ThriveDuty Terms of Use
Last Updated: 11 November 2025
Welcome to ThriveDuty
These Terms of Use govern your access to and use of ThriveDuty's psychosocial hazard training courses, Mental Protection Officer (MPO) Certification, consulting services, and all related materials. By accessing or using our services, you agree to these terms.
1. Services & Scope
What Our Services Provide
• Training Courses: Education about psychosocial hazards, workplace rights, and best practices for managing psychological health and safety at work across multiple jurisdictions.
• MPO Certification: Specialized training to designate internal compliance guardians for psychosocial risk management.
• Consulting Services: Expert-led implementation support, risk assessments, policy development, and ongoing advisory services.
• Digital Resources: Templates, guides, tools, and materials to support implementation and compliance efforts.
• MPO Certification: Specialized training to designate internal compliance guardians for psychosocial risk management.
• Consulting Services: Expert-led implementation support, risk assessments, policy development, and ongoing advisory services.
• Digital Resources: Templates, guides, tools, and materials to support implementation and compliance efforts.
What Our Services Do NOT Provide
• Legal advice or legal representation.
• Guarantees of workplace compliance with any specific legislation.
• Protection from legal liability.
• Workplace investigations or assessments (except as specifically contracted through consulting services).
• Mental health treatment or therapy.
• Employment advice or advocacy.
• Medical or clinical diagnoses.
• Psychological counselling or crisis intervention services.
• Guarantees of workplace compliance with any specific legislation.
• Protection from legal liability.
• Workplace investigations or assessments (except as specifically contracted through consulting services).
• Mental health treatment or therapy.
• Employment advice or advocacy.
• Medical or clinical diagnoses.
• Psychological counselling or crisis intervention services.
Important Understanding
Completing our training, certification, or consulting services does not:
• Guarantee legal compliance for your organization.
• Create legal protections in workplace disputes.
• Substitute for legal or professional advice specific to your situation.
• Prevent workplace incidents or claims.
• Establish any duty of care from ThriveDuty to you or your organization.
• Create an attorney-client relationship.
• Replace obligations to consult with qualified health and safety professionals, legal counsel, or regulatory bodies.
Global Protections: Complies with Cyprus Consumer Rights Law 133(I)/2013, Australian ACL guarantees, CCPA/CPRA (no data sales; opt-out via rights request to contact@thriveduty.com), and PIPEDA access. These Terms do not limit mandatory rights.
Our Services align with ISO 45003 guidelines for managing psychosocial risks, providing evidence-based training on hazard identification, assessment, and mitigation which have been internally audited.
• Guarantee legal compliance for your organization.
• Create legal protections in workplace disputes.
• Substitute for legal or professional advice specific to your situation.
• Prevent workplace incidents or claims.
• Establish any duty of care from ThriveDuty to you or your organization.
• Create an attorney-client relationship.
• Replace obligations to consult with qualified health and safety professionals, legal counsel, or regulatory bodies.
Global Protections: Complies with Cyprus Consumer Rights Law 133(I)/2013, Australian ACL guarantees, CCPA/CPRA (no data sales; opt-out via rights request to contact@thriveduty.com), and PIPEDA access. These Terms do not limit mandatory rights.
Our Services align with ISO 45003 guidelines for managing psychosocial risks, providing evidence-based training on hazard identification, assessment, and mitigation which have been internally audited.
2. Your Responsibilities
As a User, You Are Responsible For:
• Application of Content: How you apply training content in your workplace, ensuring appropriateness for your specific circumstances.
• Jurisdictional Compliance: Ensuring training is appropriate for your jurisdiction and complies with applicable local, state/provincial, and federal laws and regulations.
• Professional Advice: Seeking professional advice for your specific situation when needed.
• Legal Compliance: Compliance with all applicable workplace health and safety laws and regulations.
• Implementation Decisions: Any decisions or actions based on training content.
• Currency Verification: Verifying that information remains current and applicable for your jurisdiction.
• Proper Use: Using materials only for their intended educational and implementation purposes.
• Accuracy of Information: Providing accurate information during consulting engagements.
• Application of Content: How you apply training content in your workplace, ensuring appropriateness for your specific circumstances.
• Jurisdictional Compliance: Ensuring training is appropriate for your jurisdiction and complies with applicable local, state/provincial, and federal laws and regulations.
• Professional Advice: Seeking professional advice for your specific situation when needed.
• Legal Compliance: Compliance with all applicable workplace health and safety laws and regulations.
• Implementation Decisions: Any decisions or actions based on training content.
• Currency Verification: Verifying that information remains current and applicable for your jurisdiction.
• Proper Use: Using materials only for their intended educational and implementation purposes.
• Accuracy of Information: Providing accurate information during consulting engagements.
As an Employer or Organization, You Are Responsible For:
• Independent Assessment: Conducting your own risk assessments appropriate to your workplace.
• Policy Development: Developing and implementing policies and procedures appropriate for your organization.
• Legal Duties: Meeting all legal duties of care to workers under applicable legislation.
• Expert Consultation: Consulting with legal, HR, and health and safety professionals as needed.
• Monitoring: Establishing appropriate monitoring and review systems.
• Investigation: Conducting proper workplace investigations when required.
• Licensing Compliance: Ensuring appropriate licensing for multi-user access.
