Thrive (a trading name of Thrive Therapeutic Software Ltd) ("We") are committed to protecting and respecting your privacy.
This policy (together with our Terms of Website Use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Act 1998 (the Act), the data processor and data controller is Thrive Therapeutic Software Ltd Ltd of 15 Warwick Road, Stratford upon Avon, Warwickshire CV37 6YW.
Information we may collect from you
We may collect and process the following data about you:
- Information that you provide by filling in forms on our site www.thrive.uk.com (our site). This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. We may also ask you for information when you report a problem with our services.
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of transactions you carry out through our site and of the fulfilment of your orders.
- Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
- Details of how effective the treatment provided through our apps is and your progress during your use of our apps.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to analyse aggregate information. Knowing where and when people are accessing our service helps us provide better content. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
Where we store your personal data
The data that we collect from you is mostly kept in the European Economic Area (EEA). In particular the data regarding your progress within our apps is always kept either on your device only or on a server in the EEA. We consider these data to constitute a medical record and we treat it as such.
Some other information may be transferred to, and stored at, a destination outside the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. This is specifically for the purpose of fulfilling of your order, the processing of your payment details and the provision of support services. Currently the two third party suppliers we use for this purpose are Apple Incorporated (www.apple.com) and Stripe (www.stripe.com).
All information you provide to us is stored on secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Please ensure you access our services from secure locations. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How long we store your data for
We consider the data you generate as you use our applications to constitute a medical record. We follow the National Health Service guidance on how long your records should be retained. According to the guidance 'records of people who have been treated for a mental disorder should be retained for 20 years after the date of last contact between the patient and any healthcare professional employed by the mental health provider, or eight years after the death of the patient if sooner'. Please see the NHS Choices website for more details. Since they are medical records, and we are obliged to retain them following national guidance. In exceptional circumstances we can delete your record at your request. Please contact us on email@example.com to request this.
Other data regarding your account, payment details, or any non-medical record will be deleted on request.
Uses made of the information
We use information held about you in the following ways:
- To establish how you are responding to treatment.
- To help us make improvements to the methods of treatment and the apps themselves.
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- To carry out our obligations arising from any contracts entered into between you and us.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To notify you about changes to our service.
- To monitor your progress during your use of the app.
Our default position is not to disclose information about identifiable individuals to anyone. We will never pass on your information to advertisers.
From time to time we engage in academic research and we collaborate with various universities. If we believe you might be interested in participating we will contact you directly to ask for your consent to participate. We will not use any information about you for the purposes of research without your consent.
We provide services to various organisations who are interested in improving the wellbeing of their members. If you are using our services as provided through one of our partner organisations we may provide them with aggregate information about our users from that organisation (for example, we may inform them that 500 users per day use our services and that they spend on average 20 minutes using our service). We may also use such aggregate information to help organisations improve their wellbeing programmes by focusing on specific areas or conditions as revealed by the data in aggregate.
Disclosure of your information
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Thrive or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Website Use or Terms and Conditions of Supply and other agreements; or to protect the rights, property, or safety of Thrive, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- If a lawful request is made by appropriate regulatory or law enforcement agencies. Such disclosures will always follow the Caldicott Principles.
You have the right to ask us not to process your personal data for marketing purposes. Our current position is not to do this ever. If we change this policy we will inform you before collecting your data. If you have any concerns about this please contact us at firstname.lastname@example.org.
Our site may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to information
You have the right to access information held about you. Your right of access and portability can be exercised in accordance with the Act and the Caldicott Principles. Any access request may be subject to a fee of £10 to meet our costs in providing you with the information we hold about you.