TFP Fertility Privacy Policy

At TFP, we value your trust and confidence. This privacy policy explains what types of personal information will be gathered when you visit TFP's website, how we keep it secure, and how this information will be used. We are committed to being transparent and ensuring the protection of your privacy.

General Information

This Privacy Policy describes how TFP Fertility Group Ltd and its affiliates and partners ("TFP," "we," or "us") collect and process your personal information when you visit our website, use our digital applications, and interact with us via our clinics, live chats, digital app "Dia," email communications, and social media channels (together, the "Services").

This policy applies to all company web pages under www.tfp-fertility.com.

In some cases, TFP Fertility Group Ltd and the local clinic responsible for your care may act as joint controllers of your personal data. This means we jointly determine how and why your data is processed. We have agreements in place to ensure that your rights are protected and that responsibilities for GDPR compliance are clearly defined between the parties.

What data do we collect?

You directly provide most of the information we collect. We collect and process data you provide via three methods:

Information that you provide us:

• Contact Information: Your name, email address, mailing address, and phone number when you register for TFP Services, subscribe to TFP marketing, communicate with us, or make an enquiry.

• Patient Registration Information: Information provided in connection with your TFP "Patient Profile," including contact information, username, medical history, weight, height, age, gender, and other relevant details you consent to provide.

• Communications Information: Details of your interactions with our clinical or support teams, including certain calls (for training and Monitoring purposes), emails, live chats, video calls, and social media interactions.

• Survey and Review Information: Information you provide in surveys or testimonials about TFP goods and/or Services.

• Other User Information: Any other data you provide related to your use of TFP Treatment or Services, such as event bookings, appointment scheduling, and personal experience feedback.

Information we collect automatically:

Information generated through your use of the Services, events attended, appointments booked, classes attended, and phone enquiries made to TFP.

Patient Feedback from Patient Experience surveys received.

When someone visits TFP Fertility UK Homepage, we use Google Analytics standard internet tracking information collected anonymously to understand website usage patterns. We do not attempt to identify individual visitors through this data. If you visit our website, we collect the data below which are technically necessary for us to show you our website and ensure its stability and security):

• IP address

• Date and time of your inquiry

• Time zone difference to Greenwich Mean Time (GMT)

• Content of the request (actual page)

• Access status/HTTP status code

• Transmitted data volume

• Website from which the request is received

• Browser

• Operating system and its interface

• Language and version of the browser software

You may want to opt out of your data being used by Google Analytics, Google Analytics opt-out browser to learn more about the opt-out and how to properly install the browser add-on here.

How to Prevent Google Analytics from Tracking You (privacyaffairs.com)

Monitoring and Security Measures

To protect our patients, staff, and facilities, we may use the following tools:

CCTV Monitoring: Our clinics may operate CCTV cameras in non-sensitive areas (e.g. entrances, waiting rooms) for safety and security.

• Retention: Footage is typically retained for up to 2 years unless required for an investigation or legal proceedings.

• Legal basis: Legitimate interests (Article 6(1)(f) GDPR).

Phone Call Recordings: Inbound calls to our main clinic lines may be recorded for training, quality, or safety purposes.

• Retention: Recordings are retained for 30 days.

• Legal basis: Legitimate interests or consent, depending on context.

Portal documents

Documents uploaded to portals are only held within patient portals for a maximum of 60 days. The documents can be reinstated on the portal after this time if requested.

Information We Collect from Third Parties

We may collect personal data about you from third parties where permitted by law. This may include:

• Third-party applications: Information shared via app stores or social networking sites, depending on your privacy settings. This may include public profile information or interaction history.

• Other third-party sources: Information provided by partners or service providers to help us improve our services, support your care journey, or respond to enquiries more effectively.

• Banks and payment providers: Data such as account or transaction details to verify payments, manage refunds, and resolve any billing issues.

• Credit reference agencies (e.g. National Debt Register BIG S.A.): Where appropriate, we may check financial standing before entering into a contract or agreement.

• Healthcare platforms and referring providers: If you are referred to us, or use an external system connected to our services, we may receive relevant information such as your name, contact details, medical history, or test results to ensure continuity of care.

We process this information only where necessary to provide healthcare services, support administrative processes, verify payment details, or fulfil our legal and regulatory obligations.

