Privacy Policy

About this Privacy Notice

Thrive Therapeutic Software Ltd (Thrive) is committed to protecting your personal information and being transparent about how we use it, whether you use our App, Thrive: Mental Wellbeing (Thrive App), or are applying for a job with us, or we have a commercial relationship.

This Privacy Notice gives you a clear explanation about how Thrive collects personal information (or “personal data”), the types of personal information we collect, how we use it (or “process” it) and whether we share it with anyone else. It also explains your legal rights and choices regarding the information you provide to us.

Children’s Privacy: Our services are not aimed at children. In the limited circumstances where we may collect and use personal information about children, we will comply with relevant law and guidelines.

Please take the time to read this information carefully and if you have any questions about it please contact Thrive’s Data Protection Officer (DPO), whose contact details can be found below.

Our Contact Details

If you need to contact us about this Privacy Notice or have any query relating to your personal information, you can contact us by email or post. Please contact our Data Protection Officer using any one of the contact details below.

Data Protection Officer
Thrive Therapeutic Software Limited
15 Warwick Road
Stratford Upon Avon
CV37 6YW
[email protected]

Who Is Responsible for Your Personal Data?

Thrive is responsible for how and why your personal data is used. The legal phrase for this is Data Controller (or “Controller”).

Thrive is a limited liability company incorporated in England & Wales with registration number 07928073.

Security of Your Personal Data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. For example:

  • Your personal data is encrypted both on transmission and at rest;
  • All access to our live database is logged;
  • Access to our live database is restricted to those staff that require it to provide the service;
  • Your personal data is securely stored on servers located in London, UK which are protected by extensive physical security;
  • Thrives IT systems are scanned daily for vulnerabilities.

We have also put in place procedures to deal with any suspected or actual personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We restrict access to your personal data to those employees, agents, contractors and third-party service providers that have a legitimate requirement to be able to access your information. In any event, we have taken the necessary measures to ensure that these other parties handle your information securely and only on our instructions.

No data transmission over the internet can be guaranteed to be completely secure. So, whilst we strive to safeguard your personal data, we cannot guarantee the security of any information you provide online and you do this at your own risk.

If you would like more specific information about our security measures please contact our DPO.


By using our website, you agree that we can use cookies for the purposes described below on your device unless you adjust your browser to manage or prevent cookies.

In addition to the information which you supply to us, our website uses some standard technology to automatically collect further information from your visit, through the use of cookies.

Cookies are small text files which are downloaded to your device when you visit our website. Software on your device, for example, a web browser, stores the cookies and sends them back to our website next time you visit. Cookies allow websites to recognise your device and preferences and provide information to the owners of sites which can be used to improve your online experience. Cookies allow us to manage user preferences, enable content, recognise repeat users and gather analytic and usage data so we can observe behaviour and compile aggregate data to improve our website for you.

We do not use cookies to deliver targeted advertising.

Please see our cookie policy to learn more about how we use cookies and how to opt out of using them.

Links to Other Websites

Our website may contain links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their Privacy Notices. When you leave our website, we recommend that you read the Privacy Notice of any website you visit.

Information We Transfer Outside the European Economic Area (EEA) and the UK

Some of our service providers are located outside the EEA, and so to use their services your personal data may be transferred outside the EEA.

Whenever we transfer your personal information to countries outside the EEA, we will process and safeguard your information in accordance with this Privacy Notice, ensure that it is adequately protected and that the transfer complies with data protection law.

We only transfer personal information to other countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your personal information. For example, we will ensure that your data is transferred:

  • to countries, which fall under an adequacy decision by the EU-Commission and have been deemed to provide an adequate level of protection for personal data, currently including Switzerland, Uruguay, Argentina, Japan, Israel, Isle of Man, New Zealand, Guernsey, Canada, Andorra, Faroe Islands and Jersey;
  • or are
  • Governed by one of the following safeguards: EU Commission-approved Standard Contractual Clauses;

If you would like more information about the safeguards and mechanisms we deploy to ensure your information is adequately protected when it is transferred outside the EEA, please contact Thrive’s DPO.

You have the following legal rights in relation to the processing of your personal information:

  • To be informed: You have the right to know what personal information we are processing about you, how and why. The information in this Privacy Notice, together with other information on our website, is intended to provide you with this information. If you need more information, please contact our DPO.
  • Access: You have the right to request a copy of your personal information that we hold about you together with other information relating to its use, subject to the application of any relevant legal exemptions.
  • Erasure: At your request, we will delete your personal information from our records providing we don’t have an overriding legitimate reason for holding on to it.
  • Rectification: We aim to keep your personal information accurate, current, and complete. We encourage you to contact us by emailing [email protected] let us know if any of your personal information is inaccurate or changes so that we can keep it correct and up-to-date.
  • Objecting: In certain circumstances, you have the right to object to the processing of your personal information where we are: (i) processing your personal information on the legal basis of legitimate interests and we have no compelling reason we can demonstrate to continue with that processing, or (ii) using your personal information for direct marketing, or (iii) using your personal information for statistical purposes.
  • Right to restrict processing: you have the right to ask us to restrict the processing of your personal information whilst a disagreement is resolved about its accuracy or whether we can use it on the legal basis of “legitimate interests”.
  • Rights related to automated decision making: where we take automated decisions in relation to your personal information with no human involvement (i.e. such as credit scoring) you have the right to ask us for human intervention or to challenge any such decision.
  • Right to withdraw consent: If you have provided your consent to the collection, processing and transfer of your personal information, you have the right to fully or partly withdraw your consent.
  • Portability: You have the right to request that some of your personal information is provided to you, or to another information controller, in a commonly used, machine-readable format.

How to Exercise Your Legal Rights:

You may exercise any of the above rights, at any time, by emailing [email protected] together with a proof of your identity, i.e. a copy of your ID card, or passport, or any other valid identifying document.


If you believe that your information protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority, or to seek a remedy through the courts.

Updating Your Personal Data

If any of the personal data that you have provided to us changes, for example, if you change your email address or if you wish to cancel any request you have made of us, or if you become aware we have any inaccurate personal data about you, please let us know by sending an email to [email protected].

We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.

Change of Ownership

If we were to sell or transfer Thrive to another organisation, your records would also transfer to the new owner. Limited information may also be shared, where required, with legal and other professional advisors involved in that transaction.

The reason we would transfer your records is to minimise the disruption to the ongoing operation of Thrive and to ensure we and a new owner were able to comply with our legal obligations regarding the retention of such records, including the ongoing delivery of care to our members and others.

Changes to our Privacy Notice

We will update and change this Privacy Notice from time to time to reflect any significant changes to how we process your personal data or changing legal requirements. Any changes we may make to this Privacy Notice in the future will be posted on our website on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates to our Notice to make sure you are happy with any changes.

Want More Detail?

The type of personal information we collect and how we use it will vary depending on our relationship. To find out more about how we use your personal information, you should select and read the detailed Privacy Notice that applies to our relationship.

Simply choose from the options below: