PRIVACY POLICY

Thrive Wellness Systems

Last Updated: December 2, 2025

1. INTRODUCTION

Thrive Wellness Systems (“we,” “us,” “our,” or “Provider”) respects your privacy and is committed to protecting your personal information.

This Privacy Policy explains:

  • What information we collect
  • How we use that information
  • How we protect your information
  • Your rights regarding your information
  • How to contact us about privacy concerns

By using our website, engaging our services, or providing us with your information, you consent to the practices described in this Privacy Policy.

If you do not agree with this Privacy Policy, please do not use our website or services.

2. WHO WE ARE

Business Name: Thrive Wellness Systems

Business Type: Sole proprietorship providing website design, development, and maintenance services

Location: Melbourne, Victoria, Australia

Contact Email: janelle@ThriveWellnessSystems.com

Website: www.ThriveWellnessSystems.com

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

We collect information you voluntarily provide when you:

Request an assessment:

  • Name
  • Business name
  • Email address
  • Phone number (optional)
  • Website URL
  • Business type and details
  • Information about your current systems and challenges

Engage our services:

  • All of the above, plus:
  • Billing address
  • Payment information (processed securely through Stripe or PayPal)
  • Business information and requirements
  • Content, images, and materials for your website project

Communicate with us:

  • Email correspondence
  • Information shared during calls or meetings
  • Feedback and questions

Subscribe to updates:

  • Email address
  • Name (optional)
  • Communication preferences

3.2 Information We Collect Automatically

When you visit our website, we may automatically collect:

Technical Information:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent
  • Referring website
  • General geographic location (city/country level, not precise)

Cookies and Similar Technologies: We may use cookies and similar tracking technologies. See Section 9 for details.

3.3 Information From Third Parties

We may receive information from:

Payment Processors:

  • Transaction confirmation
  • Payment status
  • Limited payment method information (last 4 digits, expiration)

Hosting Providers (for client sites we manage):

  • Website performance metrics
  • Uptime and error logs
  • Security incident reports

Third-Party Tools (with your permission):

  • Analytics platforms
  • Project management tools
  • Communication platforms

3.4 Information We Do NOT Collect

We do NOT:

  • Collect sensitive personal information (health data, financial account details, government IDs) unless absolutely necessary for specific services
  • Sell or rent your personal information to third parties
  • Use your information for purposes unrelated to our services
  • Collect information from children under 18

4. HOW WE USE YOUR INFORMATION

4.1 Primary Purposes

We use your information to:

Provide Services:

  • Deliver website design, development, and maintenance services
  • Communicate about projects and support requests
  • Process payments
  • Provide technical support
  • Send project updates and maintenance reports

Business Operations:

  • Manage client relationships
  • Maintain records
  • Comply with legal obligations
  • Resolve disputes
  • Enforce our terms and conditions

Improve Services:

  • Understand how our website is used
  • Improve our services and processes
  • Develop new features or offerings
  • Analyze trends and performance

Marketing (with consent):

  • Send information about our services (you can opt out)
  • Share relevant updates or resources
  • Request testimonials or case study participation

4.2 Legal Basis for Processing (for EU/UK visitors)

We process your information based on:

  • Contract performance: To provide services you’ve requested
  • Legitimate interests: To improve our services and communicate with clients
  • Consent: For marketing communications (you can withdraw anytime)
  • Legal obligations: To comply with applicable laws

5. HOW WE SHARE YOUR INFORMATION

5.1 We DO Share Information With:

Service Providers: We share information with trusted third parties who help us operate our business:

  • Payment processors (Stripe, PayPal) – to process payments
  • Hosting providers (for our website and client sites we manage) – to provide services
  • Cloud storage (Google Drive) – to store files securely
  • Email service (Gmail) – to communicate
  • Time tracking (Toggl) – to track project time

These providers are contractually obligated to protect your information and only use it for specified purposes.

Legal Requirements: We may disclose information if required by:

  • Court order or subpoena
  • Law enforcement request
  • Legal process or government regulation
  • Protection of our rights, property, or safety
  • Investigation of fraud or security issues

Business Transfers: If we sell or transfer our business, client information may be transferred to the buyer (with notice to you).

With Your Consent: We may share information with other parties when you’ve given explicit permission (e.g., sharing portfolio work, testimonials).

5.2 We Do NOT Share Information With:

❌ Advertisers or marketing companies
❌ Data brokers
❌ Social media platforms (unless you’ve requested social integration)
❌ Anyone else for purposes unrelated to providing our services

We do NOT sell or rent your personal information. Period.

6. INFORMATION SECURITY

6.1 Security Measures

We take reasonable precautions to protect your information:

Technical Measures:

  • Secure password management tools (1Password, LastPass, etc.)
  • Encrypted communications where appropriate (HTTPS, secure email)
  • Secure file storage with access controls
  • Regular security updates to our systems
  • Limited access (only Provider has access to client information)

Organizational Measures:

  • Access only for legitimate business purposes
  • Confidentiality obligations
  • Secure disposal of information when no longer needed
  • Regular review of security practices

6.2 Security Limitations

However, we cannot guarantee absolute security.

