Privacy Policy Privacy Policy Overview Effective Date: Jun 1, 2024 This Privacy Policy (“Policy”) describes Thrive TRM, LLC’s (hereinafter, “Thrive” or “We”) practices for collecting, using, sharing, and protecting information relating to identifiable people. Thrive TRM LLC commits to cooperate with EU data protection authorities (DPAs), the Information Commissioner’s Office of the UK, and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU, UK, and Switzerland in the context of the employment relationship. Collection and Processing of Your Personal Data Personal data means information that identifies you as an individual or from which you may be identified. Non-personal information means information that does not directly identify you. We collect both types of information about you. The following provides some examples of the type of information that we collect and what we use that information for: CONTEXTTYPES OF DATA, PURPOSE FOR COLLECTION, AND USE OF DATABUSINESS CONTACT INFORMATIONWe collect business contact information, and billing information, from our clients and our potential clients for a legitimate business purpose. We use this information in order to provide products, services, or information about our products and services.CLIENT DATAClients can use the Thrive platform to organize information that relates to candidates or prospective candidates. Information that is uploaded by our clients, or is collected by our clients, is used only by Thrive to provide service to our clients. Our clients control how that information is collected, used, shared, and processed.EMAIL INTERCONNECTIVITYIf you receive email from us, we may use certain tools to capture data related to when you open our message or click on any links or banners it contains. We may also take the information in your emails and add it to our contacts.EMPLOYMENTIf you apply for a Thrive job posting, or become an employee at Thrive, we may collect information necessary to process your application or to further the employment relationship. This may include, among other things, your Social Security Number.FEEDBACK/SUPPORTIf you provide us feedback or contact us we will collect your name and e-mail address, as well as any other content that you send to us, in order to reply.MAILING LISTWhen you sign up for one of our mailing lists we may collect your email address or postal address.MOBILE DEVICESWe collect information from mobile devices such as unique identifying information broadcast from devices when visiting our website.PROFILEWe collect your name and other information in order to allow you to create a profile. To the extent that you engage in discussion groups or forums information relating to your profile (and other information that you insert in those forums) may be viewed by others.SURVEYSWith survey participation, we collect information provided through the survey. If the survey is provided by a third party service provider, the third party’s privacy policy applies to the collection, use, and disclosure of information.WEB LOGSWe collect your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when using the Internet), domain name, click-activity, referring website, and/or a date/time stamp for visits.COOKIES AND FIRST PARTY TRACKINGWe use cookies and clear GIFs. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a website is viewed. We use both session cookies and persistent cookies. Among other things, cookies allow us to provide a more personal and interactive experience and to improve our marketing efforts. Persistent cookies may be removed by following instructions provided by the browser. If cookies are disabled some areas or features of our websites may not work properly. Use of Information In addition to the purposes and uses described above, we may use personal information in the following ways: To identify you when you visit our websites To provide the products and services you request To improve our services and product offerings To conduct analytics To send marketing and promotional materials, including information relating to our products, services, sales, or promotions For internal administrative purposes, as well as to manage our relationship with you To, in an aggregated or anonymized form, generate industry reports about trends such as trends in hiring and compensation When we collect information on our own behalf, as discussed in the sections above, our processing is based in different contexts upon your consent, our need to perform a contract, our obligations under law, and/or our legitimate interest in conducting our business. When we receive information on behalf of our client, our client is responsible for identifying the purpose for which the information was collected. Sharing of Information In addition to the specific situations discussed elsewhere in this policy, we disclose information in the following situations: Affiliates and Acquisitions. Companies affiliated with Thrive may use the information internationally in connection with processing your inquiries, providing services, and improving our products and services. In limited situations we may also share Business Contact Information that we collect with one of our affiliated companies so that they can provide you with information concerning the products or services that they provide. We may also share your information if another company acquires our company, business, or our assets. Clients. With regard to Client Data, Thrive’s clients determine what (if any) additional third parties may receive such information. Other Disclosures with Your Consent. We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this policy. Other Disclosures without Your Consent. We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with a request. Public. We may provide the opportunity to post comments, or reviews, in a public, or semi-public, forum. If you decide to submit information on these pages, that information may be publically available. Service Providers. Thrive may provide personal data to third parties that act as agents, consultants or contractors to perform tasks on behalf of and under Thrive’s instructions. Such recipients must agree to abide by confidentiality obligations and are not permitted to use your personal data except for the limited purpose that we request. Thrive is potentially liable for onward transfers to service providers when it transmits personal data of EU, UK or Swiss individuals received pursuant to EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). Third Party Tracking Companies. We may share your information with our advertising and analytics partners. These third parties may also collect information directly from you as described in this Privacy Policy over time and across different websites. The privacy policy of these third-party companies applies to their collection, use and disclosure of your information. For example, one of our current marketing partners is HubSpot, which collects and stores information from you such as email address, first name, last name and phone number. Another example is Google Analytics which collects information anonymously and reports website trends without identifying individual visitors. Retention of Information In the context of personal information that is part of Client Data, our Client determines how long information is kept unless we are required by law to keep such information for a longer period of time. In the context of personal information that we collect directly from individuals (i.e., other than Client Data), we retain that information for the period necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law, or an individual requests that we delete information about them. Protecting Information Thrive uses industry-standard security technologies and procedures to ensure data security and integrity for personal data. Thrive also uses reasonable organizational, technical and administrative measures to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information (under its control) about users of its online client services. Unfortunately, data transmission over the Internet cannot be guaranteed as 100% secure. Therefore, while Thrive strives to protect your personal data, Thrive cannot guarantee the security of personal information. If Thrive is