Last Updated: 11.June.2026
Effective Date: 11.June.2026
1. INTRODUCTION
This Privacy Policy (“Policy”) describes how Thrico by PulsePlay Digital Private Limited (“we”, “us”, or our”), collects, uses, discloses, stores and otherwise handles personal information relating to an identified or identifiable natural person within the United Kingdom, as well as how we use cookies and similar technologies. It applies to all users of the Thrico.
Our Platform enables organisation to build, manage, and grow branded online communities, offering features including social media, member, connections chat, events, mentorship, gamification, job boards, surveys, polls, a marketplace and more.
This Privacy Policy (“Policy”) explains how we collect, use, disclose, retain, and protect personal data when you:
(i) Visit Our Website at (www.thrico.com) (“Site”)
(ii) Register for or use the Thrico by PulsePlay digital Platform, web application, or mobile applications (“Platform”)
(iii) Interact with us as a Brand Admin, community member, visitor, partner, or job applicant, or
(iv) Communicate with us by any means
As said above, this Privacy Policy is addressed to individuals located in the United Kingdom (“UK”) and it is drafted to comply with
(a) The UK General Data Protection Regulation (“UK GDPR”) as retained in UK law by the European Union (withdrawal) Act, 2018;
(b) The Data Protection Act, 2018 (“DPA Act 2018”);
(c) The Privacy and Electronic Communications Regulations 2003 (as amended) (“PECR”);
(d) Any other applicable UK data protection legislation in force from time to time.
2. PERSONAL DATA WE COLLECT
We collect personal data in three principal ways; data you provide directly, data collected automatically, and data received from third parties.
(a) Data you Provide to us
(i) Identity Data: full name, username, profile photograph, date of birth (to verify minimum age), gender (optional).
(ii) Contact Data: email address, telephone number, postal address.
(iii) Profile and Community Data: biography, interests, skills, profession, employer, educational history, social links.
(iv) Content Data: posts, comments, reactions, media uploads (photos, videos, documents), messages, survey and poll responses, forum contributions.
(v) Financial Data: payment card details or bank account information processed via our PCI-DSS compliant payment processor for paid subscriptions, event tickets, marketplace transactions and reward redemptions.
(vi) Employment and Mentorship Data: CVs, job applications, mentorship preferences, career goals.
(vii) Verification Data: age verification responses, campus ambassador programme enrolment data (for Thrico Social participants aged 18 or above).
(viii) Communication Data: support requests, feedback, complaints, and any other correspondence with us.
(b) Data Collected Automatically
(i) Technical Data: IP address, browser type and version, operating system, device identifiers, time zone, language settings.
(ii) Usage Data: pages visited, features used, search queries within the Platform, click-stream data, session duration, referral URLs.
(iii) Location Data: general location inferred from IP address; precise GPS location only with your explicit consent.
(iv) Cookie and Tracking Data: data collected via cookies, web beacons, pixels, and similar technologies (see Clause VII).
(v) Log Data: server logs including access times, error logs, and performance metrics.
(c) Data Received from Third Parties
(i) Single Sign-on (SSO) Providers: if you register or log in via Google, LinkedIn, Apple ID, or another SSO provider, we receive your name, email address, and profile photograph from that provider.
(ii) Brand Admin Data: Brand Admin may provide us with lists of invited members, which may include your name and email address.
(iii) Analytics and Advertising Partners: aggregated or pseudonymized demographic and behavioral data from analytics partners.
(iv) Publicly Available Sources: information from public professional profiles where legitimately obtained.
3. Purposes of Processing and Legal Bases
The UK GDPR requires us to have a lawful basis for each purpose for which we process your personal data. The purpose for which we process your personal data are mentioned below:
(a) Account Registration and Identity Verification: We may collect personal data relating to Identity, contact and authentication credentials, in accordance with Article 6(1) (b) and Article 6(1) (c) of the UK GDPR.
