Typically any link on the site that goes to a checkout or customer account page, such as what Miva Merchant users often include in global headers, or on the basket page, should be https to avoid that issue. If you've hard coded any links, those would need to be altered, but if you're using tokens in your page templates, normally they should be secure already. Support can investigate, and if a stock theme is not secure towards the checkout pages, that would be a bug we will report to our developers, but can fix for you immediately.

You can also choose to run the entire site in https mode but that will require settings changes that support can help you with, and also should only be done if you are sure you haven't hard coded any content into the pages using http:// URL's, such as images, since running in secure mode but with insecure content will produce errors on the shoppers' computers.

Thanks David.

I'm not much of a coder, but it appears that the footer is ok, but the Divino header is using http in two occasions:

I'll wait for support to take a look.

You can just replace
http://&mvt:global:domain:name;/ with "/" or //&mvt:global:domain:name;/