Risks include:

  • No internet transmission is 100% secure
  • Email is not a secure communication method
  • Client devices or networks may be compromised

You are responsible for:

  • Using strong, unique passwords
  • Keeping your login credentials confidential
  • Securing your own devices and networks
  • Notifying us promptly of any security concerns

6.3 Data Breach Notification

If we become aware of a data breach that may affect you:

  • We’ll notify you within 72 hours of discovery (where legally required)
  • We’ll explain what information was affected
  • We’ll describe steps we’re taking to address the breach
  • We’ll recommend actions you should take

7. DATA RETENTION

7.1 How Long We Keep Information

Active Clients:

  • Information retained for duration of relationship
  • Plus retention period as described below

After Project Completion:

  • Project files and communications: 2 years
  • Financial records (invoices, payments): 7 years (tax law requirement)
  • Backups: 30 days after project/maintenance ends
  • Assessment requests (if not converted): 1 year

After Maintenance Cancellation:

  • Client files and backups: 30 days
  • Financial records: 7 years
  • Communication history: 2 years

7.2 Exceptions

We may retain information longer if:

  • Required by law
  • Necessary to resolve disputes
  • Needed to enforce our agreements
  • With your consent

7.3 Secure Deletion

When retention period expires, we:

  • Securely delete digital files
  • Remove from backup systems
  • Anonymize data if used for analytics
  • Ensure third-party providers also delete data

8. YOUR RIGHTS & CHOICES

8.1 Access & Correction

You have the right to:

  • Request a copy of the personal information we hold about you
  • Request correction of inaccurate information
  • Ask what information we collect and how we use it

How to exercise: Email [Your Email] with subject “Privacy Request – Access”

Response time: Within 30 days

8.2 Deletion (“Right to be Forgotten”)

You may request deletion of your information if:

  • No longer necessary for purposes collected
  • You withdraw consent (where consent was basis)
  • You object to processing
  • Information was unlawfully processed

Limitations: We may retain information if required by law or necessary for legal claims.

How to exercise: Email [Your Email] with subject “Privacy Request – Deletion”

8.3 Data Portability

You may request:

  • Copy of your information in structured, commonly used format
  • Transfer of your information to another service provider (where technically feasible)

How to exercise: Email janelle@ThriveWellnessSystems.com with subject “Privacy Request – Portability”

8.4 Marketing Opt-Out

You can opt out of marketing communications:

  • Click “unsubscribe” in any marketing email
  • Email janelle@ThriveWellnessSystems.com with subject “Unsubscribe”
  • We’ll honor requests within 10 business days

Note: You’ll still receive transactional emails (project updates, invoices, maintenance reports) as these are essential to our services.

8.5 Cookie Management

You can control cookies through:

  • Browser settings (block all cookies or specific types)
  • Opt-out tools (see Section 9)

Note: Blocking essential cookies may affect website functionality.

8.6 Objection to Processing

You may object to processing of your information for:

  • Direct marketing (anytime, no reason needed)
  • Legitimate interests (if you have compelling grounds)

How to exercise: Email [Your Email] with subject “Privacy Request – Objection”

8.7 Australian Privacy Principles (APP) Rights

For Australian residents, you have additional rights under APP:

  • Right to complain to Office of the Australian Information Commissioner (OAIC)
  • Right to access and correction as described above
  • Right to anonymity or pseudonym (where practicable)

OAIC Contact:
 Website: www.oaic.gov.au
Phone: 1300 363 992

8.8 GDPR Rights (for EU/UK visitors)

If you’re in the EU/UK, you have additional rights:

  • Right to restriction of processing
  • Right to data portability
  • Right not to be subject to automated decision-making
  • Right to lodge complaint with supervisory authority

Note: As we’re based in Australia, GDPR may not fully apply, but we respect these rights where possible.

8.9 No Charge for Requests

Privacy requests are free of charge.

Exception: We may charge reasonable fee for:

  • Manifestly unfounded or excessive requests
  • Additional copies beyond the first
  • Extensive retrieval or compilation time

We’ll inform you of any fees before processing request.

9. COOKIES & TRACKING TECHNOLOGIES

9.1 What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help websites remember information about your visit.

9.2 Types of Cookies We Use

Essential Cookies (Required):

  • Enable basic website functionality
  • Remember your session
  • Security features
  • Cannot be disabled without breaking site

Functional Cookies (Optional):

  • Remember your preferences
  • Improve user experience
  • Can be disabled

Analytics Cookies (Optional):

  • Understand how website is used
  • Improve our services
  • Track traffic sources
  • Can be disabled

We do NOT use: ❌ Advertising cookies
❌ Social media tracking cookies
❌ Third-party marketing cookies

9.3 Third-Party Cookies

We may use:

  • Google Analytics (if implemented) – to understand website usage
    • You can opt out: tools.google.com/dlpage/gaoptout

9.4 Managing Cookies

To control cookies:

  • Browser settings: Most browsers let you block or delete cookies
  • Opt-out tools: Browser extensions like Privacy Badger
  • Do Not Track: We honor Do Not Track signals where possible

Note: Disabling essential cookies may prevent website features from working.

