Introduction

Thryv is dedicated to safeguarding your privacy and upholding the highest standards of data protection. We acknowledge the trust you place in us by providing your personal information and recognise the importance of protecting and respecting your privacy. In full compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act in effect in the UK (“Data Protection Laws”), we adhere to established clinical and medical guidelines.

Scope of our Privacy Policy

This privacy policy pertains to individuals who engage with our products and services in any manner, including but not limited to email communication, telephone conversations, or postal correspondence. It outlines the principles governing the collection, retention, and processing of personal data pertaining to you. We will elucidate our procedures concerning the acquisition, use, safekeeping, and disclosure of personal data that we collect from you and/or maintain about you. Additionally, it elucidates your rights in relation to your data.

Should you have any inquiries or concerns regarding the information contained in this policy or our approach to handling your data, please do not hesitate to contact us at hello@thryv.group.

We encourage you to carefully review the following details to understand how we handle your personal data. By using our website, providing your personal information to us, or using our services, website, or other online or digital platforms, you implicitly consent to the practices detailed or alluded to in this Privacy Policy. Wherever reference is made to “we,” “us,” or “our,” it signifies Thryv. References to “you” or “your” denote any individual who interacts with us concerning our products and services.

Collection of Personal Information

In this policy, the term “personal data” denotes information that can identify you as an individual or has the potential to do so. We may gather this information directly from you or from a third party, including but not limited to family members, legal guardians, insurance companies, healthcare professionals, clinical referrers, and others.

To provide you with our services, we may accumulate information about you through various interactions with us, including visiting our website, digitally completing an enquiry form, or communicating with us via post, email, or telephone. Depending on the services you receive from us, this may encompass sensitive personal data related to your health.

Personal data collected from you may encompass the following:

Details provided by you when you make an enquiry, become a client, or apply for a job, including your name, address, and contact information (such as email address and phone number).
Contact details (including phone number) and name of your next of kin. If such details include personal data about the individual, it is your responsibility to ensure their awareness and acceptance of the terms outlined in this Privacy Policy.
Records of referrals, quotes, and other contact information and correspondence we have had with you.
Information regarding the services or treatment you have received from us, doctors we have referred you to, or third parties who have referred you to us.
Data obtained from customer surveys, promotions, and competitions in which you have participated.
Recordings of phone calls with you that we either receive or make.
Health-related notes and reports, including information about treatments provided, and photographs of your treatment (when your consent, verbal or written, is granted).
Client feedback and treatment outcome information provided by you.
Information regarding complaints and incidents.
Data you provide when making payments to us, such as financial or credit card information.

Automatic Collection of Personal Data

When you use our website, we may automatically gather personal data about you, including:

Technical information, such as the Internet Protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone settings, browser plug-in types and versions, operating system, and platform.
Information related to your website visit, encompassing the full URLs, clickstream data to, through, and from our site (including date and time), products you viewed or searched for, page response times, download errors, duration of visits to specific pages, page interaction information (e.g., scrolling, clicks, and mouse-overs), and methods used for navigating away from the page.

Lawful Basis of Processing

We typically process personal data concerning our customers and individuals receiving our services when we are either under a contract or in the process of negotiating one. Such processing is necessary for the execution of the contract or when specific steps are requested before entering into a contract.

Additionally, we may process limited personal data of contacts for the legitimate interests of our clinic. We possess a legitimate interest in maintaining contact with our customers and contacts, which may encompass sending targeted emails regarding updates about our business. We have weighed this legitimate interest against the rights of the individual and do not consider it unreasonable, as individuals at all times have the right to request the erasure of their personal data.

Categories of Personal Information

We process two categories of personal information and data about you:

a. Standard personal demographic information (e.g., your name, contact details, address).
b. Special categories of information (e.g., gender, date of birth, medical history, clinical information, ethnicity to assist us in tailoring our care, and information about credit financing and criminal history to enable anti-fraud and credit rating checks).

Collection of Personal Data

We may collect personal data about you when you:

a. Visit our website.
b. Enquire about our services or treatments (please note that, for training and service improvement purposes, calls to Thryv and its agents may be monitored or recorded).
c. Register as a customer or client with us or book any of our services or treatments, including those provided by doctors to whom we refer you.
d. Complete forms or surveys for us.
e. Engage in transactions on our website.
f. Participate in competitions, promotions, or other marketing activities.
g. Make online payments.
h. Contact us via email, telephone, or social media.
i. Engage in interactive features provided through our websites and digital media.
j. Health Information Collected During the Provision of Treatment or Services

Sensitive personal data, including information related to your health, will only be disclosed to third parties involved in your treatment or care with your explicit consent. If you become our client, you will be asked for consent to share information with doctors, other medical professionals, and insurance companies.

Where applicable, such information may also be disclosed to individuals or organisations responsible for covering your treatment expenses or their agents. It may additionally be shared with external service providers and regulatory bodies (unless you object), specifically for the purposes of clinical audits aimed at ensuring the highest standards of care and record-keeping.

