On 25th May 2018, new legal guidelines came into force that changed the way companies process personal data of anybody we work with, from clients to organisations, contractors and suppliers, even our book printers!

Below is some information to help clarify what we, as an organisation, are doing to protect any data we receive or hold.

At the heart of our data protection policy is a deep commitment to protecting the privacy and personal information clients divulge to individual consultants and The Thrive Programme itself (listed as Thrive Holdings). Due to the nature of our business, helping people with a huge range of mental health issues, many of our clients divulge highly sensitive information when working through the programme with a consultant or seeking online/email support, and for this reason, we are especially committed to (and vigilant about) ensuring that this information is protected as thoroughly as possible.

The GDPR defines the Head Office of The Thrive Programme, as well as every individual Licensed Thrive Programme Coach® (registered as sole traders but with a license to deliver the Thrive Programme) as 'Data Controllers'‘which means we are accountable for the personal data we hold. If you ever have concerns about our handling of your personal data, you can contact the individual Thrive Programme Coach® concerned or Thrive Head Office (if it is a central Thrive Programme issue) to ask what information we hold about you, raise any concerns and ask to have your data deleted if required.

Our Thrive commitment to you and your personal data;

• We have produced guidelines for all our Licensed Thrive Programme Coaches to protect their clients’ personal data fully. We are not responsible for data protection issues relating to unlicensed Coaches attempting to deliver the programme without the correct TTP qualifications and ATPC licensing/registration.

• The Thrive Programme is not responsible for any personal data that individuals choose to share on public forums, including review sites, social media, public Facebook support groups and Twitter chat sessions. We advise caution before posting sensitive or personally identifiable information (PII) relating to yourself or others on such sites.

• We do not control and are not responsible for any third-party websites that are referred to or linked from our websites. The use of your personal information on these websites will be subject to their own privacy rules.

• Clients signing up for an online Thrive Programme course, a workshop/group training course, a Bounce/Forge training course, ordering a book, or undertaking sessions with a Licensed Thrive Programme Coach® will have some personal details taken and stored to deliver the course fully and maintain customer communication/support. You can stop this communication and request that your data be deleted by emailing the relevant Thrive Programme Coach®.

• We commit to fully investigating and reporting any data breaches as quickly as possible and taking the necessary steps to resolve such matters as soon as possible.

• We understand that sometimes our clients may want to know what data is held about them, how it is stored, and how it is used. Clients can email us for this information, and we endeavour to respond quickly.

• We never sell data to third-party sources, sales teams, or marketers, and we only ever share data with companies contracted and approved to deliver services for us. The only exception to this is when we are required by law to divulge information for the purposes of a legal investigation or to protect vital interests (such as in medical situations to save somebody’s life, somebody's a serious and genuine threat to life)

• Emails and other client data are held for an appropriate time but are viewed and deleted regularly to ensure they are not held for longer than necessary.

• We sometimes use data for research and support purposes. Unless client consent has been obtained to use/release personally identifiable information, this data is anonymised before public release to protect clients from identification.

• We never share client information without the express permission of the client concerned. From 25 May 2018, all clients providing video or written testimonials will have to provide consent (which we will store) for using their testimonials and can ask for their removal/erasure from our systems and public sites at any time.

• All Licensed Thrive Programme Coaches undertake compulsory Data Protection training and are required to comply with internal company policies relating to the protection of client data. This includes ensuring that businesses they work with (such as clinic rooms they hire) are also GDPR compliant.

As well as ensuring that our internal Data Protection policies are up to date and that they protect our clients as much as possible, we have also taken steps to ensure that suppliers we work with (from IT software, website/email and internet providers, to book printers, lawyers and accountants) are also GDPR compliant and committed to protecting any data they hold as Data Controllers, as well as Data Processors (people processing and using our clients’ data for a contracted purpose). Any serious data breaches by suppliers or contractors will be taken seriously, and clients will be protected and informed as fully as possible.

To fully protect our clients, we have chosen not to divulge any further specific information than the above points on how we protect various data we hold, such as naming safety software providers, security steps taken, or other providers/procedure changes, as this would put us at increased risk from hackers or other malware or dangers. However, if anyone has any particular GDPR concerns or queries, please feel free to contact us, and we will answer your questions as fully as we can.