This policy is made for and applies to anyone who is a Thriva customer or subscriber, or just anyone who is visiting our website. Please make sure you check this policy and if you don’t agree with it, then (although we hate to turn you away) you shouldn’t use our site or service. This is because by accessing or browsing thriva.co (our “Website”), or using any of the services we provide to our customers, then you confirm that you have read, understood and agreed to this.
Alternatively, feel free to email us at firstname.lastname@example.org if you have questions or concerns.
Contents of this Policy:
1. About Thriva
We are registered as a limited company in the UK as Thriva Limited and refer to ourselves in the first person throughout this policy. Our registration number is 09828160 and our registered offices is 132-140 Goswell Road, London, EC1V 7DY. We are registered with the UK Information Commissioner's Office (registration number ZA173692).
Our Data Protection Officer is Thomas Livesey. You can contact Thomas by post at: Thriva, 132-140 Goswell Road, London, EC1V 7DY or by email at: DPO@thriva.co
2. The personal information we collect
Personal information is the term we use to describe information which we collect and which can be used to personally identify someone. For example, a name, a personal address or even an IP address.
Here is a list of the types of personal data we collect:
Information you give to us (e.g. on contact forms, questionnaires or when setting up accounts)
- Contact details - such as your name, address, email address, phone number.
- Responses to surveys or promotions - thank you for your participation in these.
- Any updates to the information you provide to us - and thanks for keeping us updated.
This is essential information for us to provide the best service we can to you. If you ask us to delete it, it’s possible we may no longer be able to provide our services to you.
Information we collect automatically when you visit our Website
- Technical information - such as your IP addresses, domain names, the country you’re visiting from, files requested, your browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
- Information on your visit - such as the full URL clickstream to, through and from our Website (including date and time), length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
We keep this information anonymous as much as possible to protect your privacy.
Information generated by our services.
The nature of what we do at Thriva means that we will receive personal information about you from our business partners, suppliers and sub-contractors (for example, doctors, laboratories and nutritionists). The types of personal information that we receive as a result of our services include the following special categories of personal data:
- Your race or ethnic origin
- Your date of birth
- Your physical or mental health or condition(s)
- Information relating to your physical or physiological behaviour
Please remember that if you choose to withdraw your consent to our processing of these categories of information, we will be unable to provide our services to you.
Information we receive from other sources.
- Information from business partners, suppliers and subcontractors - such as doctors, laboratories and nutritionists, for example; blood test results, Doctor commentary on results etc.
- Advertising networks and information providers - we work closely with advertising networks, analytics and search information providers and we sometimes receive information about you from them.
- Information from other websites and services we operate and provide - where this happens, we will let you know about sharing the information internally or combining with information from the Website.
3. How do we use it?
We only ever use your information in line with data protection laws - in particular, the EU General Data Protection Regulation, otherwise known as GDPR. In short, this means we only use it where we have a legal basis to do so. These are the general legal basis for which we use your information:
- Consent - you have given clear consent to us to process your personal information for a specific purpose.
- Our contract - processing your personal information is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.
- Legitimate interests - processing your personal information is necessary for our legitimate interests or those of a third party, provided those interests are not outweighed by your rights and interests.
Here are the specific reasons we process your personal information:
- to allow you to access and use our Website and to register for an account;
- to provide you with the information, products and services that you request from us;
- to do things necessary for our business, such as pursuing debts or ensuring the security of our services and Website;
- to carry out statistical analysis and market research;
- for marketing, advertising and promotional purposes;
- for improving and maintaining our Website, preparing reports or compiling statistics in order to improve our services;
- to notify you about changes to our services and to keep you informed about our fees and charges; and
- with your consent only, to contact you (including by email or post) with information about our products and services which either you request, or which we feel will be of interest to you.
5. How long we store your data for
We store personal information for as long as you use the services we provide and then as required to comply with applicable laws. In particular, we are required by law to hold medical records for 10 years.
6. Your choices and rights
At any time:
You can choose not to provide us with personal data
If you choose to do this, you can continue to visit our website and browse its content, but we won’t be able to provide you with services, even if you have already paid for them.
You can turn off cookies in your browser settings
If you turn off cookies, you can continue to visit our website and browse its content, but our online services might be less effective.
You can choose for us not to use your personal information for marketing
We will request your consent to do this, but you can choose to refuse your consent. If you have given your consent and want to retract it later, then you can either unsubscribe to the communications or opt out by contacting us at email@example.com.
You can contact us by email at firstname.lastname@example.org at any time, to request that we:
- update any personal information which is out of date or incorrect;
- delete any personal information which we are holding about you;
- restrict the way that we process your personal information;
- provide your personal information to a third party provider of services; or
- provide you with a copy of any personal information which we hold about you on request to email@example.com (although we reserve the right to charge reasonable fee for this if requests are excessive or repetitive).
You have the right to withdraw your consent in relation to us processing your special categories of personal data (as mentioned above) at any time. You can do this by contacting us through online chat or via firstname.lastname@example.org.
If you withdraw your consent to us processing your personal data, especially the special categories above, this will mean that we are unable to provide our services to you. In addition, please remember that we are required by law to retain medical records for 10 years.
7. Transfers of information
The personal data we collect is processed at our offices in London and in any data processing facilities operated by the third parties. Technology businesses often use third parties to help them host their application, communicate with customers, power their emails etc. We carefully vet any services we use to ensure they adhere to high standards of security and privacy.
Below is a list of the main third party providers we use:
- Infrastructure: Heroku, Amazon Web Services, Sentry
- Analytics: Mixpanel, Segment, Full Story
- Communications: Mailchimp, Intercom, Sendgrid, Twilio
- Payments: Stripe
8. Security of your personal information
Our responsibility to you
At Thriva, we have physical, electronic and managerial procedures in place to protect and secure the information we collect. We are committed to protecting personal information from loss, misuse, disclosure, alteration, unauthorised access and destruction and we take all reasonable precautions to safeguard the confidentiality of personal information.
We make every effort to protect your personal information. However, there is always an inherent risk, beyond our control, in sending information over the internet. If we do ever encounter any online data breaches, we commit to taking prompt action to resolve the situation to protect your information.
We use Stripe for payment transactions and so do not hold payment or payment card data.
Your responsibility to us
Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
9. Third party websites
11. Contact us
If you believe we have breached your rights, you can follow the procedure in this article - https://intercom.help/thrivahelpcenter/about-thriva/how-do-i-make-a-complaint - or you can make a complaint to the UK Information Commissioner's Office (https://ico.org.uk) or seek remedy through your local courts if you believe your rights have been breached.