The General Data Protection Legislation (GDPR) came into effect on the 25th of May, 2018. Here’s what you need to know about how WeThrive processes customer data, and what we’re doing to ensure compliance.

WeThrive is the trading name for We Thrive Limited, a company registered in England under company number 08265292.

Is WeThrive a data controller or a data processor?

For our Customers, we act as a data processor, meaning that we process your personal data on your behalf, in accordance with our Terms of Service https://wethrive.net/terms-of-service/, privacy policy https://wethrive.net/privacy-policy/, acceptable use policy, and any special terms of your order. We also hold contact data for current and potential users of our service, and are responsible as a data controller for this information.

Have you appointed a Data Protection Officer (DPO)?

Yes, our DPO is our Commercial Director, Richard Watney

How do you comply with the key requirements of the GDPR principles?

There are 6 principles within the GDPR framework, these are:

  • Lawfulness, fairness and transparency - we will process any personal data we collect in a fair, lawful and transparent manner; and in accordance with individuals’ rights. As a Customer of WeThrive we will only process the personal data you enter into the system in accordance with our terms of service

  • Purpose limitations - we will only collect personal data for specified, explicit and legitimate purposes. Data we collect will not be used for any other purposes other than what you as the data subject(s) have been made aware of. As a Customer of WeThrive we will only process personal data you enter into the system for the purpose of providing you our service and in accordance with our terms of service

  • Data minimisation - we will only collect personal data that is needed, adequate and relevant for the specific purpose. As a Customer of WeThrive you are responsible for ensuring that the data you hold about your employees and transmit to WeThrive is limited to what is needed, adequate and relevant for the specific purpose.

  • Accuracy - to the best of our ability we will ensure that any personal data we collect is accurate, kept up to date and correct. As a Customer of WeThrive you are responsible for ensuring that the data entered into WeThrive about your employees is accurate and kept up to date. Our systems are designed to maintain a high level of integrity, meaning that your data will remain as entered and unchanged.

  • Storage limitations - we will only keep personal data we collect for as long as it is needed, in addition, you have the right to request erasure of your individual data. As a Customer of WeThrive you are responsible for ensuring that personal data entered into your system is removed when no longer needed. If you choose to close your account, we will securely delete all personal data held in the system on your behalf.

  • Integrity and confidentiality - we will process all personal data we collect in a manner that protects it against unwanted modification, disclosure or unlawful processing. We take a risk based approach to ensure that our systems have the appropriate technical and organisational controls to safeguard the integrity and confidentiality of all personal data.

Updates to WeThrive

Please be aware of the following changes we have made to ensure GDPR compliance.

  • Terms of service - we have updated clause 9.2 to confirm the statement “Data Protection Legislation” includes reference to the GDPR. You can read our updated terms of service here https://wethrive.net/terms-of-service/.

  • Privacy policy - we have updated our privacy policy to include clear and simple information on; The personal information we collect and use, How we use your personal information, Where your information is kept, Your rights, Keeping your personal information secure, and How to complain. You can read our privacy policy here https://wethrive.net/privacy-policy/.

  • Data retention post contract - we have reviewed our data retention policy and generally will erase all customer data within 90 days of contract termination.

  • Updates in-app - for the benefit of users of the WeThrive app, we are updating our app footer to include a link to our privacy policy.

  • Updates to survey emails - for the benefit of people completing WeThrive surveys, we are introducing new footer text to all survey related emails (warm-up, invite, remind, thank you) to confirm the email has been sent by wethrive.net and to provide a link to our privacy policy.

If you have any questions regarding WeThrive & GDPR, please contact our support team either via the in-app help or email support@wethrive.net.

Did this answer your question?