TFP Fertility Privacy Policy

At TFP, we value your trust and confidence. This privacy policy explains what types of personal information will be gathered when you visit TFP's website, how we keep it secure, and how this information will be used. We are committed to being transparent and ensuring the protection of your privacy.

General Information

This Privacy Policy describes how TFP Fertility Group Ltd and its affiliates and partners ("TFP," "we," or "us") collect and process your personal information when you visit our website, use our digital applications, and interact with us via our clinics, live chats, email communications, and social media channels (together, the "Services").

This policy applies to all company web pages under www.tfp-fertility.com.

In some cases, TFP Fertility Group Ltd and the local clinic responsible for your care may act as joint controllers of your personal data. This means we jointly determine how and why your data is processed. We have agreements in place to ensure that your rights are protected and that responsibilities for GDPR compliance are clearly defined between the parties.

What data do we collect?

You directly provide most of the information we collect. We collect and process data you provide via three methods:

Information that you provide us:

• Contact Information: Your name, email address, mailing address, and phone number when you register for TFP Services, subscribe to TFP marketing, communicate with us, or make an enquiry.

• Patient Registration Information: Information provided in connection with your TFP "Patient Profile," including contact information, username, medical history, weight, height, age, gender, and other relevant details you consent to provide.

• Communications Information: Details of your interactions with our clinical or support teams, including certain calls (for training and Monitoring purposes), emails, live chats, video calls, and social media interactions.

• Survey and Review Information: Information you provide in surveys or testimonials about TFP goods and/or Services.

• Other User Information: Any other data you provide related to your use of TFP Treatment or Services, such as event bookings, appointment scheduling, and personal experience feedback.

Information we collect automatically:

Information generated through your use of the Services, events attended, appointments booked, classes attended, and phone enquiries made to TFP.

Patient Feedback from Patient Experience surveys received.

When someone visits our Netherlands pages on www.tfp-fertility.com, , we use Google Analytics standard internet tracking information collected anonymously to understand website usage patterns. We do not attempt to identify individual visitors through this data. If you visit our website, we collect the data below which are technically necessary for us to show you our website and ensure its stability and security):

• IP address

• Date and time of your inquiry

• Time zone difference to Greenwich Mean Time (GMT)

• Content of the request (actual page)

• Access status/HTTP status code

• Transmitted data volume

• Website from which the request is received

• Browser

• Operating system and its interface

• Language and version of the browser software

You may want to opt out of your data being used by Google Analytics, Google Analytics opt-out browser to learn more about the opt-out and how to properly install the browser add-on here.

How to Prevent Google Analytics from Tracking You (privacyaffairs.com)

Monitoring and Security Measures

To protect our patients, staff, and facilities, we may use the following tools:

CCTV Monitoring: Our clinics may operate CCTV cameras in non-sensitive areas (e.g. entrances, waiting rooms) for safety and security.

• Retention: Footage is typically retained for up to 2 years unless required for an investigation or legal proceedings.

• Legal basis: Legitimate interests (Article 6(1)(f) GDPR).

Portal documents

Documents uploaded to the patient portal are not deleted, even if they are no longer visible in the portal interface. All documents remain securely stored in accordance with medical record retention requirements and can be reinstated on the portal upon request.

Information We Collect from Third Parties

We may collect personal data about you from third parties where permitted by law. This may include:

• Third-party applications: Information shared via app stores or social networking sites, depending on your privacy settings. This may include public profile information or interaction history.

• Other third-party sources: Information provided by partners or service providers to help us improve our services, support your care journey, or respond to enquiries more effectively.

• Banks and payment providers: Data such as account or transaction details to verify payments, manage refunds, and resolve any billing issues.

• Credit reference agencies (e.g. National Debt Register BIG S.A.): Where appropriate, we may check financial standing before entering into a contract or agreement.

• Healthcare platforms and referring providers: If you are referred to us, or use an external system connected to our services, we may receive relevant information such as your name, contact details, medical history, or test results to ensure continuity of care.

We process this information only where necessary to provide healthcare services, support administrative processes, verify payment details, or fulfil our legal and regulatory obligations.

Providing your personal data is voluntary, but necessary for us to provide healthcare services. Without this data, we may not be able to enter into or perform our contractual obligations.

Analytics and Third-Party Tools

We use the following analytics and tracking tools to improve user experience and website performance:

1. Google Analytics: Collects anonymous internet tracking information to help us understand usage patterns. We do not attempt to identify individual visitors through this data. You may opt out by installing the Google Analytics Opt-Out Browser Add-on.