• Independent Assessment: Conducting your own risk assessments appropriate to your workplace.
• Policy Development: Developing and implementing policies and procedures appropriate for your organization.
• Legal Duties: Meeting all legal duties of care to workers under applicable legislation.
• Expert Consultation: Consulting with legal, HR, and health and safety professionals as needed.
• Monitoring: Establishing appropriate monitoring and review systems.
• Investigation: Conducting proper workplace investigations when required.
• Licensing Compliance: Ensuring appropriate licensing for multi-user access.
Indemnification
You agree to indemnify, defend, and hold harmless ThriveDuty, its affiliates, officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, and expenses (including reasonable legal fees) arising out of or relating to: (i) your use of the Services; (ii) your violation of these Terms; (iii) your misuse of training content or deliverables in your workplace; or (iv) any third-party claims related to your implementation decisions. This does not waive mandatory consumer rights under GDPR, EU Directive 93/13/EEC, or local laws (e.g., fraud, personal injury). Your indemnification obligations under this Section are capped at the total fees paid to us in the 12 months preceding the claim, excluding any mandatory rights under applicable consumer laws.
3. Licensing & Access
Individual Licenses
• Individual licenses grant access to one person only.
• Accounts are non-transferable.
• Sharing login credentials is prohibited.
• Accounts are non-transferable.
• Sharing login credentials is prohibited.
Organizational/Bulk Licenses
• Organizational licenses permit access for the purchased number of seats only.
• Each user must have their own individual access credentials.
• Organizations are responsible for managing user access and ensuring compliance with seat limits.
• Exceeding purchased seats without authorization constitutes a breach of these terms.
• Each user must have their own individual access credentials.
• Organizations are responsible for managing user access and ensuring compliance with seat limits.
• Exceeding purchased seats without authorization constitutes a breach of these terms.
MPO Certification
• MPO Certification is granted to individuals who successfully complete the program.
• Certification is valid for the individual and is non-transferable.
• Certification may require periodic renewal or continuing education (as specified).
• Organizations employing certified MPOs are responsible for ensuring MPOs have appropriate authority and resources.
• Certification is valid for the individual and is non-transferable.
• Certification may require periodic renewal or continuing education (as specified).
• Organizations employing certified MPOs are responsible for ensuring MPOs have appropriate authority and resources.
Access Duration
• Access to purchased courses is provided for up to 90 days.
• ThriveDuty reserves the right to modify access periods with reasonable notice.
• Continued access may require subscription renewal or repurchase.
• ThriveDuty reserves the right to modify access periods with reasonable notice.
• Continued access may require subscription renewal or repurchase.
4. Intellectual Property
Ownership
All content, materials, courses, templates, guides, tools, and resources provided by ThriveDuty are protected by copyright, trademark, and other intellectual property laws. ThriveDuty retains all ownership rights.
Your License to Use Materials
You are granted a limited, non-exclusive, non-transferable license to:
• Access and complete purchased training courses.
• Download and use provided templates and resources for internal organizational use only.
• Use MPO certification credentials as specified in certification materials.
• Use consulting deliverables within your organization.
• Access and complete purchased training courses.
• Download and use provided templates and resources for internal organizational use only.
• Use MPO certification credentials as specified in certification materials.
• Use consulting deliverables within your organization.
Restrictions
You may NOT:
• Reproduce, distribute, or sell ThriveDuty materials.
• Create derivative training programs based on ThriveDuty content.
• Remove copyright notices or attributions.
• Share access credentials with unauthorized users.
• Use materials to provide training or consulting services to third parties.
• Reverse engineer or extract proprietary methodologies.
• Publicly share or post course content or proprietary materials.
• Reproduce, distribute, or sell ThriveDuty materials.
• Create derivative training programs based on ThriveDuty content.
• Remove copyright notices or attributions.
• Share access credentials with unauthorized users.
• Use materials to provide training or consulting services to third parties.
• Reverse engineer or extract proprietary methodologies.
• Publicly share or post course content or proprietary materials.
Templates & Resources Exception
Downloadable templates and resources may be customized for your internal organizational use. However, you may not redistribute templates as standalone products or claim them as your own creation.
5. Consulting Services Specific Terms
Engagement Terms
• Consulting services are governed by these Terms of Use and any separate consulting agreement.
• Scope, deliverables, timelines, and pricing are confirmed in writing prior to engagement.
• A free discovery call does not create a consulting relationship.
• Scope, deliverables, timelines, and pricing are confirmed in writing prior to engagement.
• A free discovery call does not create a consulting relationship.
Client Responsibilities for Consulting
• Provide accurate and complete information.
• Provide timely access to relevant personnel, documents, and systems.
• Implement recommendations at your own discretion and risk.
• Maintain confidentiality of proprietary methodologies.
• Provide timely access to relevant personnel, documents, and systems.
• Implement recommendations at your own discretion and risk.
• Maintain confidentiality of proprietary methodologies.
Consultant Responsibilities
• Provide services with reasonable skill and care.
• Deliver agreed-upon services within specified timeframes.
• Maintain professional standards aligned with organizational psychology principles.
• Deliver agreed-upon services within specified timeframes.
• Maintain professional standards aligned with organizational psychology principles.
Deliverables
• All deliverables remain subject to ThriveDuty’s intellectual property rights.
