Employees and Children of Employees Privacy Policy

Last updated: 16/12/25

Thrive Learning Limited is committed to protecting the privacy of everyone who works with us. This Employee Privacy Policy explains how we collect, use and protect personal data in the context of employment, recruitment, contracting and related HR activities. It has been written in clear and simple language so you can understand exactly what we do and why.

Thrive Learning Limited is incorporated in England under company number 10988277. Our registered office is 27 Market Place, Bingham, Nottingham, NG13 8JY. You can contact us at privacy@thrivelearning.com.

1. Who this policy applies to

This policy applies to personal data that we process as a controller in relation to:

  • Employees
  • Job applicants and candidates
  • Contractors and temporary workers
  • Former employees
  • Children of employees (for benefits administration)
  • Next of kin and emergency contacts
  • Individuals involved in recruitment processes

This policy does not apply to data processed by Thrive as part of our platform services. For that, please refer to the Thrive Platform Privacy Policy.

2. How we use employee personal data

We process personal data to support you throughout your relationship with Thrive. This includes:

2.1 Employment administration

We process information needed to:

  • Manage your contract of employment
  • Maintain HR and personnel records
  • Manage working hours, leave, attendance and absences
  • Support performance reviews, objectives and progression
  • Arrange training and development
  • Administer payroll, pensions and benefits
  • Manage expenses and reimbursements

The legal basis for this is the performance of your employment contract and our legal obligations as an employer.

2.2 Recruitment

For candidates and applicants, we process data to:

  • Assess suitability for roles
  • Contact you about applications
  • Arrange interviews and assessments
  • Complete pre-employment checks where relevant

The legal basis is our legitimate interest in recruiting people and taking steps at your request before entering a contract.

2.3 Children of employees

We process data about children of employees only where it is needed to administer benefits. This may include:

  • Names and dates of birth
  • Contact details
  • Health information relevant to the benefit

This processing is based on your consent. You can withdraw consent at any time by contacting privacy@thrivelearning.com.

2.4 Emergency contacts and next of kin

We process next of kin information so we can contact someone on your behalf in the event of an incident or emergency. This is based on our legitimate interest in supporting employee welfare. We keep this information until your employment ends.

2.5 Legal and regulatory compliance

We process data where needed to:

  • Meet tax, employment, accounting and reporting requirements
  • Comply with health and safety obligations
  • Maintain records required by law
  • Respond to legal claims

This processing is based on our legal obligations.

2.6 Security, IT and systems monitoring

To protect our systems, data and employees, we may process:

  • Audit logs
  • Access records
  • Device, browser or network information
  • Security related events
  • Use of email and collaboration tools

This is based on our legitimate interest in maintaining security and ensuring the safe and effective operation of our systems.

We do not monitor employees for productivity purposes. Any monitoring is solely for security, compliance or troubleshooting.

2.7 Use of AI and automation tools

Thrive may use approved AI tools to support internal operations, such as:

  • Knowledge search
  • Automated workflows
  • Drafting and summarisation tools
  • Skills development tools

AI systems are used in a way that does not replace human decision making for employment matters. We do not use AI to make automated decisions that have legal or significant effects on employees.

This processing is based on our legitimate interest in maintaining efficient internal operations and delivering modern, innovative tools to support our teams.

3. Information we collect

We may collect the following categories of personal data depending on your relationship with Thrive:

  • Identification details such as name, date of birth and contact information
  • Employment records such as role, department, performance information and training history
  • Payroll and financial information such as bank details and salary
  • Benefits information including dependants or children
  • Right to work documents
  • Recruitment information such as CVs, interview notes and assessments
  • Next of kin and emergency contact details
  • Security and system access information
  • Health and safety information where required by law
  • Records of absence, leave and working patterns

We will only collect special category data, such as health information, when required and in accordance with the law.

4. How long we keep personal data

We retain personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting and reporting requirements. Retention periods are set out in our Personal Information Processing Register.

Examples include:

  • Employee records retained in line with HMRC and employment law requirements
  • Next of kin records kept until your employment ends
  • Children of employees data kept only for the duration needed to administer benefits
  • Recruitment data typically retained for up to 12 months unless you ask us to keep it longer

5. Sharing personal data

We may share employee personal data with third parties where necessary to:

  • Provide payroll, benefits and HR services
  • Deliver training and professional development
  • Manage workplace systems and IT infrastructure
  • Comply with legal or regulatory obligations

We only share what is needed and require all partners to protect your data.

We may also disclose information when required by law, for example to HMRC or regulatory bodies.

6. International transfers

Some of our service providers operate outside the UK or EEA. When we transfer data internationally, we ensure appropriate safeguards are in place such as standard contractual clauses or assessments of adequate protection.

7. Security

We take reasonable technical and organisational steps to keep personal data secure. This includes:

  • Secure hosting and access controls
  • Encryption where appropriate
  • Regular monitoring and security assessments
  • Restricting access to authorised personnel

8. Your rights

You have the following rights in relation to your personal data:

  • The right to access your data
  • The right to request correction of inaccurate or incomplete information
  • The right to request deletion in certain circumstances
  • The right to restrict or object to processing
  • The right to request your data in a structured, machine readable format
  • The right to withdraw consent where processing is based on consent

You can exercise these rights by contacting us at privacy@thrivelearning.com.

If you are unhappy with how we have handled your data, you have the right to raise a concern with the Information Commissioner’s Office.

9. Contact us

privacy@thrivelearning.com
Thrive Learning Limited, 27 Market Place, Bingham, Nottingham, NG13 8JY