2. Microsoft Clarity and Microsoft Advertising: Captures behavioural metrics, heatmaps, and session replays to improve our products and services. Cookies and tracking technologies help determine product popularity and online activity. For more information, visit the Microsoft Privacy Statement.

3. VWO (Visual Website Optimizer, Wingify Software Pvt. Ltd.): We use VWO for A/B testing and website optimisation. It collects anonymised interaction data (e.g., click paths, scroll behaviour) to help improve usability. While Wingify is based in India, VWO processes all visitor data in data centres located within the EEA. For more information, see their Privacy Policy.

4. Meta Pixel (Facebook/Instagram): for measuring ad conversions and optimising campaign performance across Meta platforms. For more information, see their Privacy Policy.

5. LinkedIn Insight Tag: for measuring the impact of LinkedIn ads and enabling remarketing. For more information, see their Privacy Policy.

6. Call360 (Esale): We use Call360 to track calls made via dynamic phone numbers in order to understand marketing attribution and improve service performance. These dynamic numbers are only displayed when users have consented to targeting cookies via our cookie banner (OneTrust). This ensures full compliance with the EU ePrivacy Directive and GDPR. For more information, see their Privacy Policy.

7. Hotjar: for collecting anonymised session recordings and heatmaps that help us understand how visitors interact with our website content and improve usability. For more information, see their Privacy Policy.

8. Edudip (Webinar Registration Platform): We use Edudip to host webinars and manage registrations. When you sign up for a webinar, you may be redirected to an Edudip-hosted registration page. Edudip collects personal information (such as name and email) on our behalf to manage attendance and follow-up communications. We do not embed Edudip forms directly on our website. For more details, see Edudip’s Privacy Policy.

9. Storyblok (Website Content Delivery): We use Storyblok to manage and deliver the content displayed on our website, including the structure of forms. However, Storyblok does not process or store any form submission data. When you fill in a contact or enquiry form, your data is securely transmitted directly to TFP via email and is not retained on the website or by Storyblok. For more details, see Storyblok’s privacy policy.

How we use your personal data

User-provided information:

• Personal information you provide to TFP will only be used for the stated purposes, such as providing information about our treatments and seeking feedback from you.

• Personal information will not be sold to third parties or provided to direct marketing companies without your explicit permission.

• While contacting TFP for treatment, we may ask for your explicit consent under Article 6(1)(a) GDPR to take part in our patient-feedback surveys. Based on your consent, we will send emails asking about your experience at different stages of treatment. Your clinic is the controller for these survey emails. For the surveys we process your first and last name, email address, and your responses. Survey results are personal and could, in theory, be associated with your clinic patient file. A clinic team member may contact you after a survey to discuss your needs or how we can improve.

• We use third-party tools such as VWO to improve website functionality and user experience. VWO helps us conduct A/B testing, track user engagement, and visualise browsing patterns to enhance site usability. The data collected is anonymised and does not contain personally identifiable information (PII).

Automatic demographic and statistical information:

• Information collected through Google Analytics is used to evaluate the effectiveness of TFP's website and improve content relevance and marketing campaigns.

• Any disclosure of this information will always be anonymised and will not identify individual users.

How we store your data

We are dedicated to safeguarding your data:

• Regular reviews of our information-collection, storage, and processing practices are carried out to protect against unauthorised access.

• Access to personal information is restricted to authorised TFP and clinic employees, contractors, and agents, all of whom are subject to strict confidentiality obligations.

• We maintain robust administrative, technical, and physical safeguards to protect against unauthorised access, disclosure, or processing of personal information.

Personal information is stored on secure servers hosted by a third-party provider (Vercel) in the United States.
For EU users, these transfers rely on the European Commission’s EU-US Data Privacy Framework adequacy decision.
For UK users, they rely on the UK Extension to the EU-US Data Privacy Framework (the UK-US Data Bridge).

For surveys, we use AskNicely, and all data transfers between TFP companies are governed by Data Protection Agreements (DPAs).
Patient data is primarily stored at your registered clinic. However, we sometimes perform ultrasound scans through a partner organisation, Ultrasound Direct. If you receive a scan as part of your treatment, your data may be stored and processed in accordance with their own privacy policy.

Data retention period

We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy and to comply with applicable legal, regulatory, and professional obligations.

Netherlands – Healthcare and fertility data retention

In addition to the General Data Protection Regulation (EU GDPR), the retention of medical and health-related data in the Netherlands is governed by national legislation and professional standards, including:

• WGBO (Wet op de geneeskundige behandelingsovereenkomst): medical records must be retained for a minimum of 20 years from the date of the last treatment, unless a longer retention period is necessary for continuity of care or for legal reasons.

