DATA PROCESSING & GDPR NOTICE

Last Updated: January 1, 2026

ThriveflixU – Data Processing & GDPR Notice

1. Introduction

This Data Processing & GDPR Notice explains how personal data is processed within the ThriveflixU platform operated by MV Thrive (“Company”).

This Notice applies exclusively to data processed in connection with:

  • Access to digital products,
  • Subscription management,
  • Account authentication,
  • Platform security.

This Notice supplements the general Privacy Policy of MV Thrive.

2. Data Controller

The Data Controller for purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) is:

MV Thrive
Portugal
Email - support@mvthrive.com

3. Categories of Data Processed

ThriveflixU may process the following categories of personal data:

3.1 Account Information

  • Name
  • Email address
  • Account credentials (encrypted)

3.2 Transaction-Linked Data

  • Product purchased
  • Subscription status
  • Billing reference (not full payment details)

ThriveflixU does not store full credit card details.

3.3 Technical & Usage Data

  • IP address
  • Device/browser information
  • Login timestamps
  • Access logs
  • Platform interaction records

3.4 Support Communications

  • Customer support messages
  • Refund requests
  • Cancellation requests

4. Legal Basis for Processing (GDPR Article 6)

Personal data is processed on the following legal bases:

4.1 Contractual Necessity (Art. 6(1)(b))

To:

  • Provide access to purchased content,
  • Manage subscriptions,
  • Authenticate users.

4.2 Legal Obligation (Art. 6(1)(c))

To:

  • Comply with tax regulations,
  • Maintain financial records,
  • Respond to lawful authority requests.

4.3 Legitimate Interest (Art. 6(1)(f))

To:

  • Prevent fraud and abuse,
  • Monitor unauthorized account sharing,
  • Protect platform integrity,
  • Defend against legal claims.

Where required, balancing tests are conducted to ensure user rights are not overridden.

5. International Data Transfers

Given the international nature of the Platform, data may be processed outside the European Economic Area (EEA).

In such cases, the Company ensures appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs),
  • Adequacy decisions,
  • Contractual data protection commitments.

Users acknowledge that data may be stored or processed in jurisdictions with different data protection standards.

Where required, such transfers rely on safeguards recognized under Articles 44–49 of the GDPR.

6. Data Retention

Personal data is retained:

  • For the duration of the user account;
  • For the duration of any active subscription;
  • As required for tax and accounting compliance;
  • As necessary to defend against legal claims.

Inactive accounts may be anonymized or deleted after a reasonable period, subject to legal obligations.

7. Platform Security Measures

ThriveflixU implements appropriate technical and organizational measures, including:

  • Encrypted connections (SSL/TLS),
  • Secure authentication protocols,
  • Access control restrictions,
  • Monitoring of abnormal access patterns.

However, no digital platform can guarantee absolute security.

Users are responsible for safeguarding login credentials.

8. User Rights Under GDPR

Where applicable, Users have the right to:

  • Access their personal data;
  • Request rectification;
  • Request erasure (“right to be forgotten”);
  • Restrict processing;
  • Object to processing based on legitimate interest;
  • Request data portability;
  • Lodge a complaint with a supervisory authority.

Requests may be submitted via the contact email provided above.

The Company may request identity verification before processing data requests.

9. Business Users

If a User purchases products for business or professional purposes, certain consumer-specific protections may not apply.

However, GDPR rights remain applicable to personal data processed.

10. Automated Decision-Making

ThriveflixU does not engage in fully automated decision-making that produces legal or similarly significant effects.

However, automated systems may be used for:

  • Fraud detection,
  • Account security,
  • Access validation.

11. Data Breach Procedures

In the event of a personal data breach:

  • The Company will assess risk levels;
  • Notify competent supervisory authorities where legally required;
  • Notify affected Users when legally required.

12. Modification of This Notice

The Company reserves the right to modify this Notice at any time.

The most current version will always be published within the Platform.

 Continued use of the Platform constitutes acknowledgment of updates.