(b) Providing Platform features (feed, chat, events, jobs, marketplace, gamification, mentorship, etc.,): We may collect personal data relating to Contact, Profile, Content, Usage, Location, in accordance with the Article 6 (1) of the UK GDPR.
(c) Processing payments and managing rewards: We may collect personal data relating to Identity, Contact, Financial in accordance with the Article 6(1) (b) and Article 6(1) (c) of the UK GDPR.
(d) Customer support and complaints handling: We may collect personal data relating to Identity, Contact, Communications, in accordance with Article 6(1) (b) and Article 6(1) (f) of the UK GDPR.
(e) Platform Security, Fraud Prevention and Abuse Detection: We may collect Identity, Technical, Usage, Log data in accordance with Article 6(1)(f) and Article 6(1)(a).
(f) Sending Marketing Communications and Newsletters: We may collect personal data relating to identity, contact details, and usage data, in accordance with Article 6(1)(a) of the UK GDPR and applicable soft-opt-in provisions under PECR Regulation 22.
(g) Personalizing Content and Recommendations: We may collect personal data relating to identity, profile information, usage data, and content, in accordance with Article 6(1)(a) or Article 6(1)(f) of the UK GDPR.
(h) Compliance with Legal Obligations (tax, audit, regulatory): We may collect personal data relating to identity, contact details, and financial information, in accordance with Article 6(1)(c) of the UK GDPR.
(i) Establishing, Exercising, or Defending Legal Claims: We may process all relevant personal data, in accordance with Article 6(1)(f) and Article 9(2)(f) of the UK GDPR.
(j) Campus Ambassador Programme Administration: We may collect personal data relating to identity, contact details, and employment information, in accordance with Article 6(1)(b) and Article 6(1)(a) of the UK GDPR.
(k) Employer/Recruiter Services (job board, internships): We may collect personal data relating to identity and employment information, in accordance with Article 6(1)(b) and Article 6(1)(f) of the UK GDPR.
4. Special Category and Criminal Conviction Data
(a) We do not intentionally collect special category personal (such as health, racial or ethnic origin, political opinions, religious beliefs, biometric data, or trade union membership) or data about criminal convictions through the normal use of our platform.
(b) If you voluntarily disclose such information in community posts, profile fields, or other user-generated content, you do so at your own discretion. We will process any such data disclosed incidentally only to the extent necessary to provide the platform service and moderate content, relying on your explicit consent or another applicable condition under Article 9 UK GDPR/Schedule 1 DPA 2018.
5. HOW WE USE YOUR PERSONAL DATA
(a) Platform operation: We use your personal data to create and maintain your account, authenticate your identity, deliver the features you use, facilitate connections between community members, power the gamification engine (points, badges, leaderboards), enable marketplace and shop transactions, and provide mentorship matching.
(b) Personalization and recommendations: With your consent or on the basis of our legitimate interest (subject to your right to object), we analyze your profile, content interactions, and usage patterns to personalize your feed, suggest relevant communities, events, and jobs, and tailor the Platform experience to your interests.
(c) Communications: We send transactional communication (account verification, password resets, payment, confirmations, policy changes) as necessary to fulfil our contract with you. We send marketing communication (newsletters, product updates, promotions) only with your consent or, for existing users, under the soft opt-in provisions of PECR Regulations 22. And only in relation to similar products and services. You may withdraw consent or opt out at any time using the unsubscribe link in any marketing email or by contacting thrico.dpo@pulseplaydigital.com
(d) Safety, security, and moderation: We use automated tools and human review to detect and address prohibited content, spam, fraudulent, activity, account compromise, and other violations of our Terms of Service. This processing is necessary for our legitimate interests in maintaining a safe platform and the safety of our community members.
(e) Automated decision-making and profiling: We use automated processes to personalize content, detect spam and fraudulent activity, and calculate gamification scores. Where any automated decision-making produces legal or similarly significant effects on you, you have the right to request human review, express your point of view, and contest the decision. We do not make solely automated decisions that produce legal effects concerning you without providing an opportunity for human review, except were permitted by law.