• Clients receive a license to use deliverables for internal purposes.
• ThriveDuty may use de-identified learnings for future service improvement.
• Clients receive a license to use deliverables for internal purposes.
• ThriveDuty may use de-identified learnings for future service improvement.
Limitation on Consulting Services
Consulting services provide guidance and recommendations only. ThriveDuty does not:
• Make decisions on behalf of your organization.
• Assume liability for implementation outcomes.
• Guarantee specific results or risk elimination.
• Provide legal, medical, or clinical services.
• Take responsibility for employee actions or organizational culture.
For Consulting Services involving sensitive data, we require you to provide us with written consent.
• Make decisions on behalf of your organization.
• Assume liability for implementation outcomes.
• Guarantee specific results or risk elimination.
• Provide legal, medical, or clinical services.
• Take responsibility for employee actions or organizational culture.
For Consulting Services involving sensitive data, we require you to provide us with written consent.
6. Payment & Refunds
Payment Terms
• Payment is required at the time of purchase unless alternative arrangements are agreed in writing.
• Prices are as stated on the ThriveDuty website or in written quotations.
• Bulk discount pricing applies as specified.
• Consulting services may require deposit or milestone payments.
• Prices are as stated on the ThriveDuty website or in written quotations.
• Bulk discount pricing applies as specified.
• Consulting services may require deposit or milestone payments.
Refund Policy
Training Courses
• Refunds may be available within 14 days of purchase if no course content has been accessed.
• No refunds after course completion or certificate issuance.
• Refunds for technical issues are limited to verified platform failures preventing access; no refunds for user errors, changes in circumstances, or dissatisfaction with content.
• No refunds after course completion or certificate issuance.
• Refunds for technical issues are limited to verified platform failures preventing access; no refunds for user errors, changes in circumstances, or dissatisfaction with content.
MPO Certification
• Refunds available within 14 days of purchase if no course content has been accessed.
• No refunds after assessment attempt.
• No refunds after assessment attempt.
Consulting Services
• Refunds subject to terms in consulting agreement.
• Discovery calls are free with no refund applicable.
• Work completed is non-refundable.
• Discovery calls are free with no refund applicable.
• Work completed is non-refundable.
Currency and Taxes
• All prices are in local currency unless otherwise specified.
• Prices do not include applicable taxes unless stated.
• Customers are responsible for any applicable taxes in their jurisdiction.
Refunds for technical issues require verification (e.g., screenshot submission within 48 hours) by our support team. For AI-assisted Services, we mitigate biases through diverse training data and regular audits per EU AI Act obligations, with no high-risk classifications applied.
• Prices do not include applicable taxes unless stated.
• Customers are responsible for any applicable taxes in their jurisdiction.
Refunds for technical issues require verification (e.g., screenshot submission within 48 hours) by our support team. For AI-assisted Services, we mitigate biases through diverse training data and regular audits per EU AI Act obligations, with no high-risk classifications applied.
7. Disclaimers & Limitations of Liability
Educational Nature
ThriveDuty provides educational training and consulting services. Our services are designed to inform and guide, but do not constitute:
• Legal advice or legal services.
• Workplace investigations.
• Clinical or therapeutic services.
• Guarantees of legal compliance.
• Insurance or indemnification.
• Legal advice or legal services.
• Workplace investigations.
• Clinical or therapeutic services.
• Guarantees of legal compliance.
• Insurance or indemnification.
AI & Content Risks
If Services include AI-generated content, recommendations, or assessments, such outputs may contain inaccuracies, biases, or omissions. ThriveDuty does not endorse or guarantee the suitability of AI outputs for psychological safety decisions. You assume all risks from relying on such outputs, including potential emotional or workplace impacts. Training scenarios are for educational purposes only and may evoke strong reactions; seek professional support if needed.
No Warranty
Services are provided “as is” without warranties of any kind, express or implied, including but not limited to:
• Warranties of merchantability.
• Fitness for a particular purpose.
• Non-infringement.
• Accuracy, reliability, or completeness.
• Uninterrupted or error-free operation.
• Warranties of merchantability.
• Fitness for a particular purpose.
• Non-infringement.
• Accuracy, reliability, or completeness.
• Uninterrupted or error-free operation.
Limitation of Liability
To the maximum extent permitted by law:
• ThriveDuty’s total liability for any claim arising from these terms or use of services shall not exceed the amount paid by you for the specific service giving rise to the claim.
• ThriveDuty is not liable for indirect, incidental, consequential, special, or punitive damages.
• ThriveDuty is not liable for workplace incidents, claims, investigations, fines, or legal proceedings.
• ThriveDuty is not responsible for your implementation decisions or outcomes.
• ThriveDuty’s total liability for any claim arising from these terms or use of services shall not exceed the amount paid by you for the specific service giving rise to the claim.
• ThriveDuty is not liable for indirect, incidental, consequential, special, or punitive damages.
• ThriveDuty is not liable for workplace incidents, claims, investigations, fines, or legal proceedings.
• ThriveDuty is not responsible for your implementation decisions or outcomes.
Jurisdictional Variations
• Training content is designed to align with ISO standards and multiple jurisdictions.
• You are responsible for verifying applicability to your specific jurisdiction.
