTY LINKS

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these sites and encourage you to read their privacy policies.

14. CHANGES TO THIS POLICY

We may update this policy periodically. Changes will be posted on our website with an updated "Last Updated" date. Significant changes will be communicated directly to users where appropriate.

15. COMPLAINTS

If you're concerned about how we handle your personal data:

Contact us first: [email protected]

ICO Complaint: You have the right to complain to the Information Commissioner's Office 

Website: ico.org.uk

Phone: 0303 123 1113

Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

16. CONTACT INFORMATION

For data protection queries:

Email: [email protected]

Last Updated: 06/06/2025
Version: 1.0
Next Review: 06/06/2026