Providing your personal data is voluntary, but necessary for us to provide healthcare services. Without this data, we may not be able to enter into or perform our contractual obligations.

Analytics and Third-Party Tools

We use the following analytics and tracking tools to improve user experience and website performance:

1. Google Analytics: Collects anonymous internet tracking information to help us understand usage patterns. We do not attempt to identify individual visitors through this data. You may opt out by installing the Google Analytics Opt-Out Browser Add-on.

2. Microsoft Clarity and Microsoft Advertising: Captures behavioural metrics, heatmaps, and session replays to improve our products and services. Cookies and tracking technologies help determine product popularity and online activity. For more information, visit the Microsoft Privacy Statement.

3. VWO (Visual Website Optimizer, Wingify Software Pvt. Ltd.): We use VWO for A/B testing and website optimisation. It collects anonymised interaction data (e.g., click paths, scroll behaviour) to help improve usability. While Wingify is based in India, VWO processes all visitor data in data centres located within the EEA. For more information, see their Privacy Policy.

4. Meta Pixel (Facebook/Instagram): for measuring ad conversions and optimising campaign performance across Meta platforms. For more information, see their Privacy Policy.

5. LinkedIn Insight Tag: for measuring the impact of LinkedIn ads and enabling remarketing. For more information, see their Privacy Policy.

6. Call360 (Esale): We use Call360 to track calls made via dynamic phone numbers in order to understand marketing attribution and improve service performance. These dynamic numbers are only displayed when users have consented to targeting cookies via our cookie banner (OneTrust). This ensures full compliance with the EU ePrivacy Directive and GDPR. For more information, see their Privacy Policy.

7. Hotjar: for collecting anonymised session recordings and heatmaps that help us understand how visitors interact with our website content and improve usability. For more information, see their Privacy Policy.

8. Edudip (Webinar Registration Platform): We use Edudip to host webinars and manage registrations. When you sign up for a webinar, you may be redirected to an Edudip-hosted registration page. Edudip collects personal information (such as name and email) on our behalf to manage attendance and follow-up communications. We do not embed Edudip forms directly on our website. For more details, see Edudip’s Privacy Policy.

9. Storyblok (Website Content Delivery): We use Storyblok to manage and deliver the content displayed on our website, including the structure of forms. However, Storyblok does not process or store any form submission data. When you fill in a contact or enquiry form, your data is securely transmitted directly to TFP via email and is not retained on the website or by Storyblok. For more details, see Storyblok’s privacy policy.

How we use your personal data

User-provided information:

• Personal information you provide to TFP will only be used for the stated purposes, such as providing information about our treatments and seeking feedback from you.

• Personal information will not be sold to third parties or provided to direct marketing companies without your explicit permission.

• While contacting TFP for treatment we ask you for your active and free consent according to Art. 6 (1) (a) GDPR EU 2016/679, UK 2018 for taking part in our patient feedback surveys. Based on your content you will receive emails asking you about your experience during the different stages of your treatment. The process controller for sending the mails is your clinic, for the surveys we need: your first and last name, your email address and the questions and answers in the survey. Please note, the survey results are personal and could be – theoretically – associated to your patient file within the clinic. It is possible, that a staff member of the clinic contacts you afterwards the survey e.g., for discussing what you need for a complete treatment or how to improve negative aspects.

• We use third-party tools such as VWO to improve website functionality and user experience. VWO helps us conduct A/B testing, track user engagement, and visualise browsing patterns to enhance site usability. The data collected is anonymised and does not contain personally identifiable information (PII).

Automatic demographic and statistical information:

• Information collected through Google Analytics is used to evaluate the effectiveness of TFP's website and improve content relevance and marketing campaigns.

• Any disclosure of this information will always be anonymised and will not identify individual users.

How we store your data

We are dedicated to safeguarding your data:

• Regular review of information collection, storage, and processing practices to protect against unauthorised access.

• Restricted access to personal information to authorised TFP/Clinic employees, contractors, and agents, subject to strict confidentiality obligations.

• Commercially reasonable administrative, technical, and physical safeguards to protect against unauthorised access, disclosure, or access of personal information.

