Privacy Policy
Last updated: October 2025
1. Introduction
Thrive Technology Ltd (trading as “Thrive”, “we”, “our”, “us”) is committed to protecting and respecting your privacy.
This Privacy Policy explains how we collect, use and share your personal data when you use our platform, website, or related services (the “Thrive Platforms”). It applies to:
- Candidates and employees who complete assessments through Thrive.
- Business customers (employers and other organisations) who use Thrive to assess candidates and employees.
2. Who We Are
Thrive Technology Ltd is registered in England and Wales.
ICO Registration Number: ZA092318
3. Data Controller Relationship
Thrive Technology Ltd determines the purposes and means of processing personal data collected through the Thrive Platforms and therefore acts as a data controller under UK and EU data protection laws.
When employers use Thrive to assess candidates, they receive assessment results and subsequently determine how to use that information for their own recruitment or employment decisions. Employers therefore act as independent data controllers, not as processors acting on Thrive’s behalf.
4. Personal Data We Collect
(a) For Candidates
When you register and complete assessments, we may collect:
- Contact details (name, email, phone, address, nationality)
- Demographic details (date of birth, gender, preferred work location, education stage)
- Psychometric and behavioural data (cognitive ability, personality traits and skills assessment responses)
- Correspondence you have with us (support queries, feedback)
(b) For Business Customers
We may collect:
- Business contact details (name, job title, email, phone, company name)
- Account and billing information
- Communications with our team
5. How We Use Personal Data
6. Legitimate Interests
Where we rely on legitimate interest as our lawful basis, we have conducted a Legitimate Interest Assessment to ensure that our interests are not overridden by your fundamental rights and freedoms.
Our legitimate interests include:
- Operating, improving, and securing the Thrive Platforms
- Communicating with users about their participation and use of our services
- Understanding engagement with assessments to enhance fairness and accuracy
- Ensuring our assessments are fair and lawful
- Assisting company's in making more ethical and fair decisions about their people (candidate hiring and employee development)
7. Special Category and Biometric Data
Thrive does not process any data under Article 9 GDPR (“special category data”), such as health information, political opinions, or religious beliefs that can uniquely identify an individual. We also do not use or process biometric data for the purposes of uniquely identifying an individual.
8. Profiling and Decisions
Thrive assessments involve profiling (scoring and reporting results), but we do not make automated decisions about you.
- How it works: We generate assessment results, based on validated scientific psychometric assessments, and provide them to employers.
- Outcome: Employers make their own decisions on next steps (e.g. interviews). Thrive does not decide on recruitment outcomes.
9. Who We Share Your Data With
We may share personal data with:
- Employers using Thrive to identify potential candidates
- Service providers (e.g. AWS for hosting, communication tools) under strict contractual safeguards
- Regulators or law enforcement where required by law
- In connection with a business sale, merger or restructuring
We do not share candidate data with professional advisors, except where required for legal compliance, and we never sell personal data.
10. International Transfers
We store all personal data in the EU (Ireland) with AWS.
11. Data Retention
- Candidate data is retained in identifiable form only as long as necessary to deliver assessments and allow employers to review results.
- After that period, we anonymise and aggregate candidate data. This anonymised data is retained to ensure Thrive assessments remain lawful, valid, unbiased, and fair.
- Customer account data is retained for the duration of the contract and up to 6 years afterwards for legal and accounting purposes.
12. Fairness & Validation
We regularly monitor and validate our assessments to ensure they remain fair, unbiased, and compliant with applicable employment and data protection laws. The design of the assessments follow strict academic literature and ensure fairness across all characteristics.
13. Security
We use appropriate technical and organisational measures to protect your data, including:
- Encryption in transit and at rest
- Access controls and authentication
- Regular monitoring, audits, and penetration testing
- Certification under Cyber Essentials
14. Children’s Privacy
The Thrive Platforms are not intended for children under 16. We do not knowingly collect data from individuals under this age.
15. Your rights
You ve the following rights under data protection law:
- Access your data
- Rectification of inaccurate data
- Erasure (“right to be forgotten”)
- Restriction of processing
- Objection to processing (especially where based on legitimate interest)
- Portability (receive your data in a machine-readable format)
- Withdraw consent (where processing is based on consent)
- Lodge a complaint with the UK ICO (www.ico.org.uk) or your local EU data protection authority
We will respond to all valid requests within one month. We may request proof of identity before responding. Certain rights may be limited where they conflict with legal obligations or our legitimate interests (for example, retaining data for audit or legal defence). Contact us at info@thrivetech.co
16. Cookies and Website TrackingOur website uses cookies and similar technologies to ensure proper functioning, improve performance, and understand usage.
- Essential cookies are necessary for the site to operate.
- Analytics cookies are used only with your consent to help improve user experience.
For more information, please see our Cookie Policy. You can manage your preferences at any time through your browser settings or via the cookie banner on our website.
17. Marketing
- We may send direct communications to candidates about their use of Thrive (e.g. reminders, results, invitations, additional service to assist in their job search and career).
- We may send marketing communications to business customers where you have consented.
- You can opt out of marketing at any time by clicking “unsubscribe” or contacting us.
18. Modern Slavery and Whistleblowing
Thrive Technology Ltd is committed to upholding human rights and preventing modern slavery in all its operations and supply chains.
We also maintain internal whistleblowing procedures that allow staff or partners to report suspected misuse of data or unethical conduct in confidence.
19. Changes to this Policy
We may update this Privacy Policy from time to time. Any changes will be published here, and if material, notified to you by email or via the Thrive Platforms.
20. Applicable Law
This Privacy Policy is governed by UK data protection law (UK GDPR and the Data Protection Act 2018) and, where applicable, the EU GDPR.
21. EU Data Act (from September 2025)
The EU Data Act (Regulation (EU) 2023/2854) introduces new rules on data access, sharing, and portability. Thrive is not a manufacturer of connected devices, and most of its processing relates to personal data covered by GDPR.
As a provider of a cloud-based SaaS platform, Thrive recognises that certain provisions of the Data Act (in particular those on data portability, interoperability, and switching between services) may apply to our services provided to EU business customers.
We are committed to ensuring our contractual terms and technical systems comply with these obligations by the applicable enforcement dates (September 2025).
22. Contact Us
Thrive Technology Ltd