• ThriveDuty does not guarantee compliance with all local regulatory requirements.
• Legal and regulatory requirements vary and change; you are responsible for staying current.
• You are responsible for verifying applicability to your specific jurisdiction.
• ThriveDuty does not guarantee compliance with all local regulatory requirements.
• Legal and regulatory requirements vary and change; you are responsible for staying current.
Third-Party Reliance
These terms create obligations only between you and ThriveDuty. No third party may rely on ThriveDuty’s services as creating any duty or obligation to them. These limitations do not apply to mandatory consumer liabilities (e.g., death/personal injury, fraud, or EU/Cyprus unfair terms under Directive 93/13/EEC).
8. Privacy & Data Protection
Data Collection
ThriveDuty collects personal information as described in our Privacy Policy, including:
• Account registration information.
• Course progress and completion data.
• Assessment results.
• Payment information.
• Organizational information for consulting engagements.
• Account registration information.
• Course progress and completion data.
• Assessment results.
• Payment information.
• Organizational information for consulting engagements.
Use of Data
Your data is used to:
• Provide and improve services.
• Issue certificates and track completion.
• Process payments.
• Communicate about services.
• Fulfill consulting engagements.
• Provide and improve services.
• Issue certificates and track completion.
• Process payments.
• Communicate about services.
• Fulfill consulting engagements.
Aggregate Data Use
ThriveDuty may use de-identified, aggregated data from user interactions (e.g., course completion trends, assessment results) to improve Services, develop new offerings, or create industry benchmarks. Such data will not identify you or your organization. If Services involve AI, your inputs and interactions may be used to train and fine-tune models, subject to our Privacy Policy.
Data Security
We implement reasonable security measures to protect your information. However, no system is completely secure, and we cannot guarantee absolute security.
Full Privacy Policy
Please review our separate Privacy Policy below for complete information about data handling practices.
9. Certificates & Credentials
Certificate Issuance
• Certificates are issued upon successful course completion as specified.
• MPO Certification is issued upon passing the assessment with 75% or higher.
• Certificates are digital and may be downloaded and printed.
• MPO Certification is issued upon passing the assessment with 75% or higher.
• Certificates are digital and may be downloaded and printed.
Certificate Validity
• Certificates represent completion at the time of issuance.
• Certificate holders are responsible for maintaining current knowledge.
• ThriveDuty may implement renewal requirements with reasonable notice.
• Certificate holders are responsible for maintaining current knowledge.
• ThriveDuty may implement renewal requirements with reasonable notice.
Ownership
ThriveDuty reserves the right to revoke certificates if:
• Access was obtained fraudulently.
• Terms of Use were violated.
• Assessment integrity was compromised.
• Credentials are misrepresented.
• Access was obtained fraudulently.
• Terms of Use were violated.
• Assessment integrity was compromised.
• Credentials are misrepresented.
Use of Credentials
• MPO credential holders may identify themselves as “ThriveDuty Certified Mental Protection Officer.”
• Credentials may not be used to imply endorsement of other products or services.
• Credentials may not be used to suggest regulatory approval or legal authority.
If a certificate is not issued despite 75% completion, you may appeal within 14 days via email, providing evidence. Report violations of Section 11 to contact@thriveduty.com for investigation within 7 days.
• Credentials may not be used to imply endorsement of other products or services.
• Credentials may not be used to suggest regulatory approval or legal authority.
If a certificate is not issued despite 75% completion, you may appeal within 14 days via email, providing evidence. Report violations of Section 11 to contact@thriveduty.com for investigation within 7 days.
10. Modifications to Services & Terms
Right to Modify
ThriveDuty reserves the right to:
• Modify, update, or discontinue services with reasonable notice.
• Update course content to reflect regulatory changes or best practices.
• Revise these Terms of Use at any time.
• Adjust pricing for future purchases.
• Modify, update, or discontinue services with reasonable notice.
• Update course content to reflect regulatory changes or best practices.
• Revise these Terms of Use at any time.
• Adjust pricing for future purchases.
Notice of Changes
• Material changes to these Terms will be communicated via email or platform notice.
• Continued use after changes constitutes acceptance.
• If you disagree with changes, you may discontinue use.
• Continued use after changes constitutes acceptance.
• If you disagree with changes, you may discontinue use.
Course Updates
• Course content may be updated to reflect current legislation and standards.
• Users with active access will receive updated content.
• Previous versions may be archived or removed.
• Users with active access will receive updated content.
• Previous versions may be archived or removed.
11. User Conduct
Acceptable Use
You agree to:
• Provide accurate information.
• Use services for lawful purposes only.
• Maintain confidentiality of account credentials.
• Respect intellectual property rights.
• Engage professionally in consulting relationships.
• Provide accurate information.
• Use services for lawful purposes only.
• Maintain confidentiality of account credentials.
• Respect intellectual property rights.
• Engage professionally in consulting relationships.
Prohibited Activities
You may NOT:
• Share account access with unauthorized users.
• Use automated systems to access content (scraping, bots).
• Attempt to circumvent access controls or copy protections.
• Misrepresent completion or credentials.
• Use services to harass, defame, or harm others.
• Violate any applicable laws or regulations.
• Reverse engineer or extract proprietary content.
• Apply Services to support discrimination, harassment, or illegal activities.