• Personal information is stored on secure servers hosted by a third-party contractor, Vercel, in the United States, complying with the UK Extension to the EU-US Data Privacy Framework (DPF), also known as the UK-US Data Bridge

• For surveys, we use AskNicely, and all data transfers between TFP companies are governed by Data Protection Agreements (DPA). Patient Data will primarily be stored at your registered clinic; however, we sometimes perform scans using a partner organisation, Ultrasound Direct. If you receive a scan as part of your treatment, they may store and process your data in accordance with their privacy policy

Data retention period

We retain your personal data for as long as necessary to fulfil the purposes set out in this privacy policy and to meet applicable legal and regulatory obligations.

In Poland, the retention of medical records is subject to national healthcare regulations. Depending on the type of record, retention periods are as follows:

• Standard medical documentation – retained for 20 years from the end of the calendar year in which the last entry was made.

• In the event of death caused by injury or poisoning, retained for 30 years from the end of the calendar year in which the death occurred.

• X-ray images – retained for 10 years from the end of the calendar year in which the image was taken (if stored separately from the medical record).

• Referrals and prescriptions – retained for 5 years from the end of the calendar year in which the service was provided.

• Medical records for children under the age of 2 – retained for 22 years.

• Assisted Reproductive Technology (ART) records, including documentation of donated or stored reproductive cells or embryos, are retained for 90 years from the date of creation.

We regularly review our data retention practices to ensure they remain compliant with Polish healthcare regulations and data protection laws. Retention periods may be extended in cases involving legal claims or other specific obligations.

Marketing

We may send you information about our products and services, and those of our affiliates or partners, with your consent. You can unsubscribe from marketing communications at any time.

Cookie Technology

Our website uses cookies to improve your browsing experience. You can disable cookies at any time through your browser settings.

We use a Cookie Consent Centre (OneTrust) to manage your cookie preferences in compliance with the EU ePrivacy Directive and the General Data Protection Regulation (GDPR).

Non-essential cookies, such as those used for analytics, advertising, and social media integration, are only activated after you provide explicit, informed consent. These cookies will remain disabled unless and until you choose to accept them.

You can update or withdraw your cookie choices at any time by clicking “Cookie Settings” at the bottom of any page.

For more information about the cookies we use and how we manage consent, please refer to our Cookie Policy.

Who we share your personal information with?

We may disclose your personal information to the following categories of recipients:

• Group Companies, Third-Party Service Providers, and Business Partners: Information shared to provide IT, analytics, payment processing, technical support, and marketing services. Data Protection Agreements are in place.

• Competent Law Enforcement Bodies, Regulators, Government Agencies, Courts, or other Third Parties: When required to comply with the law, establish legal rights, protect vital interests, or detect/prevent security or fraud issues.

Privacy policy for other websites

Our privacy policy applies to our website. If you follow a link to another website, please review their privacy policy.

International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including the United Kingdom, the European Economic Area (EEA), the United States, and India, where third-party providers such as Google, Meta, Microsoft, Hotjar, LinkedIn, Call360, and VWO (Visual Website Optimizer, Wingify Software Pvt. Ltd.) operate.

Where such transfers occur, we ensure appropriate safeguards are in place in accordance with the UK GDPR. These include adequacy regulations, Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner, or other legally recognised transfer mechanisms that ensure your personal data receives an adequate level of protection.

Legal basis for processing

TFP Fertility Group Ltd collect information from individuals for various purposes related to providing fertility-related services, ensuring effective care, complying with legal requirements, and safeguarding the vital interests of individuals. The legal basis for processing data is shown below:

• Contractual Performance: TFP collect and processes personal information based on the necessity of fulfilling the contractual obligations between TFP and the individuals supply data. This includes data required for scheduling appointments, providing fertility treatments, managing patient records, and processing payments for the services rendered.

• Legitimate Interests: TFP process personal data based on legitimate interests pursued by TFP or third parties. For instance, these legitimate interests might include improving the quality of fertility treatments, conducting research to enhance fertility outcomes, or optimising internal processes to ensure better patient care. TFP will also ensure that these legitimate interests are balanced with the rights and freedoms of the individuals whose data is being processed.

