Welcome to the Thriva privacy policy!

Last updated: 16th May 2018

Hello, welcome to the Thriva privacy policy. This is where we tell you how we process and protect your data and how we respect your privacy.

This policy is made for and applies to anyone who is a Thriva customer or subscriber, or just anyone who is visiting our website. Please make sure you check this policy and if you don’t agree with it, then (although we hate to turn you away) you shouldn’t use our site or service. This is because by accessing or browsing thriva.co (our “Website”), or using any of the services we provide to our customers, then you confirm that you have read, understood and agreed to this.

Alternatively, feel free to email us at hello@thriva.co if you have questions or concerns.

We may update our privacy policy from time to time. Any changes we make will be posted on this page and, where appropriate, we will send you an email to confirm the changes as well.

1. About Thriva

We are registered as a limited company in the UK as Thriva Limited and refer to ourselves in the first person throughout this policy. Our registration number is 09828160 and our registered offices is 132-140 Goswell Road, London, EC1V 7DY. We are registered with the UK Information Commissioner's Office (registration number ZA173692).

Our Data Protection Officer is Thomas Livesey. You can contact Thomas by post at: Thriva, 132-140 Goswell Road, London, EC1V 7DY or by email at: DPO@thriva.co

2. The personal information we collect

Personal information is the term we use to describe information which we collect and which can be used to personally identify someone. For example, a name, a personal address or even an IP address.

Here is a list of the types of personal data we collect:

Information you give to us (e.g. on contact forms, questionnaires or when setting up accounts)

  • Contact details - such as your name, address, email address, phone number.
  • Responses to surveys or promotions - thank you for your participation in these.
  • Any updates to the information you provide to us - and thanks for keeping us updated.

This is essential information for us to provide the best service we can to you. If you ask us to delete it, it’s possible we may no longer be able to provide our services to you.

Information we collect automatically when you visit our Website

  • Technical information - such as your IP addresses, domain names, the country you’re visiting from, files requested, your browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
  • Information on your visit - such as the full URL clickstream to, through and from our Website (including date and time), length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.

We keep this information anonymous as much as possible to protect your privacy.

Information generated by our services.

The nature of what we do at Thriva means that we will receive personal information about you from our business partners, suppliers and sub-contractors (for example, doctors, laboratories and nutritionists). The types of personal information that we receive as a result of our services include the following special categories of personal data:

  • Your race or ethnic origin
  • Your date of birth
  • Your physical or mental health or condition(s)
  • Information relating to your physical or physiological behaviour

Please remember that if you choose to withdraw your consent to our processing of these categories of information, we will be unable to provide our services to you.

Information we receive from other sources.

  • Information from business partners, suppliers and subcontractors - such as doctors, laboratories and nutritionists, for example; blood test results, Doctor commentary on results etc.
  • Advertising networks and information providers - we work closely with advertising networks, analytics and search information providers and we sometimes receive information about you from them.
  • Information from other websites and services we operate and provide - where this happens, we will let you know about sharing the information internally or combining with information from the Website.

3. How do we use it?

We only ever use your information in line with data protection laws - in particular, the EU General Data Protection Regulation, otherwise known as GDPR. In short, this means we only use it where we have a legal basis to do so. These are the general legal basis for which we use your information:

  • Consent - you have given clear consent to us to process your personal information for a specific purpose.
  • Our contract - processing your personal information is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.
  • Legitimate interests - processing your personal information is necessary for our legitimate interests or those of a third party, provided those interests are not outweighed by your rights and interests.

Here are the specific reasons we process your personal information:

  • to allow you to access and use our Website and to register for an account;
  • to provide you with the information, products and services that you request from us;
  • to do things necessary for our business, such as pursuing debts or ensuring the security of our services and Website;
  • to carry out statistical analysis and market research;
  • for marketing, advertising and promotional purposes;
  • for improving and maintaining our Website, preparing reports or compiling statistics in order to improve our services;
  • to notify you about changes to our services and to keep you informed about our fees and charges; and
  • with your consent only, to contact you (including by email or post) with information about our products and services which either you request, or which we feel will be of interest to you.

4. Sharing your information

We may share your personal information with the following categories of third parties, including:

  • our service providers and sub-contractors, including but not limited to payment processors, suppliers of technical and support services and cloud service providers;
  • companies that assist us in our marketing, advertising and promotional activities;
  • analytics and search engine providers that assist us in the improvement and optimisation of our Website; and
  • any third parties that you have agreed that we may share your personal information with for marketing purposes.

If we share your personal information to third parties, they will only legally be able to use it for the purpose of providing services to us. We make sure that third parties we share personal information with follow equivalent privacy and security procedures to our own to protect your information.

We may anonymise and aggregate your data to create health reports and statistics. This may be used for marketing or shared with third parties for purposes of academic research.