• Share account access with unauthorized users.
• Use automated systems to access content (scraping, bots).
• Attempt to circumvent access controls or copy protections.
• Misrepresent completion or credentials.
• Use services to harass, defame, or harm others.
• Violate any applicable laws or regulations.
• Reverse engineer or extract proprietary content.
• Apply Services to support discrimination, harassment, or illegal activities.
Compliance with Laws
You must comply with all applicable regional laws. ThriveDuty may monitor usage for compliance.
Consequences of Violation
Violations may result in:
• Immediate termination of access.
• Revocation of certificates.
• Legal action to protect ThriveDuty’s rights.
• No refund of fees paid.
• Immediate termination of access.
• Revocation of certificates.
• Legal action to protect ThriveDuty’s rights.
• No refund of fees paid.
12. Termination
Your Right to Terminate
You may terminate your account at any time by contacting ThriveDuty. Termination does not entitle you to a refund except as specified in the refund policy.
ThriveDuty's Right to Terminate
ThriveDuty may terminate or suspend your access immediately if:
• You breach these Terms of Use.
• You engage in fraudulent activity.
• You misuse services or materials.
• Required by law or regulatory authority.
• For business reasons with reasonable notice.
• You breach these Terms of Use.
• You engage in fraudulent activity.
• You misuse services or materials.
• Required by law or regulatory authority.
• For business reasons with reasonable notice.
Effect of Termination
Upon termination:
• Your access to services will cease.
• You must cease all use of ThriveDuty materials.
• Sections of these Terms that by nature should survive will remain in effect.
• No refund will be provided except as specified in the refund policy.
• Outstanding payments remain due.
ThriveDuty provides at least 30 days' notice for non-breach terminations.
• Your access to services will cease.
• You must cease all use of ThriveDuty materials.
• Sections of these Terms that by nature should survive will remain in effect.
• No refund will be provided except as specified in the refund policy.
• Outstanding payments remain due.
ThriveDuty provides at least 30 days' notice for non-breach terminations.
13. Dispute Resolution
Governing Law
These Terms are governed by the laws of the United Kingdom, without regard to conflict of law principles. Any disputes shall be resolved exclusively in the courts of London, United Kingdom.
Dispute Resolution Process
Before initiating formal proceedings, parties agree to:
1. Provide written notice of the dispute.
2. Engage in good faith negotiations for 30 days.
3. Consider mediation if negotiations fail.
1. Provide written notice of the dispute.
2. Engage in good faith negotiations for 30 days.
3. Consider mediation if negotiations fail.
Arbitration
For claims under €10,000, the parties agree to binding arbitration under applicable law, with the seat of arbitration in London, UK, and conducted in English.
Limitation Period
Any claim must be brought within one year of the event giving rise to the claim.
Class Action Waiver
To the extent permitted by law, claims must be brought individually, not as part of a class action or collective proceeding. Upon termination, we delete your data within 30 days, except as required for legal retention.
14. General Provisions
Entire Agreement
These Terms, together with our Privacy Policy and any consulting agreement, constitute the entire agreement between you and ThriveDuty.
Severability
If any provision is found invalid or unenforceable, the remaining provisions continue in full effect.
No Waiver
Failure to enforce any provision does not constitute a waiver of that provision.
Assignment
You may not assign these Terms. ThriveDuty may assign these Terms to a successor entity.
Force Majeure
ThriveDuty is not liable for delays or failures due to circumstances beyond reasonable control.
Independent Contractors
Nothing in these Terms creates an employment, partnership, or agency relationship.
Provisions regarding intellectual property, disclaimers, limitations of liability, and dispute resolution survive termination.
15. Contact Information
For questions about these Terms of Use:
ThriveDuty Email: contact@thriveduty.com
Website: www.thriveduty.com
ThriveDuty Email: contact@thriveduty.com
Website: www.thriveduty.com
Acknowledgment
By accessing or using ThriveDuty services, you acknowledge that you have read, understood, and agree to be bound by these Terms of Use.
For Organizations: By purchasing organizational licenses or consulting services, you represent that you have authority to bind your organization to these terms.
For MPO Certification: By enrolling in MPO Certification, you acknowledge the responsibilities and limitations associated with the credential.
For Consulting Services: By engaging consulting services, you acknowledge that recommendations are guidance only and that implementation decisions and outcomes are your responsibility.
For Organizations: By purchasing organizational licenses or consulting services, you represent that you have authority to bind your organization to these terms.
For MPO Certification: By enrolling in MPO Certification, you acknowledge the responsibilities and limitations associated with the credential.
For Consulting Services: By engaging consulting services, you acknowledge that recommendations are guidance only and that implementation decisions and outcomes are your responsibility.
ThriveDuty Privacy Policy
Last Updated: 11 November 2025
Introduction
ThriveDuty (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our psychosocial hazards training courses, Mental Protection Officer (MPO) Certification, consulting services, digital resources, and related services (collectively, the “Services”) through our website at www.thriveduty.com or associated platforms. By using our Services, you consent to the practices described in this Policy. This does not limit mandatory rights under EU/Cyprus consumer laws.
1. Information We Collect
We collect the following types of information:
Personal Information
• Account Registration: Name, email address, job title, organization name, and contact details provided when creating an account or enrolling in Services.