6. Sharing and disclosure of personal data
We do not sell your personal data. We share your data only in the following circumstances.
(a) Brand Admins: Where you are a member of their community, they can see your profile data and content as configured by their platform settings. They are separate data controller.
(b) Other Community Members: Your public profile, posts, and activity visible to other members of your community as per your privacy settings.
(c) Cloud & Hosting Providers: Storage and Infrastructure services (data processing agreements in place).
(d) Payment Processors: Processing payments, PCI-DSS compliant, act as separate data controllers for their own processing.
(e) Analytics Providers: Platform analytics and performance monitoring, on the basis of legitimate interest or your consent.
(f) Email & Communication Providers: Delivery of transactional and marketing emails on our behalf.
(g) Advertising & Social Media Platforms: Only with your consent, used to deliver relevant advertising.
(h) Professional Advisers: Legal, Accounting, Insurance advisors bound by confidentiality obligations.
(i) Regulatory & Law Enforcement Bodies: Where required by law, court order, or to protect rights and safety.
(j) Business Transfers: In the event of a merger, acquisition, or assets sale (see Clause 11).
7. INTERNATIONAL TRANSFERS OF PERSONAL DATA
Thrico operates in India, when we transfer personal data from the UK to countries that are not subject to a UK adequacy regulation. We ensure appropriate safeguards are in place including
(a) UK International Data Transfer Agreements (IDTAs) or the UK Addendum to the EU standard Contractual Clauses (where applicable);
(b) Binding Corporate Rules (where relevant);
(c) Adequacy regulations made by UK Secretary of State;
(d) Other transfer mechanism approved by the ICO.
You may request a copy of the transfer safeguards we rely on contacting.
8. DATA RETENTION
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, including for the purposes of satisfying any legal, regulatory, according, or reporting requirements.
(a) Account and Profile Data: Duration of account 3 years after account closure (for legitimate interests and legal claims).
(b) Transaction and Financial Data: Duration of account; upon deletion of content by user, removed within 3 years (except where retained for legal or safety reasons).
(c) Marketing Preferences and Consent Records: Until consent is withdrawn 3 years (to demonstrate compliance).
(d) Usage and Log Data: 3 years (for security and analytics).
(e) Support and Communications Data: 3 years from the date of last interaction.
(f) Legal Claims Data: Until the relevant claim is resolved and applicable limitation period (generally 6 years under the Limitation Act 1980).
(g) Marketing Preferences and Consent Records: Until consent is withdrawn 3 years (to demonstrate compliance).
(h) Backup Data: Encrypted backups retained for up to 3 years before permanent deletion.
When retention period expires, we securely delete or anonymise your personal data so that it can no longer be associated with you.
9. YOUR RIGHTS UNDER UK DATA PROTECTION LAW
Under the UK GDPR and DPA 2018, you have the following rights. We will respond to all valid requests within one calendar month (extendable by a further two months where requests are complex or numerous, with notice to you).
(a) Right of Access (Article 15): You may request confirmation of whether we process your personal data and, if so, a copy of that data and information about how it is processed (a ‘Subject Access Request’ or SAR).
(b) Right to Rectification (Article 16): You may request correction of inaccurate personal data or completion of incomplete data.
(c) Right to Erasure (Article 17): You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, consent has been withdrawn, or processing is unlawful. Exceptions apply (e.g., legal obligations, public interest).
(d) Right to Restriction (Article 18): You may request that we restrict processing of your data in certain circumstances, for example while accuracy is contested or an objection is pending.
(e) Right to Data Portability (Article 20): Where processing is based on consent or contract and carried out by automated means, you may request receipt of your data in a structured, commonly used, machine-readable format, or ask us to transmit it to another controller.
(f) Right to Object (Article 21): You may object to processing based on legitimate interests or for direct marketing at any time. For direct marketing, we will cease processing immediately upon your objection.
(g) Rights related to Automated Decision-Making (Article 22): You have the right not to be subject to solely automated decisions that produce significant effects, and to request human review of such decisions.