9.5 Cookie Duration

  • Session cookies: Deleted when you close browser
  • Persistent cookies: Remain for specified period (typically 1-12 months)

10. INTERNATIONAL DATA TRANSFERS

10.1 Where Data is Stored

Primary storage location: Australia

Third-party service locations:

  • Some service providers may store data in US, EU, or other countries
  • We use providers with appropriate safeguards

10.2 Transfers Outside Australia

If you’re in Australia and your data is transferred outside Australia:

  • We ensure recipients have adequate data protection
  • We use standard contractual clauses or similar protections
  • You consent to these transfers by using our services

10.3 For EU/UK Visitors

Data transfers from EU/UK to Australia:

  • Australia is not covered by EU adequacy decision
  • We use appropriate safeguards (standard contractual clauses)
  • You have rights to information about safeguards used

11. CHILDREN’S PRIVACY

We do not knowingly collect information from children under 18.

Our services are for businesses and adult professionals.

If we discover we’ve collected information from a child:

  • We’ll delete it immediately
  • We’ll notify parents/guardians if contact information is available

If you believe we have information from a child: Email [Your Email] immediately with subject “Child Privacy Concern”

12. LINKS TO OTHER WEBSITES

Our website may contain links to third-party websites (resources, tools, services we recommend).

Important:

  • We’re not responsible for their privacy practices
  • This Privacy Policy only applies to our website and services
  • Review their privacy policies before providing information
  • Links don’t constitute endorsement

13. CHANGES TO THIS PRIVACY POLICY

13.1 Updates

We may update this Privacy Policy periodically to:

  • Reflect changes in our practices
  • Comply with new legal requirements
  • Improve clarity or transparency

13.2 Notification

For material changes:

  • We’ll update the “Last Updated” date
  • We’ll notify active clients via email
  • We’ll post notice on our website
  • We’ll allow 30 days to review before changes take effect

13.3 Continued Use

Continued use of our services after changes take effect constitutes acceptance of updated policy.

If you don’t accept changes:

  • You may terminate services (see our Terms & Conditions)
  • Contact us to discuss concerns

14. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you’re a California resident, you have additional rights:

14.1 Right to Know

Request details about:

  • Categories of personal information collected
  • Sources of information
  • Business purposes for collection
  • Categories of third parties we share with
  • Specific pieces of information we hold

14.2 Right to Delete

Request deletion of personal information (subject to exceptions).

14.3 Right to Opt-Out

We do NOT sell personal information.

You don’t need to opt out because we don’t sell data.

14.4 Right to Non-Discrimination

We won’t discriminate against you for exercising your privacy rights.

14.5 Exercising CCPA Rights

Email [Your Email] with subject “CCPA Request – [Access/Delete]”

We’ll respond within 45 days (may extend to 90 days for complex requests with notice).

14.6 Authorized Agents

You may designate authorized agent to make requests on your behalf:

  • Provide written authorization
  • We may verify your identity directly

15. CONTACT US ABOUT PRIVACY

15.1 Privacy Questions or Concerns

Email: [Your Email]
Subject Line: Privacy Inquiry
Response Time: Within 7 business days

15.2 Privacy Requests

Email: [Your Email]
Subject Line: Privacy Request – [Type: Access/Delete/Portability/etc.]

Include in your request:

  • Your name and email
  • Specific request (access, deletion, correction, etc.)
  • Information needed to verify your identity
  • Preferred format for response (if applicable)

We’ll respond within 30 days (may extend with notice if complex).

15.3 Complaints

If you believe we’ve mishandled your information:

  1. Contact us first: Email [Your Email] with subject “Privacy Complaint”
  2. We’ll investigate: Within 30 days, we’ll respond with findings and resolution
  3. If not satisfied: You may complain to relevant authority:

Australian residents:
 Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au

EU/UK residents:
 Your national data protection authority

California residents:
 California Attorney General
Website: oag.ca.gov/privacy

16. BUSINESS INFORMATION

Business Name: Thrive Wellness Systems

Business Structure: Sole proprietorship

Owner: Janelle Baird

Contact Email:janelle@ThriveWellnessSystems.com

Website: www.ThriveWellnessSystems.com

Business Hours: Monday-Friday, 10:00am-1:00pm AEST

17. ACKNOWLEDGMENT & CONSENT

By using our website or services, you acknowledge that:

  • You have read and understood this Privacy Policy
  • You consent to collection, use, and disclosure of your information as described
  • You understand your rights and how to exercise them
  • You agree to our handling of your information

If you do not consent, please do not use our website or services.

This Privacy Policy was last updated on December 2, 2025 and is effective immediately for all information collected on or after this date.