Medical Professionals Working with Us

We share clinical information about you with medical professionals associated with your treatment. These professionals may include our employees, independent consultants in private practice, or consultants and clinicians employed by the NHS. Independent consultants and other doctors or medical practitioners act as data controllers for your personal data, either independently or jointly with us. They are required to maintain their own records in accordance with Data Protection Laws and relevant clinical confidentiality guidelines and retention periods. In such cases, we may refer you to them to exercise your rights over your data.

Your GP

If the healthcare professionals treating you believe it to be clinically advisable, we may share information about your treatment with your GP. You have the option to decline this, subject to legal permissions. However, it is important to recognise that withholding comprehensive medical history from your GP can pose serious risks to your health, and we strongly discourage it.


The NHS

If you are referred to us for treatment by the NHS, we will share details of your treatment with the NHS entity that referred you to us, as necessary to perform, process, and report on that treatment.

Medical Regulators

We may be requested, and in some cases, obligated, to share specific information (including personal data and sensitive personal data) about you and your care with medical regulators, such as the GMC, HCPC, or NMC. This may occur, for instance, if you lodge a complaint, or if the conduct of a medical professional involved in your treatment is alleged to have fallen below the appropriate standards and the regulator wishes to investigate. We will ensure that we adhere to the legal framework and respect your privacy in such cases.

We participate in audits and initiatives aimed at ensuring that clients receive the best possible outcomes from their treatment and care. Your personal data will be treated with the utmost confidentiality in line with Data Protection Laws and confidentiality standards. Any data publication will be in anonymised, statistical form. Anonymous or aggregated data may be used by us or shared with third parties for research or statistical purposes.

Use of Your Personal Data

Your personal data will be kept confidential and secure, and unless you provide alternative consent, it will only be used for the purpose(s) for which it was collected and in accordance with this Privacy Policy, relevant Data Protection Laws, clinical records retention periods, and clinical confidentiality guidelines.

We process your personal information for several legitimate interests, including but not limited to:

a. Managing your care and treatment.
b. Maintaining communications in our relationship with you.
c. Conducting marketing analysis.
d. Developing products/services.
e. Facilitating our obligations to you arising from any contract between you and us, including the provision of services or treatments, billing, accounting, audit, credit or payment card verification, and anti-fraud screening.
f. Providing information, products, or services requested by you.
g. Supplying information about products or services that we offer and believe may interest you. Unless you have consented to receive electronic marketing communications from us (by checking the relevant box on the data collection form), we will only contact you electronically (via email or SMS) with information on products and services similar to those previously purchased or inquired about from us.
h. Informing you of changes to our products or services.
i. Managing our relationship with you, our business, and third parties providing products or services on our behalf (e.g., confirming that you have received a service you are covered for, validating invoices, etc.).
j. Investigating complaints.
k. Keeping our records up to date.
l. Supplying marketing information within legal limits.
m. Developing and executing marketing activities and presenting information tailored to your interests based on our understanding of your preferences, for statistical research and analysis to enhance products, services, websites, and apps, or to develop new ones.
n. Conducting market research in progress.
o. Assessing our performance, both clinically and non-clinically.
p. Enforcing our website terms of use, policy terms and conditions, or other contracts, or safeguarding our (or our customers’ or other individuals’) rights, property, or safety.
q. Exercising our rights, defending against claims, and complying with applicable laws and regulations affecting us and our affiliated third parties.
r. Participating in or being subject to sales, purchases, mergers, or takeovers involving all or part of the Thryv business.
s. Responding to requests when we have a legal or regulatory obligation to do so.
t. Verifying the accuracy of your information and the quality of your treatment or care, including auditing medical and billing information for insurance claims and as part of any claims or litigation process.
u. Supporting your doctor, nurse, or other healthcare professional.
v. Evaluating the quality and/or type of care you have received (including offering you the opportunity to complete customer satisfaction surveys) and addressing any concerns or complaints you raise, ensuring they are appropriately investigated.
w. Ensuring that content from our website is presented effectively for you and your computer.
x. Security of Your Personal Data

We safeguard all personal data in our possession by implementing suitable organisational and technical security measures to prevent unauthorised access or unlawful processing of personal data and to prevent data loss, destruction, or damage. Any personal data you provide to us will be retained only as long as necessary for the purpose for which it was collected and in accordance with all Data Protection Laws. Data protection regulations are harmonised throughout the European Economic Area (EEA), comprising EU member states, Norway, Iceland, and Liechtenstein. Countries outside the EEA generally do not offer the same level of personal information protection as those within the EEA. While we do not anticipate a need to transfer your data outside Europe, in the unlikely event that such a situation arises, we will keep you informed and ensure the existence of appropriate procedures to facilitate such transfers.

All information provided to us is securely stored. Payment transactions on our website are processed securely by third-party payment processors. We do not retain any form of personal financial or payment information ourselves. Upon request, we may occasionally transfer personal information to you via email, or you may opt to send information to us via email. It is important to note that email is not a secure method of information transmission, and if you choose to send or receive such information via email, you do so at your own risk.

