CQC is the independent regulator of health and social care in England. It monitors, inspects, rates and regulates clinical services.
Thriva’s new CQC registration means we have to update our privacy notice. We’re making these changes to align how we handle personal data with the new regulatory requirements that apply to us as a CQC regulated entity. The key changes include:
We are changing the lawful basis and special category conditions that we rely on to process health data
Our new processing activities
Our home blood testing kits are CE-marked. This means everything in our kits meet health and safety requirements within the European Economic Area (EEA).
Our team of NHS doctors, data scientists and clinicians use the power of technology to ensure that everything we do is safe and credible. Our medical device products are also regulated by the MHRA.
Our class 1 medical software device draws on data from more than 500 peer-reviewed scientific publications to provide relevant and personalised health information. Doc-chain combines data — such as blood results and self-inputted health data — with the latest evidence to deliver health insights to users. This information allows better understanding of blood results, and their importance for health. Doc-chain also delivers scientifically-backed interventions, which include next steps on how you can make improvements to your health. Increasing health knowledge empowers users to take better control of their health, which is the first step to improving health outcomes.
Thriva is committed to allowing our customers control over what happens to their personal data. If these changes aren’t for you, you can opt out by clicking here to delete your account. You may wish to download your test results before deleting your account
Thriva has achieved and maintains an ISO 27001 certification, the international standard for managing information security.
Thriva encourages anyone who believes they have found a security bug or vulnerability in any of the applications or services we create or use to report it to infosec@thriva.co.
When investigating and reporting an issue, please:
Thriva values the expertise and effort of those who take the time to report vulnerabilities. Thriva will respond to anyone who has submitted a valid report. You are welcome to ask about the status of a vulnerability report.
At this time, Thriva does not operate a bug bounty programme or provide monetary rewards for vulnerability disclosures.