• Course and Certification Data: Progress, completion status, assessment results, and certification records.• Payment Information: Billing details, credit card information, or other payment data processed through our secure third-party payment providers.
• Consulting Engagements: Organizational details, employee data, or workplace information provided during consulting services (e.g., for risk assessments or policy development).
• Communications: Information you provide when contacting us via email (contact@thriveduty.com), support forms, or discovery calls.
• Account Registration: Name, email address, job title, organization name, and contact details provided when creating an account or enrolling in Services.
• Course and Certification Data: Progress, completion status, assessment results, and certification records.• Payment Information: Billing details, credit card information, or other payment data processed through our secure third-party payment providers.
• Consulting Engagements: Organizational details, employee data, or workplace information provided during consulting services (e.g., for risk assessments or policy development).
• Communications: Information you provide when contacting us via email (contact@thriveduty.com), support forms, or discovery calls.
Non-Personal Information
• Usage Data: IP address, browser type, device information, pages visited, time spent on the platform, and clickstream data collected via cookies or analytics tools.
• Aggregate Data: De-identified data from user interactions (e.g., course completion trends, assessment outcomes) used to improve Services or create industry benchmarks.
We collect only necessary data and ensure accuracy via user verification and reviews.
Data Minimization Principle: We adhere strictly to GDPR Article 5(1)(c) by collecting and retaining only the minimum personal data necessary for our purposes (e.g., name/email for enrollment only; no excess profiling data beyond course recommendations).
Consulting Services may involve processing sensitive personal data (e.g., health-related psychosocial hazard disclosures under GDPR Article 9). We only process such data with your explicit, informed consent, obtained via a separate opt-in form prior to engagement. You may withdraw consent at any time without affecting prior lawful processing.
These Terms comply with and do not limit mandatory rights under Cyprus Consumer Rights Law 133(I)/2013 (e.g., 14-day withdrawal), Australian Consumer Law (guarantees of acceptable quality), California Consumer Privacy Act (CCPA/CPRA rights like opt-out of sales—note: we do not sell data), or Canadian PIPEDA (access/correction). For CCPA, contact us at contact@thriveduty.com with 'CCPA Request' in the subject. We limit collection to essentials, e.g., name/email for enrollment (deleted post-7 years unless disputed); no excess progress data beyond certification.
• Usage Data: IP address, browser type, device information, pages visited, time spent on the platform, and clickstream data collected via cookies or analytics tools.
• Aggregate Data: De-identified data from user interactions (e.g., course completion trends, assessment outcomes) used to improve Services or create industry benchmarks.
We collect only necessary data and ensure accuracy via user verification and reviews.
Data Minimization Principle: We adhere strictly to GDPR Article 5(1)(c) by collecting and retaining only the minimum personal data necessary for our purposes (e.g., name/email for enrollment only; no excess profiling data beyond course recommendations).
Consulting Services may involve processing sensitive personal data (e.g., health-related psychosocial hazard disclosures under GDPR Article 9). We only process such data with your explicit, informed consent, obtained via a separate opt-in form prior to engagement. You may withdraw consent at any time without affecting prior lawful processing.
These Terms comply with and do not limit mandatory rights under Cyprus Consumer Rights Law 133(I)/2013 (e.g., 14-day withdrawal), Australian Consumer Law (guarantees of acceptable quality), California Consumer Privacy Act (CCPA/CPRA rights like opt-out of sales—note: we do not sell data), or Canadian PIPEDA (access/correction). For CCPA, contact us at contact@thriveduty.com with 'CCPA Request' in the subject. We limit collection to essentials, e.g., name/email for enrollment (deleted post-7 years unless disputed); no excess progress data beyond certification.
2. How We Use Your Information
We use your information to:
• Provide Services: Deliver training courses, issue MPO certifications, process payments, and fulfill consulting engagements.
• Track Progress: Monitor course completion and assessment results to issue certificates and ensure compliance with licensing terms.
• Improve Services: Analyze usage patterns and feedback to enhance content, functionality, and user experience.
• Communicate: Send transactional emails (e.g., course updates, payment confirmations), respond to inquiries, and provide marketing communications (with your consent where required).
• Develop Benchmarks: Use de-identified, aggregated data to create industry reports or compliance insights (e.g., psychosocial hazard trends).
• AI Training (If Applicable): If Services involve AI (e.g., for assessments), use anonymized inputs to train and fine-tune models, ensuring no identifiable data is used.
• Comply with Laws: Meet legal or regulatory obligations, such as tax reporting or data protection requirements.
We may use anonymized aggregate data to train AI models for Service improvements (e.g., benchmark personalization). If any residual identifiable data is used, you have the right to opt out by emailing contact@thriveduty.com. We conduct Data Protection Impact Assessments (DPIAs) for high-risk AI processing per EU AI Act Article 9 and GDPR Article 35, confirming no prohibited practices (e.g., manipulative AI).
We process data under GDPR Art. 6: Contract (Art. 6(1)(b)) for course delivery; Consent (Art. 6(1)(a)) for marketing; Legitimate Interests (Art. 6(1)(f)) for analytics (balanced via assessments); Legal Obligations (Art. 6(1)(c)) for compliance. For activities posing high risks to your rights (e.g., AI training on anonymized data), we conduct Data Protection Impact Assessments (DPIAs) per GDPR Article 35 and consult the Cyprus Commissioner for Personal Data Protection if necessary to ensure appropriate safeguards.