• Donor gametes and fertility treatments: records relating to donor sperm, eggs, or embryos must be retained for 80 years, in accordance with Dutch fertility legislation.

• BIG Act (Wet BIG) and KNMG Guidelines: these set additional ethical and professional obligations for secure and responsible medical record-keeping and may require extended retention in specific cases.

• Statutory limitation periods: where legal liability or potential claims may arise, records can be retained for longer to meet civil-law obligations.

We regularly review all retention periods to ensure they remain compliant with the latest Dutch healthcare and privacy legislation.

Marketing

We may, with your consent, send you information about TFP Fertility’s services, products, events, or partner offerings that may be relevant to you.
You can withdraw your consent or unsubscribe from marketing communications at any time by following the instructions in our emails or by contacting us directly.

We do not sell your personal data or share it with third parties for their own marketing purposes.

Cookie technology

Our website uses cookies and similar tracking technologies to enhance your browsing experience. You can disable or adjust your cookie settings at any time through your browser preferences.

We use a cookie preference centre to manage your choices in accordance with the EU ePrivacy Directive and the General Data Protection Regulation (GDPR).

Non-essential cookies — such as those used for analytics, advertising, and social media integration — are only activated after you provide explicit, informed consent. These cookies will remain disabled unless and until you choose to accept them.

You can review, update, or withdraw your cookie preferences at any time by selecting “Cookie Settings” at the bottom of any page.

For more details about the cookies we use and how we manage consent, please refer to our Cookie Policy.

Who we share your personal information with

We may share your personal information with the following categories of recipients:

• TFP Group companies, third-party service providers, and business partners: information may be shared to deliver IT, analytics, payment processing, technical support, and marketing services. Data Protection Agreements (DPAs) are in place to ensure that all parties process your data securely and in compliance with GDPR.

• Competent law enforcement authorities, regulators, government agencies, courts, or other third parties: where disclosure is required to comply with legal obligations, establish or defend legal rights, protect vital interests, or detect and prevent security or fraud issues.

We require all recipients of your personal data to maintain appropriate security standards and use the information only for legitimate and specified purposes.

Privacy policy for other websites

This Privacy Policy applies only to our own website.
If you follow a link to another website, please note that we are not responsible for the content or privacy practices of that site.
We recommend reviewing the privacy policy of any external website you visit to understand how your personal data may be collected and used.

International data transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including the European Economic Area (EEA), the United Kingdom, the United States, and India, where third-party providers such as Google, Meta, Microsoft, Hotjar, LinkedIn, Call360, and VWO (Visual Website Optimizer, Wingify Software Pvt. Ltd.) operate.

Whenever such transfers take place, we ensure that appropriate safeguards are in place in accordance with the General Data Protection Regulation (EU GDPR).
These safeguards may include:

• Adequacy decisions issued by the European Commission, confirming that the destination country provides an adequate level of data protection.

• Standard Contractual Clauses (SCCs) approved by the European Commission.

• Other legally recognised transfer mechanisms designed to ensure your personal data continues to receive a high level of protection.

Legal basis for processing

TFP Fertility Group Ltd collects and processes personal data for various purposes related to providing fertility-related services, ensuring effective care, meeting legal and regulatory obligations, and protecting the vital interests of individuals. The legal bases for processing are outlined below:

• Contractual performance: TFP collects and processes personal data when it is necessary to fulfil our contractual obligations with patients or individuals who provide their information. This includes data required for scheduling appointments, delivering fertility treatments, managing patient records, and processing payments for services rendered.

• Legitimate interests: TFP processes personal data where it is necessary for legitimate interests pursued by TFP or by a third party. These interests may include improving the quality of fertility treatments, conducting research to enhance outcomes, or optimising internal processes to deliver better care. TFP always ensures that these interests are balanced against the rights and freedoms of the individuals whose data is being processed.

• Consent: TFP seeks explicit consent from patients or individuals for specific processing activities. This may include participating in fertility-related research, sharing medical information with other healthcare providers, or receiving marketing communications. Consent must be freely given, informed, and can be withdrawn at any time without affecting the lawfulness of prior processing.

• Legal obligations: TFP is subject to a range of legal and regulatory requirements. Processing may be necessary to comply with these obligations, such as maintaining accurate medical records, reporting certain conditions to health authorities, or adhering to data protection and healthcare legislation.

• Vital interests: In exceptional circumstances where an individual’s life or health is at risk, TFP may process personal data to protect their vital interests. For example, in an emergency medical situation, relevant medical information may be accessed to provide timely and appropriate care.

