Hello, welcome to the Thriva privacy policy. This is where we tell you how we process and protect your personal information and how we respect your privacy. We are the controller responsible for protecting the personal information we hold about you. We will keep it safe and secure and we will not misuse it. We appreciate that your personal information belongs to you even if it has been shared with others. This privacy policy explains what we do with your personal information so you understand how we use it. It also tells you what your legal rights are in relation to it and how you can exercise them so that you are in control of your personal information at all times.
This policy is made for and applies to anyone who is a Thriva customer or subscriber, or just anyone who is visiting our website. Please make sure you read this policy carefully. By accessing or browsing thriva.co (our “Website”), or using any of the services we provide to our customers, then you confirm that you have read and understood the entirety of this privacy policy, as it applies to you.
Feel free to email us at: hello@thriva.co if you have questions or concerns.
We may update our privacy policy from time to time. Any changes we make will be posted on this page. Where the changes are significant, we will let you know by email or in another appropriate manner such as when you next interact with our website or app.
We are registered as a limited company in the UK as Thriva Limited and refer to ourselves in the first person throughout this policy. Our company registration number is 09828160 and our registered office is 6th Floor, Classic House, 174-180 Old St, London EC1V 9BP. We are registered with the UK Information Commissioner's Office (registration number ZA173692). Thriva Limited is the controller of your personal information, and is responsible for protecting the personal information we hold about you.
If you have any questions or concerns, you can contact our Data Protection Officer by post at: 6th Floor, Classic House, 174-180 Old St, London EC1V 9BP or by email at: dpo@thriva.co
Personal information is the term we use to describe information which we collect and which identifies you (such as your name) or could indirectly identify you (such as an IP address or other online identifier).
We have personal information about you which you have given us; personal information about you which we collect from your device and personal information about you which we obtain from other sources. In this section, we explain what personal information we have about you.
If you ask us to delete your contact details or account details, we may no longer be able to provide our services to you.
The types of personal information that we receive as a result of our services may include the following special categories of personal data:
We will only collect these types of special categories of information with your explicit consent. Please remember that if you choose to withdraw your consent to our processing of these categories of information, we may be unable to provide our services to you.
The nature of what we do at Thriva means that if you opt to use our services through a business-to-business customer of ours - we may receive personal information about you from our business customers, suppliers and sub-contractors (for example, doctors, laboratories and nutritionists).
Please contact us at: hello@thriva.co if you are aware that we may have inadvertently collected personal information from a child.
We use your personal information for different purposes, but in all cases we must have a legal basis for doing so. When we use your "special categories of personal data" we need an additional legal basis.
These are the legal bases for which we use your information:
Legal Basis | Purpose | Additional Legal Basis – to justify use of "special categories of personal data" for these purposes |
---|---|---|
Consent | To contact you (including by email or post) with information about our products and services which either you request, or which we feel will be of interest to you. To analyse how you use our products and services. To provide you with targeted marketing. | Explicit Consent |
Contractual necessity | To allow you to access and use our Website and to register for an account. To provide you with the information, products and services that you request from us. To notify you about changes to our services and to keep you informed about our fees and charges. | Explicit Consent |
Legitimate interests | To do things necessary for our business, such as pursuing debts or ensuring the security of our services and Website . To carry out statistical analysis and market research. To carry out marketing, advertising and promotions. To improve and maintain our Website, prepare reports or compile statistics in order to improve our services. To detect or prevent fraud. | We do not need to use your "special categories of personal data for these purposes |
Legal duty | To comply with our legal, accounting, regulatory and tax obligations. To establish, defend or exercise our legal rights. | Defence of legal claims |
We keep your personal information for no longer than necessary for the purposes for which the personal information is processed. The length of time for which we retain personal information depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights. As soon as there is no longer any need for us to hold your personal information, we will delete it or, in some cases, anonymise it so you can no longer be identified from it.
Data Description | Retention Period | Reason for retention period |
---|---|---|
Personal data, including customer names, addresses, payment details | 5 years after last purchase | Business need |
Subscription test records | 5 years after last purchase | Business need |
Health Data | 5 years after last purchase | Business need |
Account correspondence (notes, complaints, purchase history) | 6 years after last purchase | Limitation Act 1980 |
If you would like further information regarding the periods for which your personal information will be held, please contact our DPO using the details in section 1 of this privacy policy.
You can contact us by email at: dpo@thriva.co at any time, to request that we:
Please note that many data subject rights are not absolute and the extent to which they apply may vary depending on the circumstances and any exemptions that may apply. If you would like to exercise any of your data subject rights, please contact us at: dpo@thriva.co. We will consider all such requests and provide our response within a reasonable period (and in any event within one month of your request unless we tell you we are entitled to a longer period by law).
All EEA countries (the EU, Norway, Iceland and Liechtenstein) provide an adequate level of data protection allowing free transfer of personal information between the UK and any of those countries.
We process the personal information we collect at our offices in London, but we may transfer your personal information outside the UK or the EEA to our third party providers listed immediately below:
If we transfer any personal information about you to any such non-UK and non-EEA third party providers, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this privacy policy. These measures may include the following:
Further details on the steps we take to protect your personal information in these cases is available from us on request by contacting our Data Protection Officer using the details in section 1 of this privacy policy.
At Thriva, we have physical, electronic and managerial procedures in place to protect and secure the information we collect. We are committed to protecting personal information from loss, misuse, disclosure, alteration, unauthorised access and destruction and we take all reasonable precautions to safeguard the confidentiality of personal information. This includes appropriate entry controls to our premises, multi-factor authentication for all accounts relating to production data, use of an industry leading identity and access management solution, Okta, to manage employee accounts and access to these systems and limiting access to your personal data to those employees, agents contractors and third parties who have a need to know, and encryption of data at rest and in transit.
We make every effort to protect your personal information. However, there is always an inherent risk, beyond our control, in sending information over the internet. If we do ever encounter any online data breaches, we commit to taking prompt action to resolve the situation to protect your information.
We use Stripe for payment transactions and so do not hold payment or payment card data (except for the last 4 digits).
Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Our Website may, from time to time, contain links to websites operated by third parties. This privacy policy only applies to the personal information that we collect and we cannot be responsible for personal information collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We don’t endorse or accept any responsibility for the content of those third party websites or third party terms and conditions or policies.
Questions, comments and requests about this privacy policy or how we collect, use or store your personal information are welcomed and should be emailed to us at: hello@thriva.co or to our Data Protection Officer by post at: Thriva Limited, Classic House, 174-180 Old St, London EC1V 9BP or by email at: dpo@thriva.co.
If you believe we have breached your rights, please contact us at: dpo@thriva.co or you can make a complaint to the UK Information Commissioner's Office (https://ico.org.uk) or seek remedy through your local courts if you believe your rights have been breached.