• Provide Services: Deliver training courses, issue MPO certifications, process payments, and fulfill consulting engagements.
• Track Progress: Monitor course completion and assessment results to issue certificates and ensure compliance with licensing terms.
• Improve Services: Analyze usage patterns and feedback to enhance content, functionality, and user experience.
• Communicate: Send transactional emails (e.g., course updates, payment confirmations), respond to inquiries, and provide marketing communications (with your consent where required).
• Develop Benchmarks: Use de-identified, aggregated data to create industry reports or compliance insights (e.g., psychosocial hazard trends).
• AI Training (If Applicable): If Services involve AI (e.g., for assessments), use anonymized inputs to train and fine-tune models, ensuring no identifiable data is used.
• Comply with Laws: Meet legal or regulatory obligations, such as tax reporting or data protection requirements.
We may use anonymized aggregate data to train AI models for Service improvements (e.g., benchmark personalization). If any residual identifiable data is used, you have the right to opt out by emailing contact@thriveduty.com. We conduct Data Protection Impact Assessments (DPIAs) for high-risk AI processing per EU AI Act Article 9 and GDPR Article 35, confirming no prohibited practices (e.g., manipulative AI).
We process data under GDPR Art. 6: Contract (Art. 6(1)(b)) for course delivery; Consent (Art. 6(1)(a)) for marketing; Legitimate Interests (Art. 6(1)(f)) for analytics (balanced via assessments); Legal Obligations (Art. 6(1)(c)) for compliance. For activities posing high risks to your rights (e.g., AI training on anonymized data), we conduct Data Protection Impact Assessments (DPIAs) per GDPR Article 35 and consult the Cyprus Commissioner for Personal Data Protection if necessary to ensure appropriate safeguards.
3. How We Share Your Information
We do not sell or rent your personal information. We may share it as follows:
• Service Providers: With trusted third parties (e.g., payment processors, hosting providers, analytics tools) who assist in delivering Services, subject to confidentiality agreements.
• Consulting Partners: With consultants or subcontractors involved in delivering agreed-upon services, limited to necessary information.
• Legal Compliance: When required by law, court order, or regulatory authority (e.g., to comply with GDPR or other data protection laws).
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with your information transferred subject to this Policy.
• Aggregate Data: De-identified insights may be shared publicly or with partners for research or benchmarking purposes.
• Service Providers: With trusted third parties (e.g., payment processors, hosting providers, analytics tools) who assist in delivering Services, subject to confidentiality agreements.
• Consulting Partners: With consultants or subcontractors involved in delivering agreed-upon services, limited to necessary information.
• Legal Compliance: When required by law, court order, or regulatory authority (e.g., to comply with GDPR or other data protection laws).
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with your information transferred subject to this Policy.
• Aggregate Data: De-identified insights may be shared publicly or with partners for research or benchmarking purposes.
4. Data Security
We implement reasonable technical and organizational measures to protect your information, including encryption, access controls, and secure servers. However, no system is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.
In the event of a personal data breach posing a high risk to your rights and freedoms, we will notify the Cyprus Commissioner for Personal Data Protection within 72 hours and affected users without undue delay, as required by GDPR Articles 33 and 34.
In the event of a personal data breach posing a high risk to your rights and freedoms, we will notify the Cyprus Commissioner for Personal Data Protection within 72 hours and affected users without undue delay, as required by GDPR Articles 33 and 34.
5. Your Data Protection Rights
Under the EU General Data Protection Regulation (GDPR) and applicable laws, you may have the following rights regarding your personal data:
• Access: Request a copy of your personal data we hold.
• Rectification: Correct inaccurate or incomplete personal data.
• Erasure: Request deletion of your personal data, subject to legal retention obligations (e.g., accounting or tax requirements).
• Restriction: Request restriction of processing in specific circumstances (e.g., while verifying data accuracy).
• Portability: Receive your personal data in a structured, commonly used, and machine-readable format, or have it transferred to another controller.
• Objection: Object to processing based on legitimate interests (e.g., analytics) or for direct marketing purposes.
• Withdraw Consent: Withdraw consent at any time for processing based on consent (e.g., marketing communications), without affecting the lawfulness of prior processing.
• Automated Decision-Making: Not to be subject to decisions based solely on automated processing, including profiling, that produce legal or significant effects, unless necessary for the contract or consented to.
To exercise these rights, contact our Data Protection Officer at contact@thriveduty.com. We will respond within one month, as required by the EU GDPR, though this may be extended by two months for complex requests. You may lodge a complaint with the Cyprus Commissioner for Personal Data Protection or your local EU authority.
We do not use solely automated decisions with legal effects. Limited profiling for recommendations (legitimate interests; opt-out via settings).
• Access: Request a copy of your personal data we hold.
• Rectification: Correct inaccurate or incomplete personal data.
• Erasure: Request deletion of your personal data, subject to legal retention obligations (e.g., accounting or tax requirements).
• Restriction: Request restriction of processing in specific circumstances (e.g., while verifying data accuracy).
• Portability: Receive your personal data in a structured, commonly used, and machine-readable format, or have it transferred to another controller.