TFP is committed to transparency and ensures that individuals are informed of the specific purposes for which their data is collected and the legal basis that applies. Patients are also made aware of their rights under GDPR, including the right to access, rectify, erase, or object to the processing of their data. By maintaining clear communication and adhering to data-protection principles, TFP fosters trust and safeguards the confidentiality and security of personal information.

Changes to our privacy policy

We regularly review this Privacy Policy to ensure it remains accurate and compliant with applicable data protection laws.
Any updates will be published on our website, and where appropriate, you will be notified by email or through a website notice.

Last updated on 8 October 2025.

Exercising your data protection rights

If you would like to access, correct, delete, or restrict the use of your personal data — or if you wish to object to certain types of processing or request a copy of your data (data portability) — you can submit a request at any time.

To do this, please contact us using the details provided in the How to contact us section. We may ask you to confirm your identity so that we can protect your information and prevent unauthorised access.

We aim to respond to all valid requests within one calendar month, in accordance with the General Data Protection Regulation (GDPR). If your request is particularly complex or involves a large volume of data, we may need additional time — if so, we will let you know.

If you are not satisfied with how we handle your request, you also have the right to lodge a complaint with the relevant supervisory authority. For contact details, please see the Your rights section below.

Your rights

Under the GDPR, you have the right to:

• access your personal data;

• request rectification or erasure;

• restrict or object to processing; and

• request data portability.

However, please note that certain exemptions apply to medical and health records.

Retention of health records

Under applicable laws and regulations, we are required to retain medical records for a defined period — even if you request their deletion. These records are essential for ensuring continuity of care, meeting legal and professional obligations, and maintaining a complete medical history.

Why health records cannot be deleted on request

• Legal compliance: healthcare providers are legally required to retain medical records for a minimum period under national legislation.

• Continuity of care: your health records provide a complete history necessary to deliver safe and effective future treatment.

• Public interest: retaining medical records is essential to fulfil public health responsibilities, support medical research (where applicable), and address potential legal claims or investigations.

While we cannot delete health records upon request, we remain committed to handling all personal data securely and using it only for appropriate and lawful purposes.

If you are located in the Netherlands, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe your data is being processed in violation of applicable law. Visit autoriteitpersoonsgegevens.nl for more information.

If you are located in Poland, you may contact the Polish Data Protection Authority (UODO) via uodo.gov.pl.

How to contact us

If you have any questions or concerns about this Privacy Policy or how we process your personal data, please contact us using the details below:

United Kingdom - Contact Section (Data Protection Inquiries)

Data Protection Officer: Michelle Wild

Post: TFP Fertility Ltd, Institute of Reproductive Sciences, Oxford Business Park North, Alec Issigonis Way, Oxford, OX4 2HW, United Kingdom
Phone: 0808 164 5341
Email: dpo@tfp-fertility.com

European Union – GDPR Article 27 Representative

In accordance with Article 27 of the EU and UK GDPR, we have appointed an authorised representative within the European Union to act on our behalf regarding GDPR compliance for individuals located in the EU/EEA.

Netherlands - Contact Section (Data Protection Inquiries)

Data Protection Officer: Bianca Bloem

Post: TFP Fertility Netherlands B.V., Simon Smitweg 16, 2353 GA Leiderdorp, The Netherlands
Phone: +31 71 581 23 00
Email: fg_mckinderwens@tfp-fertility.com

Poland - Contact Section (Data Protection Inquiries)

Data Protection Officer: Dr Anna Janicka

Address: ul. Wojska Polskiego 103, 70-483 Szczecin
Phone: +48 91 486 43 45 / +48 691 676 305
Email: anna.janicka@tfp-fertility.com

Vitrolive Limited liability company with registered office in Szczecin
Post: TFP Fertility Vitrolive, Vitrolive Sp. z o.o., ul. Wojska Polskiego 103, 70-483 Szczecin
KRS: 0000252423 | REGON: 320166514 | NIP: PL8512959483
Phone: +48 91 48 64 345
Email: vitrolive@tfp-fertility.com

Macierzyństwo Medical Center Limited liability company Limited partnership with its registered office in Kraków
Post: TFP Fertility Macierzyństwo, Centrum Medyczne Macierzyństwo Sp. z o.o. Sp. k., ul. Białoprądnicka 7A, 31-221 Kraków
KRS: 0000343047 | REGON: 356524003 | NIP: PL6782853606
Phone: +48 124 158 800
Email: motherhood@tfp-fertility.com