required to notify you about a situation involving your data, Thrive may do so by email, telephone, or mail. Your Choices You can make the following choices regarding your personal information: Access, Correction, and/or Deletion Of Your Personal Information. You may request to access, correct, or delete the personal information that Thrive has collected about you by writing to the contact listed below under the section titled “Contact Information” or by submitting a request related to GDPR here and CCPA here. Note that in some situations – such as when your personal information is part of Client Data – we may forward your request to the entity that is legally responsible for responding to such a request. For example, if a client inserted your information into our platform for their use we may forward your request to that company. We will then await instruction from that company on whether your personal information should be shared, changed, or deleted. Ability to object to processing. You may object to our continued processing of your personal data. If we receive an objection, we will evaluate whether we are required by law to discontinue such processing. California Residents. California residents may be entitled to ask us for a notice describing what categories of personal information (if any) we share with third parties or affiliates for direct marketing. If you are a California resident and would like a copy of such notice, please submit a written request to us using the information in the “Contact Information” section below. Online Tracking. We do not currently recognize automated browser signals regarding tracking mechanisms, which may include “Do Not Track” instructions. Promotional Emails. You may choose to provide us with your email address for the purpose of allowing us to send, using automated means, free newsletters, surveys, offers, and other promotional materials to you, as well as targeted offers from third parties. We may also send you such communications if you are an existing client, and the communication relates to the types of products or services that you already receive from us. In either case you can stop receiving promotional emails by following the unsubscribe instructions in e-mails that you receive or contacting us using the information below. If you decide not to receive promotional emails, we may still send you service-related communications. Opt-Out / Revocation of Consent. If we rely on your consent to process personal information you may revoke that consent by writing to the contact listed below under the section titled “Contact Information” or by submitting a request related to GDPR here and CCPA here. Note that in some situations we may no longer be able to provide you services if you revoke your consent; we may also limit or deny your request to revoke consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity. Different Purposes. If we use your information for a materially different purpose then it was collected, we will offer you the ability to either opt-in or opt-out of such a use, as required by law. Please visit our GDPR FAQs and CCPA FAQs for more details. How do I change my cookie settings? Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org. Find out how to manage cookies on popular browsers: Google Chrome Microsoft Edge Mozilla Firefox Microsoft Internet Explorer Opera Apple Safari To find information relating to other browsers, visit the browser developer’s website. To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout. We are planning to enhance our cookie tool to allow users to more easily change their cookie settings after their initial choice. Transmitting Information to Other Countries Personal information may be processed in a country where you do not reside that has privacy laws that may be less stringent than the laws in your country. Where possible we take steps to treat personal information using the same privacy principles that apply pursuant to the law of the country in which we first received your information. By submitting your personal information to us you agree to the transfer, storage and processing of your information in a country other than your country of residence including, but not necessarily limited to, the United States. ThriveTRM complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. ThriveTRM] has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. ThriveTRM has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, ThriveTRM commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to Privacy Trust, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.privacytrust.com/drs/thrivetrm for more information or to file a complaint. The services of PrivacyTrust are provided at no cost to you. Thrive’s compliance with its DPF obligations is subject to investigation and enforcement by the U.S. Federal Trade Commission. Thrive & GDPR Thrive complies with the EU-U.S DPF, the the UK Extension to the EU-US DPF and the Swiss-U.S. DPF which were designed by the US Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union, United Kingdom, and Switzerland to the United States in support of transatlantic commerce and with REGULATION (EU) 2021/914 of 4 June 2021 of the European Parliament and of the council (GDPR). Thrive has certified that it adheres to the Data Privacy Framework. To learn more about Data Privacy Framework please visit www.dataprivacyframework.gov and to view our certification, please visit www.dataprivacyframework.gov/. Thrive TRM would like to inform its users about (see Privacy Policy FAQs): The possibility, under certain conditions, for the individual to invoke binding arbitration. For more information, visit Thrive GDPR Frequently Asked Questions (FAQ). Thrive & CCPA Like with GDPR, Thrive is compliant with CCPA Regulations for California residents. For more information, on how to exercise your rights as a California resident and for more information, please visit Thrive CCPA Frequently Asked Questions (FAQ). Cookies and similar technologies With respect to your use of an Internet browser to interact with thrivetrm.com you should be aware that like many businesses with websites and cloud services, we may also use “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. You can control our use of cookies with respect to your device by changing options in the Internet browser you use. We will display notices to you about cookies and prompt you to accept or reject a cookie from us. If you do not accept cookies, however, you may not be able to use all portions or features of thrivetrm.com. For more information about our use of cookies, please visit Thrive Cookies Policy. Data retention If you create a User Account to use services associated with thrivetrm.com, we will retain your personal information while the User Account you’ve created remains active. We will also retain your information for as long as we have a legitimate business purpose to do so, and thereafter, for no longer than is required or permitted by law. This includes data you or others have provided to us, as well as data generated or inferred from your use of thrivetrm.com. thrivetrm.com Privacy Policy Updates Our privacy policy may be updated from time to time, and we will notify you of any material changes by posting the new policy at thrivetrm.com and revising the Effective Date at the top of that policy. Other disclosures Thrive may disclose personal information to third parties under the following circumstances: When explicitly requested by you As otherwise set out in this Contact Us Privacy Policy We may also disclose your personal information to law enforcement, regulatory and other government agencies, and to professional bodies and other third parties as required by and/or in accordance with applicable laws or regulations. This includes disclosures outside the country where you are located. Finally, we will disclose personal information if required in urgent circumstances, to protect the personal safety of individuals or the general public, or to maintain the uptime or stability of Contact Us. Contact Information If you have any questions or concerns related to this Privacy Policy, please contact THRIVE at: Thrive TRM LLC56 N Haddon AvenueHaddonfield, New Jersey 08033ATTN: Privacy Officercontactus@thrivetrm.com