Who We Are

Thriving Media Ltd is a company registered in Scotland, trading as Keep Edinburgh Thriving. We support local and independent businesses across Edinburgh and the Lothians through our membership community and the Thriving Card membership scheme.

Thriving Media Ltd also operates fitness and wellbeing activities, including Thriving Fitness and Get After It Girls.

For the purposes of UK data protection law, Thriving Media Ltd (trading as Keep Edinburgh Thriving) is the Data Controller in respect of the personal data we collect and process. Our registered address and contact details are available at keepedinburghthriving.com.

Our Data Protection Officer is Abby Nash. If you have any concerns or questions about the data we hold about you, please contact Abby at hi@keepedinburghthriving.com. If we are unable to resolve your concerns satisfactorily, you can contact the Information Commissioner at ico.org.uk.

We are registered with the Information Commissioner’s Office (ICO). Our registration number is C1893051. You can verify our registration at ico.org.uk.

What Personal Data We Collect

Membership & Thriving Card Data

When you sign up as a member or register for the Thriving Card, we collect: full name, email address, membership type and status, date of joining, and payment records (processed and stored securely via Stripe — we do not store full card details ourselves).

Student Membership

If you sign up for a Student Membership, we collect the standard membership data above plus the following additional information to verify your student status: the name of your university or college, your expected graduation year and an image of your valid student ID card.

Your student ID image is used solely to verify your eligibility for the Student Membership rate. It is not shared with third parties and is deleted once verification is complete. The legal basis for processing this data is contract performance (verifying eligibility for the membership type you have applied for).

Tourist Membership

If you sign up for a Tourist Membership (7-day or 30-day pass), we collect the same standard membership data listed above. Tourist Memberships are non-recurring and your data will be retained for the standard period set out in Section 3.

Business Directory Membership

If your business signs up to be listed in the Keep Edinburgh Thriving Business Directory, we collect the standard membership data above plus the following business details, which will be displayed publicly as part of your directory listing: business name, business address, business email address, business phone number and Thriving Card discount offered to members.

Please note that the business name, address, phone number, email and discount details will be visible to the public as part of the directory listing. By registering for a Business Directory membership, you consent to this information being displayed on the Keep Edinburgh Thriving website and in associated marketing materials. You may request removal or amendment of your listing at any time by contacting us at hi@keepedinburghthriving.com.

Events & Wellbeing Data

If you register for or participate in a KET Event delivered directly by KET or its instructors (including run clubs, fitness sessions, walks, wellness sessions and similar), we may collect health and medical screening data via a health screening questionnaire. This data is collected to help ensure that our activities can be carried out safely for you.

Health screening data is classified as special category data under UK GDPR. We process this data on the basis of your explicit consent, which you provide by completing and submitting the health screening form. You may withdraw your consent at any time by contacting us, though this may mean you are unable to participate in certain activities.

For collaborative events delivered by a third-party provider or Participating Business, that provider is responsible for their own health screening and data collection. KET does not collect health screening data on behalf of third-party providers.

Website & Communications Data

When you interact with our website or communications, we may collect: email address (if you subscribe to our newsletter via Beehiiv), open and click data from emails you receive from us and basic website analytics (pages visited, browser type, approximate location).

Business & Event Enquiries

If you contact us directly or register for an event, we may collect: name and email address, the content of your message or enquiry, and any additional information you choose to provide.

How We Use Your Personal Data

We use your personal data only for the following purposes, and only where we have a valid legal basis to do so under UK GDPR:

Purpose	Legal Basis	Retention
Managing your Thriving Card membership and account	Contract performance	Duration of membership + 2 years
Processing payments via Stripe	Contract performance	As required by HMRC (6 years)
Sending newsletter and updates via Beehiiv	Consent	Until you unsubscribe
Responding to enquiries	Legitimate interests	2 years from last contact
Sending member communications about events and offers	Legitimate interests / Contract	Duration of membership
Health screening for KET Events delivered by KET	Explicit consent	Duration of participation + 1 year
Student ID verification	Contract performance	Deleted once verification is complete
Complying with legal and tax obligations	Legal obligation	6 years minimum

We will keep your data no longer than is necessary to fulfil our services or deal with your enquiry. We may need to keep some of your data for longer to satisfy certain legal and accounting requirements.

Third-Party Services & Data Processors

We use a small number of trusted third-party platforms to operate our business. These companies act as data processors on our behalf and are contractually required to handle your data securely and in accordance with UK GDPR.