(h) Right to Withdraw Consent: Where Processing is based on consent, you may withdraw at any time without affecting the lawfulness of processing before withdrawal.
(i) Right to Lodge a Complaint: You have the right to lodge a complaint with the ICO (www.ico.org.uk / 03031231113) at any time, though we encourage you to contact us first.
To exercise any of these rights, please contact us at thrico.dpo@pulseplaydigital.com with proof of identity. We will not charge a fee for reasonable request but reserve the right to charge for the manifestly unfounded or excessive requests.
10. SECURITY OF PERSONAL DATA
We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, in accordance with Article 32 UK GDPR. These measures include:
(a) Encryption of data in transit using TLS 1.2 or Higher;
(b) Encryption of data at rest using industry-standard algorithms;
(c) Role-based access controls and principle of least privilege;
(d) Multi-factor authentication for administrative access;
(e) Regular Penetration testing and vulnerability assessments:
(f) Incident response and business continuity procedures;
(g) Staff training on data protection and security;
(h) Vendor due diligence and contractual data processing agreements.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware and, where the breach is likely to result in a high risk, we will also notify you directly without undue delay.
11. BUSINESS TRANSFERS
In the event Thrico or PulsePlay Digital Private Limited is involved in a merger, acquisition, restructuring, asset sale, or insolvency, personal data may be transferred to the relevant third party as part of that transaction. We will notify you of any such transfer and any changes to this Policy, and where required by law we will seek your consent.
12. COOKIES AND SIMILAR TECHNOLOGIES (PECR)
We use cookies and similar technologies (web beacons, pixels, local storage) on our site and Platform in compliance with PECR Cookies that are not strictly necessary for the operation of the site or Platform are set only with your consent, obtained via our cookie consent banner.
(a) Strictly Necessary: Session management, authentication, security, load balancing.
(b) Functional Preference: Remembering your settings, language preferences, notification preferences.
(c) Analytics Performance: Understanding how you use the site, identifying popular features, improving performance.
(d) Marketing: Delivering relevant advertisements and tracking campaign effectiveness.
13. CHILDREN’S PRIVACY AND AGE RESTRICTIONS
Our Platform is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. The Thrico Campus Ambassador Program (Thrico Social) is open only to individuals aged 18 years or older, consistent with the requirements of the DPA 2018 and our Terms of Services.
For users aged 13 to 17, where we become aware that a user in this age group has registered, we will treat their data with additional care, limit direct marketing, and notify a parent or guardian where required by applicable law. Parental or guardian consent may be required for processing the data of users under 16 in certain contexts (Article 8 UK GDPR).
If you believe we have collected data from a child in error, please contact us thrico.dpo@pulseplaydigital.com and we will delete it promptly.
14. THIRD PARTY LINKS AND INTEGRATIONS
The Platform may contain links to third-party websites, applications or services and may integrate with third party tools (e.g. SSO providers, payment gateways, analytics services) We are not responsible for the privacy practices of third parties. We encourage you to review the Privacy policies of any third-party services you access via our Platform.
15. CHANGES TO THIS PRIVACY POLICY
We may update this Policy from time to time reflect changes in our practices, technology, legal requirements, or for legitimate reasons. When we make material changes, we will;
(a) Update the “Last Updated” date at the top of this Policy
(b) Notify you email or prominent in-platform notice at least 14 days before the changes take effect (for material changes); and
(c) Where required by law; seek your renewed consent.
We encourage you to review this Policy periodically, continued use of the Platform after changes take effect constitutes your acceptance of the revised Policy to the extent permitted by law.
16. CONTACT US
If you have any questions, concerns or complaints about this Policy or our handling of your personal data, or to exercise your rights, please contact us:
Privacy Team/ Data Protection Enquiries
Email: thrico.dpo@pulseplaydigital.com
Subject: Privacy _____(Your Request Type)
Website: https://thrico.com
Office Address: We are headquartered at Sushma Cottage, Ram Nagar, Dharamshala 176215- Himachal Pradesh, India.