Privacy Policy

1. Introduction

ThrivePulse (“we,” “us,” or “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR) and Malta’s Data Protection Act. As a Malta-based company operating within the European Union, we adhere to the highest standards of data protection and privacy.

2. Data Controller

ThrivePulse is the data controller responsible for your personal data. Our Data Protection Officer can be reached at: dpo@thrivepulse.com

3. Information We Collect

3.1 Personal Information

• Identity Data: Name, date of birth, gender
• Contact Data: Email address, phone number, postal address
• Account Data: Username, password (encrypted)
• Payment Data: Billing information (processed through secure payment providers)
• Profile Data: Professional background, interests, goals, preferences

3.2 Health and Wellness Information

• Eye reading images and analysis (for iridology services)
• Health goals and wellness objectives
• Stress levels and productivity patterns
• Any health information you voluntarily provide during sessions

3.3 Technical Information

• IP address and location data
• Browser type and version
• Device information
• Cookies and tracking technologies
• Usage data and analytics

3.4 Communications

• Email correspondence
• Session recordings (with explicit consent for video sessions)
• Feedback and testimonials
• Customer support interactions

4. Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: When you provide explicit consent for health data processing, session recordings, or marketing communications
• Contract Performance: To provide services you’ve purchased (coaching, courses, workshops)
• Legitimate Interests: To improve our services, prevent fraud, and ensure security
• Legal Obligation: To comply with tax, accounting, and legal requirements in Malta and the EU

5. How We Use Your Information

We use your personal data to:

• Provide iridology sessions, coaching, and online courses
• Process bookings and payments
• Conduct eye readings and prepare personalized protocols
• Communicate about your sessions and programs
• Send course materials and resources
• Improve our services and develop new offerings
• Comply with legal and regulatory requirements
• Send marketing communications (with your consent)
• Respond to inquiries and provide customer support

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

6.1 Service Providers

• Payment processors (Stripe, PayPal, etc.)
• Cloud storage providers (with EU/EEA servers)
• Email service providers
• Video conferencing platforms (for online sessions)
• Course hosting platforms
• Analytics providers (Google Analytics with anonymization)

All service providers are GDPR-compliant and bound by data processing agreements.

6.2 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes
• Respond to government requests
• Protect our rights and safety
• Prevent fraud or illegal activities

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. You will be notified of any such change.

7. International Data Transfers

We primarily store and process data within the European Economic Area (EEA). When we transfer data outside the EEA, we ensure:

• Adequate protection through Standard Contractual Clauses (SCCs)
• Transfer only to countries with adequate data protection laws
• Compliance with GDPR transfer requirements

8. Data Security

We implement robust security measures to protect your data:

• SSL/TLS encryption for data transmission
• Encrypted storage for sensitive information
• Access controls and authentication
• Regular security audits and updates
• Staff training on data protection
• Secure backup systems

9. Data Retention

We retain your personal data only as long as necessary:

• Active accounts: While you use our services
• Inactive accounts: 3 years after last activity, then deleted
• Session recordings: Retained only with explicit consent; deleted upon request
• Health data: Retained for service provision; deleted upon request or after 5 years
• Financial records: 7 years for tax compliance (Malta law)
• Marketing data: Until you unsubscribe or withdraw consent

10. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

10.1 Right to Access

Request a copy of all personal data we hold about you.

10.2 Right to Rectification

Request correction of inaccurate or incomplete data.

10.3 Right to Erasure (“Right to be Forgotten”)

Request deletion of your personal data in certain circumstances.

10.4 Right to Restrict Processing

Request limitation on how we use your data.

10.5 Right to Data Portability

Receive your data in a structured, machine-readable format.

10.6 Right to Object

Object to processing based on legitimate interests or for marketing purposes.

10.7 Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent.

10.8 Right to Lodge a Complaint

Lodge a complaint with the Malta Information and Data Protection Commissioner (IDPC) or your local supervisory authority.

11. Cookies and Tracking

We use cookies and similar technologies to:

• Ensure website functionality
• Remember your preferences
• Analyze website usage
• Personalize your experience

Cookie Types:

• Essential Cookies: Required for website operation
• Performance Cookies: Analytics and site improvement
• Functional Cookies: Remember your preferences
• Marketing Cookies: Personalized advertising (requires consent)

You can manage cookie preferences through your browser settings or our cookie consent tool.

12. Children’s Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.

13. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. Please review their privacy policies before providing personal information.

14. Marketing Communications

With your consent, we may send:

• Promotional emails about our services
• Newsletter and productivity tips
• Event announcements
• Special offers

Unsubscribe: You can opt out at any time using the unsubscribe link in our emails or by contacting us.

15. Video and Recording Consent

For online iridology sessions and coaching:

• Sessions may be recorded only with your explicit consent
• Recordings are used solely for your benefit (providing protocols, reference)
• You can request deletion of recordings at any time
• Recordings are stored securely with encryption

16. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you.

17. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with a new “Effective Date.” Significant changes will be communicated via email.

18. Contact Information

19. Supervisory Authority