Disclosure and Sharing of Your Personal Data

We may disclose your personal data under various circumstances as part of our regular business operations. This disclosure may include sharing your personal data with contracted organisations that support the delivery of our services. The following parties are examples of those with whom we may share your personal data:

a. Contracted Medical and Clinical Staff: We may share your data with medical and clinical practice staff who are part of our contracted team. This is essential for the delivery of our services and treatments.
b. Business Partners and Suppliers: In the course of our contractual agreements with you, we might need to share your data with business partners and suppliers who play a role in the delivery of services.
c. IT Systems and Support Providers: To ensure the secure storage and management of your information, we may share your data with organisations providing IT systems and support services.
d. Third-Party Debt Collectors: In cases where debt collection is necessary, we may share your data with third-party debt collectors.
e. Third-Party Service Providers: For purposes like information storage and confidential destruction, we might share your data with third-party service providers.
f. Third-Party Marketing Companies: If you consent to it, we may share your data with third-party marketing companies. However, this sharing will only concern products and services that we provide.

When we work with third-party data processors, we ensure that they adhere to contractual restrictions regarding confidentiality and security, in addition to complying with Data Protection Laws. Additionally, there are situations where we may disclose your personal data to third parties, such as:

a. Business Transactions: If we buy or sell any business or assets, your data may be disclosed as part of such transactions.
b. Legal Obligations: We may disclose your data to comply with legal requirements, such as responding to legal authorities in the context of claims or legal proceedings.
How Long We Keep Your Personal Information

The duration for which we retain your personal information is determined by several factors, including:

a. The length of time you’ve been a client and the level of service provided to you.
b. The reasonable duration needed to demonstrate compliance with our obligations to you.
c. Time limits for making claims.
d. Legal requirements or recommendations from regulators, professional bodies, or associations.
e. Relevant legal proceedings.

Here are specific retention periods for certain types of information:

a. Clients: We retain your Personal Data for at least 6 years after the contract has ended to ensure compliance with the contract. Limited Personal Data may be kept for a longer period, as it serves our legitimate business interest in providing ongoing services.
b. Enquiries: Limited Personal Data, including contact details, may be kept for up to six months to address follow-up questions related to enquiries.
c. Marketing: We only send marketing information if you consent to it at the time of making an enquiry or becoming a client. You can unsubscribe at any time.
d. Recruitment: If you apply for a job with us, your information will be kept for a maximum of 12 months if you are not successful.

For more information about data retention, you can contact us at hello@thryv.group.

Marketing

We may send you information about our products and services via mail, email, phone, or SMS if you’ve consented to it. You can opt out at any time by emailing hello@thryv.group. We request a reasonable notice period to update our systems.

Changes to Our Privacy Policy

Our Privacy Policy is regularly reviewed and may be amended without notice. We encourage you to review it periodically to stay informed.


Legal Basis for Processing Personal Data

Our processing of personal data is based on the legal grounds provided by data protection legislation. These include:

a. Consent
b. Contractual obligation
c. Legal obligation
d. Legitimate interests, provided they do not override your interests and fundamental rights

Retention of Personal Data

Your Rights in Relation to Your Information

You have several rights concerning your personal data, including:

a. Right of access
b. Right to rectification
c. Right to erasure
d. Right to restriction of processing
e. Right to object
f. Right to data portability
g. Right to withdraw consent
h. Right in relation to automated decisions

To exercise your rights, please contact hello@thryv.group.

 

​

Non-Personal Information and Cookies

 

When you visit our website, cookies are used to enable various features and gather information. We may also use other companies to set cookies on our website and collect cookie-related data. Additionally, we may analyse Internet Protocol (IP) addresses or other anonymous data sources.Cookies: Cookies are text files that contain small amounts of information downloaded to your device when you visit a website. They are sent back to the website on subsequent visits and help the website recognise your device. Cookies serve various functions, including improving user experience and ensuring relevant online advertisements.Our websites use cookies for different purposes, categorised as follows:Category 1: These are essential for using our websites’ features and services, and your consent is not required for their use.Category 2: These collect information about how visitors use the website to improve its functionality. They do not identify individual users and are used for analytical purposes.Category 3: These allow the website to remember user preferences and provide personalised features.Category 4: These are used for targeted advertising and may be shared with advertising networks.Please note that third parties may also use cookies over which we have no control. You can learn more about managing cookies from the ICO website: https://ico.org.uk/for-the-public/online/cookiesOther Websites: Our website may contain links to partner networks’ and affiliates’ websites. These websites have their own privacy policies, and we are not responsible for their policies. Please review their policies before sharing any personal data.

Data Protection Contacts

If you have questions regarding our privacy policy, please contact us at hello@thryv.group or write to our Data Protection Officer at the following address:

Thryv Ltd
1 Salisbury Row
Hungerford, RG17 0AA