The General Data Protection Legislation (GDPR) will come into effect on the 25th of May, 2018. Here’s what you need to know about how WeThrive processes customer data, and what we’re doing to ensure compliance.
WeThrive is the trading name for We Thrive Limited, a company registered in England under company number 08265292.
Is WeThrive a data controller or a data processor?
Have you appointed a Data Protection Officer (DPO)?
Yes, our DPO is our Chief Operating Officer, Richard Adams.
How do you comply with the key requirements of the GDPR principles?
There are 6 principles within the GDPR framework, these are:
- Lawfulness, fairness and transparency - we will process any personal data we collect in a fair, lawful and transparent manner; and in accordance with individuals’ rights. As a Customer of WeThrive we will only process the personal data you enter into the system in accordance with our terms of service
- Purpose limitations - we will only collect personal data for specified, explicit and legitimate purposes. Data we collect will not be used for any other purposes other than what you as the data subject(s) have been made aware of. As a Customer of WeThrive we will only process personal data you enter into the system for the purpose of providing you our service and in accordance with our terms of service
- Data minimisation - we will only collect personal data that is needed, adequate and relevant for the specific purpose. As a Customer of WeThrive you are responsible for ensuring that the data you hold about your employees and transmit to WeThrive is limited to what is needed, adequate and relevant for the specific purpose.
- Accuracy - to the best of our ability we will ensure that any personal data we collect is accurate, kept up to date and correct. As a Customer of WeThrive you are responsible for ensuring that the data entered into WeThrive about your employees is accurate and kept up to date. Our systems are designed to maintain a high level of integrity, meaning that your data will remain as entered and unchanged.
- Storage limitations - we will only keep personal data we collect for as long as it is needed, in addition, you have the right to request erasure of your individual data. As a Customer of WeThrive you are responsible for ensuring that personal data entered into your system is removed when no longer needed. If you choose to close your account, we will securely delete all personal data held in the system on your behalf.
- Integrity and confidentiality - we will process all personal data we collect in a manner that protects it against unwanted modification, disclosure or unlawful processing. We take a risk based approach to ensure that our systems have the appropriate technical and organisational controls to safeguard the integrity and confidentiality of all personal data.
Updates to WeThrive
Please be aware of the following changes we have made to ensure GDPR compliance.
- Terms of service - we have updated clause 9.2 to confirm the statement “Data Protection Legislation” includes reference to the GDPR. You can read our updated terms of service here https://wethrive.net/terms-of-service/.
- Data retention post contract - we have reviewed our data retention policy and generally will erase all customer data within 90 days of contract termination.
If you have any questions regarding WeThrive & GDPR, please contact our support team either via the in-app help or email firstname.lastname@example.org.