• Objection: Object to processing based on legitimate interests (e.g., analytics) or for direct marketing purposes.
• Withdraw Consent: Withdraw consent at any time for processing based on consent (e.g., marketing communications), without affecting the lawfulness of prior processing.
• Automated Decision-Making: Not to be subject to decisions based solely on automated processing, including profiling, that produce legal or significant effects, unless necessary for the contract or consented to.
To exercise these rights, contact our Data Protection Officer at contact@thriveduty.com. We will respond within one month, as required by the EU GDPR, though this may be extended by two months for complex requests. You may lodge a complaint with the Cyprus Commissioner for Personal Data Protection or your local EU authority.
We do not use solely automated decisions with legal effects. Limited profiling for recommendations (legitimate interests; opt-out via settings).
6. Cookies & Tracking
We may use cookies and similar technologies to enhance your experience, analyze usage, and deliver personalized content. You can manage cookie preferences through your browser settings. Non-essential cookies (e.g., for analytics or marketing) require your consent, which you can manage via our website’s cookie banner. Essential cookies for functionality do not require consent. You can adjust preferences anytime via browser settings or our banner.
We may use: (i) essential cookies for site functionality; (ii) analytics cookies (e.g., Google Analytics) for usage insights; and (iii) marketing cookies (e.g., via Kajabi) for personalized content. Non-essential cookies require consent via our banner.
We may use: (i) essential cookies for site functionality; (ii) analytics cookies (e.g., Google Analytics) for usage insights; and (iii) marketing cookies (e.g., via Kajabi) for personalized content. Non-essential cookies require consent via our banner.
7. International Data Transfers
If you access Services from outside Cyprus, your data may be transferred to servers in other jurisdictions (e.g., for hosting). We ensure such transfers comply with EU GDPR, using Standard Contractual Clauses or other safeguards where required.
Where Cyprus is treated as a third country (e.g., for US-based processors like Kajabi), we rely on EU adequacy decisions where applicable or Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring equivalent protections under GDPR Chapter V. For US processors (e.g., Kajabi), we use EU-approved SCCs; no reliance on Privacy Shield (post-Schrems II).
Where Cyprus is treated as a third country (e.g., for US-based processors like Kajabi), we rely on EU adequacy decisions where applicable or Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring equivalent protections under GDPR Chapter V. For US processors (e.g., Kajabi), we use EU-approved SCCs; no reliance on Privacy Shield (post-Schrems II).
8. Data Retention
We retain personal information for as long as necessary to provide Services, fulfill legal obligations, or resolve disputes. For example:
• Account data is kept while your account is active and up to 7 years thereafter for tax/audit purposes.
• Course completion data is retained to verify certifications, unless you request deletion.
• De-identified data may be kept indefinitely for analytics.
For dispute resolution, we retain relevant data (e.g., completion records) for 1 year from the date of the dispute notice or resolution, whichever is later, unless a longer period is required by law.
We maintain GDPR Art. 30 records (available on request), e.g., course data via Kajabi for contract purposes. In addition to purpose-based periods, examples include: Course enrolment data (duration of access + 1 year for disputes); Consulting client info (6 years per Cyprus tax law); Marketing preferences (until withdrawal). De-identified analytics retained indefinitely. Examples by Category: Enrollment (access duration +1 year); Consulting data (6 years per Cyprus tax); Marketing (until opt-out).
• Account data is kept while your account is active and up to 7 years thereafter for tax/audit purposes.
• Course completion data is retained to verify certifications, unless you request deletion.
• De-identified data may be kept indefinitely for analytics.
For dispute resolution, we retain relevant data (e.g., completion records) for 1 year from the date of the dispute notice or resolution, whichever is later, unless a longer period is required by law.
We maintain GDPR Art. 30 records (available on request), e.g., course data via Kajabi for contract purposes. In addition to purpose-based periods, examples include: Course enrolment data (duration of access + 1 year for disputes); Consulting client info (6 years per Cyprus tax law); Marketing preferences (until withdrawal). De-identified analytics retained indefinitely. Examples by Category: Enrollment (access duration +1 year); Consulting data (6 years per Cyprus tax); Marketing (until opt-out).
9. Third-Party Links
Our Services may contain links to third-party websites (e.g., payment processors). We are not responsible for their privacy practices. Review their policies before providing information.
10. Children's Privacy
Our Services are not intended for individuals under 16. We do not knowingly collect personal information from children. If you believe we have such data, contact us to request deletion.
11. Governing Law
These Terms are governed by the laws of the Republic of Cyprus. Disputes resolved exclusively in Nicosia courts, except where EU law grants home jurisdiction rights.
12. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or platform notice. Continued use of Services after changes constitutes acceptance.
Per CCPA amendments (effective 2025), where applicable we conduct annual cybersecurity audits and risk assessments for automated decision-making technology (ADMT) in scoring/feedback, with results available upon verified request.
Per CCPA amendments (effective 2025), where applicable we conduct annual cybersecurity audits and risk assessments for automated decision-making technology (ADMT) in scoring/feedback, with results available upon verified request.
13. Contact Us
For questions or to exercise your data protection rights:
ThriveDuty Email: contact@thriveduty.com
Website: www.thriveduty.com
ThriveDuty Email: contact@thriveduty.com
Website: www.thriveduty.com