Website Privacy Statement
The Purpose of this privacy statement is to explain how Burroughs Business Development Ltd, trading as Thrive Buzz, processes personal data to fulfill its data protection responsibilities. This statement will be supplemented by ‘specific to client’ privacy notices when needed. The scope of this statement covers all related activities by the staff of the business that which is referred to as Thrive hereafter.
The Role of Thrive in data protection terms is that of a data controller where it determines the purpose and use of personal data collected and is registered with the Information Commissioner’s Office (ICO). Once your data has been received it becomes the responsibility of the privacy manager (PM) to ensure that it is processed in accordance with the latest UK data protection legislation. You can contact the PM using firstname.lastname@example.org.
The operational purpose of Thrive is to act as a hub for local professionals that provide business support services. Thrive is not responsible for the personal data processed by their businesses.
The personal data processed by Thrive will only be basic contact information for the purposes of responding to general enquiries, business development and setting up invoices. If Thrive is not given all the required personal data, it may result in an incomplete service being provided.
Thrive’s duty of confidentiality means thatour staff will treat your personal data with due respect and in confidence and will only disclose it to those that need to know it (see below). We also expect the same duty of confidentiality of all third parties with whom we share personal data. Sharing is kept to a minimum and reviewed regularly and we use reasonable organisational and technical measures to ensure personal data is kept secure. Personal data are processed primarily in the UK but we also rely on the following third-party service providers as follows:
• Capsule, which is a CRM service provided by Amazon Web Services using US based servers, for which the data protection explanation can be read by visiting https://capsulecrm.com/support/eu-data-protection/
Thrive uses Free Agent software to administer its accounts. You can read their security and GDPR statement of AM by visiting:
We process personal data against a lawful basis as described below:
- To comply with our legal obligations
- To fulfil our contractual obligations to our members and suppliers
- To respond to enquiries and to promote our services, we will use our legitimate interests where contractual arrangement are not in place or have ended
- When processing for a pre-defined purpose for which your consent has been sought prior to that processing commencing (consent may be withdrawn at any time via the PM)
In all cases the processing of your personal data by Thrive shall be in accordance with the principles of data protection, as set out in the UK data protection legislation.
THRIVE will share personal data, only when necessary, with some or all of the following:
- HM Revenue & Customs
- Other Thrive members
- Individuals requesting the details of Thrive members for service enquiries
- Unspecified recipients but only when compelled to do so for legal reasons
Thrive follows a retention schedule to determine the length of time it holds different types of personal data. The retention schedule is shown below:
- Routine correspondence for casual enquiries in hard copy or in emails will be stored for 7 years
- Service contract related data will be retained throughout the life of the engagement plus another 7 years following the termination of the contract
- Contact data is stored indefinitely unless a valid request to erasure is received from the interested data subject
- Financial records and invoices, which may include personal data, will be retained for 6 years after the end of the current tax year of processing
- By exception, documentation that includes personal data may be retained by Thrive beyond the schedule, but only for a specific purpose and only when Thrive believes there is a legitimate interest or a legal obligation to do so
At the end of the retention schedule Thrive will either return, destroy or delete your personal data and any associated emails or relevant documentation. If it is technically impractical to delete electronic copies of personal data, it will put it beyond operational use. It should be noted that Thrive allows up to 3 months after the retention schedule to complete the action.
The UK General Data Protection Regulation defines the rights that you have (although these do not apply in all situations); for convenience, these rights are shown below:
- Right to be informed as to how your personal data is being processed by Thrive – this is done through this statement or specific to customer privacy notices
- Right to access your personal data held by us which is done by making a ‘Data Subject Access Request’ (DSAR) to the PM
- Right to rectification of your personal data if you believe we have collected it incorrectly or it needs to be updated
- Right to erasure of your personal data for which we no longer have a legitimate purpose to process
- Right to restrict processing under certain circumstances, during which time your personal data but will be out of operational use until the related matter is resolved
- Right to data portability of your personal data in a machine-readable version, as you have provided but only applicable to data provided with your consent or under contract
- Right to object to our processing of your personal data for which it does not have a legal or contractual obligation
- Rights related to automated decision making and profiling (however Thrive does not use these techniques in its decision making)
Further details on data subjects’ rights can be found on the Information Commissioner’s Office (ICO) website: https://ico.org.uk.
Raising concerns, exercising rights or making queries about how we are processing personal data can be done by contacting the PM. Please be aware that we will need to determine your identity before responding fully, therefore, you may be asked for proof of ID or other material that, in context, will enable us to confirm your identity. Alternatively, you have the right to contact the ICO directly, using the details provided above.