Privacy Policy

Updated July 2023
Thrive is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice)

Contact Details

Our full details are:

Full name of legal entity: Thrive MS Ltd

Company Number: 13236829

Email address:

Postal Address 3-4 Brittens Court, Clifton Reynes, Olney, United Kingdom, MK46 5LG

Transfer of data outside of the European Union

Thrive do not operate outside of the European Union.

Collection of personal data

We will only require you to provide us with the personal information appropriate for us to complete specific tasks, for example, when you place an order we require you to provide us with sufficient personal information so that we may process your order, despatch it to you and also so that we may contact you in the event of a problem or to draw your attention to related goods or services.

Use of your information and your preferences

We will use your information to provide and personalise our service. We will use your contact details to communicate with you. We may use your information to send you news about our products and services. We share limited information (name, email, and D.O.B only with an awarding body for certification). We do not share your information with any other organisation.
Please note that there may be instances where it may be necessary for us to communicate with you, in any event, for administrative or operational reasons relating to our services.

Disclosure of your information

We will only disclose your information in the manner permitted by our registration or where required to do so by law.

Other websites

Our website may contain links to other websites which are outside our control and are not covered by this privacy policy. If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their privacy policy.

Use of cookies

To make full use of the online personalised features on Thrive website ( your computer, tablet or mobile phone will need to accept cookies, as we can only provide you with certain personalised features of this website by using them. Our cookies do not store sensitive information such as your name, address, or payment details: they simply hold the ‘key’ that, once you are signed in, is associated with this information. However, if you would prefer to restrict, block, or delete cookies from Thrive you can use your browser to do this. Each browser is different, so check the ‘Help’ menu of your browser (or your mobile phone’s handset manual) to learn how to change your cookie preferences.
More information about cookies and how to control how they are set can be found at

Privacy of personal data

We always aim to protect the security of your personal data. We aim to accomplish this by using a combination of methods including, but not limited to:
  • Whenever your personal information is exchanged between your web browser and our web server, we use highly effective methods of encryption – this is currently 128-bit SSL (secure sockets layer) encryption.
  • This makes it extremely difficult for someone to intercept and read the information being passed between your web browser and our web server.

Data Protection (GDPR)

As a UK based business, our handling of your information is controlled by the UK Data Protection Act 1998 (as of May 25th, 2018 this become GDPR). We, therefore, take great care to protect your personal information or anything which might identify you personally such as:
  • First name and last name and D.O.B.
  • Email address
  • Organisation information (e.g. Name, Address, Telephone number)
For the purposes of this document, “personal data”,” processing “, “data controller” and” data processor” have the meanings ascribed to them in the Data Protection Legislation (GDPR). To the extent that Thrive is deemed to be a data processor in respect of personal data processed under the contractual agreement Thrive shall:
  • Process personal data lawfully, fairly, and transparently, in accordance with the GDPR.
  • Provide full details of what data is needed, why it is needed, and for how long it will be kept, and this information shall be given at the point it is collected.
  • Never take more data than is necessary for Thrive to fulfil its contractual obligations, and to delete it when it is no longer needed.
  • Make all data available for alteration, transfer, deletion, or restriction upon request by the data subject.
  • Implement appropriate technical and organisational measures to safeguard the personal data from unauthorised or unlawful processing, accidental loss, destruction, or damage
  • Obtain, use, process and disclose personal data in the performance of its obligations under the Agreement only.
But without limitation, each party shall:
  • only carry out processing of such data in accordance with the other instructions
  • only disclose it to or allow access to it by those of its employees (or agents or subcontractors) who are familiar with data protection requirements and whose use of such data relates to their job or function
  • assist the other with all subject information requests received from data subjects.
For the avoidance of doubt, neither party (or its agents or subcontractors) shall acquire any rights in any of the other’s personal data or sensitive personal data and shall only be entitled to process it in accordance with its contractual obligations. On termination of the contract each party (or its agents or subcontractors) shall immediately cease to use the same and shall arrange for its safe return or destruction as shall be agreed with the other at the relevant time. Each party confirms that it owns, or has all necessary rights in the use of, all intellectual property in relation to the Services and each acknowledges that such intellectual property shall remain the property of, or the rights in the use of shall remain with the originating party, unless otherwise agreed in writing between the authorised representatives of Thrive and the purchaser.

Each party agrees to indemnify the other against any actions, costs, liabilities, losses, damages and expenses which the other may suffer or incur as a result of any claim by a third party in relation to ownership or use of any relevant intellectual property, provided by the other party.

Data Security

We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees who have a business need to know such data. They will only process your personal data on our instructions, and they must keep it confidential. We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.

Your Legal Rights

Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.

You can see more about these rights at: regulation-gdpr/individual-rights/

If you wish to exercise any of the rights set out above, please email us at

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (

We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.