Provider	Purpose	Data Shared
Join It	Membership management & Thriving Card platform	Name, email, membership data
Stripe	Secure payment processing	Payment data (card details processed by Stripe only)
Beehiiv	Newsletter & email marketing	Email address, open/click data
Google Workspace	Business email, documents & operations	Business communications

We do not sell your personal data to any third party. We do not share your data with any other parties except where required by law. We may share anonymised, aggregated data with Participating Businesses for the purpose of demonstrating the reach and impact of The Thriving Card.

For full privacy policies of our third-party providers, please visit: joinit.org/privacy, stripe.com/gb/privacy, beehiiv.com/privacy, and policies.google.com/privacy.

International Data Transfers

Some of our third-party providers (including Join It, Stripe and Beehiiv) may process data outside the UK. Where this occurs, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the UK ICO, or that the recipient country benefits from an adequacy decision under UK GDPR.

How We Protect Your Data

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction or alteration. These include:

No method of transmission over the internet is completely secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security. The information you provide to us is done so at your own risk.

We have a process in place to identify any data breach and will inform you and the ICO of any such breach as soon as reasonably possible.

Your Rights Under UK GDPR

Under UK data protection law, you have the following rights in relation to your personal data:

To exercise any of these rights, please contact us at hi@keepedinburghthriving.com. We will respond within one calendar month. We may need to verify your identity before processing your request.

You can opt out of receiving marketing information from us at any time by contacting hi@keepedinburghthriving.com.

If you are unhappy with how we handle your data or your rights request, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.

Cookies & Website Analytics

Our website may use cookies and similar tracking technologies to help us understand how visitors use our site and to improve your experience. These may include:

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our website. By continuing to use our website, you consent to the use of essential cookies.

Children’s Privacy

Our membership services and KET Events involving physical or wellbeing activities are for adults only (18 years of age and over). We do not knowingly collect personal data from children under the age of 13. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete it.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. The most current version will always be available at keepedinburghthriving.com/privacy-policy. We will notify active members of any significant changes by email.

The date at the top of this document indicates when it was last updated.

Contact Us

Who We Are

Thriving Media Ltd is a company registered in Scotland, trading as Keep Edinburgh Thriving. We support local and independent businesses across Edinburgh and the Lothians through our membership community and the Thriving Card membership scheme.

Thriving Media Ltd also operates fitness and wellbeing activities, including Thriving Fitness and Get After It Girls.

For the purposes of UK data protection law, Thriving Media Ltd (trading as Keep Edinburgh Thriving) is the Data Controller in respect of the personal data we collect and process. Our registered address and contact details are available at keepedinburghthriving.com.

Our Data Protection Officer is Abby Nash. If you have any concerns or questions about the data we hold about you, please contact Abby at hi@keepedinburghthriving.com. If we are unable to resolve your concerns satisfactorily, you can contact the Information Commissioner at ico.org.uk.

We are registered with the Information Commissioner’s Office (ICO). Our registration number is C1893051. You can verify our registration at ico.org.uk.

What Personal Data We Collect

Membership & Thriving Card Data

When you sign up as a member or register for the Thriving Card, we collect: full name, email address, membership type and status, date of joining, and payment records (processed and stored securely via Stripe — we do not store full card details ourselves).

Student Membership

If you sign up for a Student Membership, we collect the standard membership data above plus the following additional information to verify your student status: the name of your university or college, your expected graduation year and an image of your valid student ID card.

Your student ID image is used solely to verify your eligibility for the Student Membership rate. It is not shared with third parties and is deleted once verification is complete. The legal basis for processing this data is contract performance (verifying eligibility for the membership type you have applied for).

Tourist Membership

If you sign up for a Tourist Membership (7-day or 30-day pass), we collect the same standard membership data listed above. Tourist Memberships are non-recurring and your data will be retained for the standard period set out in Section 3.

Business Directory Membership

If your business signs up to be listed in the Keep Edinburgh Thriving Business Directory, we collect the standard membership data above plus the following business details, which will be displayed publicly as part of your directory listing: business name, business address, business email address, business phone number and Thriving Card discount offered to members.

Please note that the business name, address, phone number, email and discount details will be visible to the public as part of the directory listing. By registering for a Business Directory membership, you consent to this information being displayed on the Keep Edinburgh Thriving website and in associated marketing materials. You may request removal or amendment of your listing at any time by contacting us at hi@keepedinburghthriving.com.

Events & Wellbeing Data

If you register for or participate in a KET Event delivered directly by KET or its instructors (including run clubs, fitness sessions, walks, wellness sessions and similar), we may collect health and medical screening data via a health screening questionnaire. This data is collected to help ensure that our activities can be carried out safely for you.

Health screening data is classified as special category data under UK GDPR. We process this data on the basis of your explicit consent, which you provide by completing and submitting the health screening form. You may withdraw your consent at any time by contacting us, though this may mean you are unable to participate in certain activities.

For collaborative events delivered by a third-party provider or Participating Business, that provider is responsible for their own health screening and data collection. KET does not collect health screening data on behalf of third-party providers.

Website & Communications Data

When you interact with our website or communications, we may collect: email address (if you subscribe to our newsletter via Beehiiv), open and click data from emails you receive from us and basic website analytics (pages visited, browser type, approximate location).

Business & Event Enquiries

If you contact us directly or register for an event, we may collect: name and email address, the content of your message or enquiry, and any additional information you choose to provide.

How We Use Your Personal Data

We use your personal data only for the following purposes, and only where we have a valid legal basis to do so under UK GDPR:

Purpose	Legal Basis	Retention
Managing your Thriving Card membership and account	Contract performance	Duration of membership + 2 years
Processing payments via Stripe	Contract performance	As required by HMRC (6 years)
Sending newsletter and updates via Beehiiv	Consent	Until you unsubscribe
Responding to enquiries	Legitimate interests	2 years from last contact
Sending member communications about events and offers	Legitimate interests / Contract	Duration of membership
Health screening for KET Events delivered by KET	Explicit consent	Duration of participation + 1 year
Student ID verification	Contract performance	Deleted once verification is complete
Complying with legal and tax obligations	Legal obligation	6 years minimum

We will keep your data no longer than is necessary to fulfil our services or deal with your enquiry. We may need to keep some of your data for longer to satisfy certain legal and accounting requirements.

Third-Party Services & Data Processors

We use a small number of trusted third-party platforms to operate our business. These companies act as data processors on our behalf and are contractually required to handle your data securely and in accordance with UK GDPR.

Provider	Purpose	Data Shared
Join It	Membership management & Thriving Card platform	Name, email, membership data
Stripe	Secure payment processing	Payment data (card details processed by Stripe only)
Beehiiv	Newsletter & email marketing	Email address, open/click data
Google Workspace	Business email, documents & operations	Business communications

We do not sell your personal data to any third party. We do not share your data with any other parties except where required by law. We may share anonymised, aggregated data with Participating Businesses for the purpose of demonstrating the reach and impact of The Thriving Card.

For full privacy policies of our third-party providers, please visit: joinit.org/privacy, stripe.com/gb/privacy, beehiiv.com/privacy, and policies.google.com/privacy.

International Data Transfers

Some of our third-party providers (including Join It, Stripe and Beehiiv) may process data outside the UK. Where this occurs, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the UK ICO, or that the recipient country benefits from an adequacy decision under UK GDPR.

How We Protect Your Data

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction or alteration. These include:

No method of transmission over the internet is completely secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security. The information you provide to us is done so at your own risk.

We have a process in place to identify any data breach and will inform you and the ICO of any such breach as soon as reasonably possible.

Your Rights Under UK GDPR

Under UK data protection law, you have the following rights in relation to your personal data:

To exercise any of these rights, please contact us at hi@keepedinburghthriving.com. We will respond within one calendar month. We may need to verify your identity before processing your request.

You can opt out of receiving marketing information from us at any time by contacting hi@keepedinburghthriving.com.

If you are unhappy with how we handle your data or your rights request, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.

Cookies & Website Analytics

Our website may use cookies and similar tracking technologies to help us understand how visitors use our site and to improve your experience. These may include:

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our website. By continuing to use our website, you consent to the use of essential cookies.

Children’s Privacy

Our membership services and KET Events involving physical or wellbeing activities are for adults only (18 years of age and over). We do not knowingly collect personal data from children under the age of 13. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete it.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. The most current version will always be available at keepedinburghthriving.com/privacy-policy. We will notify active members of any significant changes by email.

The date at the top of this document indicates when it was last updated.

Contact Us

Registered Company	Thriving Media Ltd
Trading As	Keep Edinburgh Thriving
Data Protection Officer	Abby Nash
Email	hi@keepedinburghthriving.com
Website	keepedinburghthriving.com
ICO Registration	C1893051