Finally, we may also disclose your personal information to third parties in certain exceptional circumstances as follows:

  • if we sell or buy any business or assets, we may disclose your personal information to the seller or buyer of that business or those assets;
  • if Thriva or most of our assets are acquired by a third party, in which case personal information held by Thriva will be one of the transferred assets;
  • if we are required by any applicable law or law enforcement organisation to do so;
  • in order to enforce or apply our terms and conditions or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or
  • to protect the rights, property, or safety of Thriva, our customers or other persons. This may include exchanging information with other organisations for the purposes of fraud protection and credit risk reduction.

Except for what is written in this policy, we will never share any of your personal information to any third party without notifying you and/or getting your consent. If you do consent and later change your mind, you can remove consent and therefore our permission to use this information. See below for your rights to withdraw consent.

5. How long we store your data for

We store personal information for as long as you use the services we provide and then as required to comply with applicable laws. In particular, we are required by law to hold medical records for 10 years.

6. Your choices and rights

Choices:

At any time:

You can choose not to provide us with personal data

If you choose to do this, you can continue to visit our website and browse its content, but we won’t be able to provide you with services, even if you have already paid for them.

You can turn off cookies in your browser settings

If you turn off cookies, you can continue to visit our website and browse its content, but our online services might be less effective.

You can choose for us not to use your personal information for marketing

We will request your consent to do this, but you can choose to refuse your consent. If you have given your consent and want to retract it later, then you can either unsubscribe to the communications or opt out by contacting us at hello@thriva.co.

Rights:

You can contact us by email at hello@thriva.co at any time, to request that we:

  • update any personal information which is out of date or incorrect;
  • delete any personal information which we are holding about you;
  • restrict the way that we process your personal information;
  • provide your personal information to a third party provider of services; or
  • provide you with a copy of any personal information which we hold about you on request to dpo@thriva.co (although we reserve the right to charge reasonable fee for this if requests are excessive or repetitive).

You have the right to withdraw your consent in relation to us processing your special categories of personal data (as mentioned above) at any time. You can do this by contacting us through online chat or via hello@thriva.co.

If you withdraw your consent to us processing your personal data, especially the special categories above, this will mean that we are unable to provide our services to you. In addition, please remember that we are required by law to retain medical records for 10 years.

7. Transfers of information

The personal data we collect is processed at our offices in London and in any data processing facilities operated by the third parties. Technology businesses often use third parties to help them host their application, communicate with customers, power their emails etc. We carefully vet any services we use to ensure they adhere to high standards of security and privacy.

When we do this, sometimes it is necessary for us to share your data with them in order to allow these services to work. Your data is shared only when strictly necessary and according to the safeguards and good practices detailed in this Privacy Policy.

Below is a list of the main third party providers we use:

  • Infrastructure: Heroku, Amazon Web Services, Sentry
  • Analytics: Mixpanel, Segment, Full Story
  • Communications: Mailchimp, Intercom, Sendgrid, Twilio
  • Payments: Stripe

If we transfer or store your information outside of the EEA, then we will take steps to inform you of this by outlining it in our privacy policy and taking all reasonable precautions to ensure privacy rights continue to be protected.

8. Security of your personal information

Our responsibility to you

At Thriva, we have physical, electronic and managerial procedures in place to protect and secure the information we collect. We are committed to protecting personal information from loss, misuse, disclosure, alteration, unauthorised access and destruction and we take all reasonable precautions to safeguard the confidentiality of personal information.

We make every effort to protect your personal information. However, there is always an inherent risk, beyond our control, in sending information over the internet. If we do ever encounter any online data breaches, we commit to taking prompt action to resolve the situation to protect your information.

We use Stripe for payment transactions and so do not hold payment or payment card data.

Your responsibility to us

Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

9. Third party websites

Our Website may, from time to time, contain links to websites operated by third parties.This privacy policy only applies to the personal information that we collect through this Website and we cannot be responsible for personal information collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We don’t endorse or accept any responsibility for the content of those third party websites or third party terms and conditions or policies.

10. Cookies

Some pages on our Website use cookies, which are small text files placed on your device (such as your computer, tablet or mobile phone) when you visit our Website. We use cookies in order to offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences. For more information, please see www.allaboutcookies.org.

Please click here to view our separate cookie policy, which is part of this privacy policy.

11. Contact us

Questions, comments and requests about this privacy policy or how we collect, use or store your personal information are welcomed and should be emailed to hello@thriva.co or our data protection officer.

If you believe we have breached your rights, you can follow the procedure in this article - https://intercom.help/thrivahelpcenter/about-thriva/how-do-i-make-a-complaint - or you can make a complaint to the UK Information Commissioner's Office (https://ico.org.uk) or seek remedy through your local courts if you believe your rights have been breached.

This privacy policy was last updated on 16th May 2018