• Consent: TFP seek explicit consent from patients or individuals for specific data processing activities. This could include obtaining consent for conducting fertility-related research studies, sharing medical information with other healthcare providers, or using personal data for marketing purposes. Consent should be freely given, informed, and easily revocable by the individual at any time.

• Legal Obligations: TFP is subject to various legal requirements and regulatory obligations. Data processing may be necessary to comply with these legal obligations, which could include maintaining accurate medical records, reporting certain medical conditions to health authorities, and adhering to data protection and healthcare laws.

• Protecting Vital Interests: In certain critical situations where an individual's life or health is at risk, TFP may process personal data based on the vital interests of the individual. For example, during emergency medical situations, TFP may access relevant medical information to provide timely and appropriate medical care.

It's essential for TFP to be transparent and inform individuals about the specific purposes for which their data is being collected and processed, as well as the legal basis for each processing activity. Patients should also be made aware of their rights regarding their personal data, including the right to access, rectify, erase, and object to the processing of their data. By adhering to data protection regulations and ensuring clear communication with patients, fertility companies can build trust and maintain the confidentiality and security of personal information.

Changes to our privacy policy

We regularly review our compliance with this privacy policy. Any changes will be posted on our website and, where appropriate, notified to you by email.

Last updated on 16 July 2025.

Exercising Your Data Protection Rights

If you would like to access, correct, delete, or restrict the use of your personal data, or if you wish to object to certain types of processing or request a copy of your data (data portability), you can submit a request at any time.

To do this, please contact us using the details provided in the How to contact us section. You may be asked to confirm your identity so that we can protect your information and prevent unauthorised access.

We aim to respond to all valid requests within one calendar month, in line with the General Data Protection Regulation (GDPR). If your request is particularly complex or involves a large volume of data, we may need additional time. If so, we will let you know.

If you are not satisfied with how we handle your request, you also have the right to lodge a complaint with the relevant supervisory authority. For contact details, please see the Your rights section below.

Your rights

Under GDPR you have the right to access, rectify, erase, restrict processing, object to processing, and data portability. However please bear in mind the exemptions for health records:

Retention of Health Records

Under applicable laws and regulations, we are required to retain health records for a specified period, even if you request their deletion. Health records are critical for ensuring continuity of care, meeting legal obligations, and maintaining an accurate medical history.

Why Health Records Cannot Be Deleted on Request

• Legal Compliance: Healthcare providers are legally mandated to retain medical records for a minimum period to comply with laws and regulations.

• Continuity of Care: Your health records provide a comprehensive history that ensures safe and effective treatment in the future.

• Public Interest: Retaining health records is necessary to fulfil public health responsibilities, facilitate medical research (where applicable), and address potential legal claims or inquiries.

While we cannot delete your health records on request, we are committed to ensuring your data is handled securely and used only for appropriate purposes.

If you are located in the Netherlands, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe your data is being processed in violation of applicable laws. Visit autoriteitpersoonsgegevens.nl for more information.

If you are located in Poland, you may contact the Polish Data Protection Authority (UODO) at uodo.gov.pl.

How to contact us

If you have any questions or concerns about this Privacy Policy or how we process your personal data, please contact us using the details below:

United Kingdom - Contact Section (Data Protection Inquiries)

Data Protection Officer: Michelle Wild

Post: TFP Fertility Ltd, Institute of Reproductive Sciences, Oxford Business Park North, Alec Issigonis Way, Oxford, OX4 2HW, United Kingdom
Phone: 0808 164 5341
Email: dpo@tfp-fertility.com

European Union – GDPR Article 27 Representative

In accordance with Article 27 of the EU and UK GDPR, we have appointed an authorised representative within the European Union to act on our behalf regarding GDPR compliance for individuals located in the EU/EEA.

Netherlands - Contact Section (Data Protection Inquiries)

Data Protection Officer: Bianca Bloem

Post: TFP Fertility Netherlands B.V., Simon Smitweg 16, 2353 GA Leiderdorp, The Netherlands
Phone: +31 71 581 23 00
Email: fg_mckinderwens@tfp-fertility.com

Poland - Contact Section (Data Protection Inquiries)

Data Protection Officer: Dr Anna Janicka

Address: ul. Wojska Polskiego 103, 70-483 Szczecin
Phone: +48 91 486 43 45 / +48 691 676 305
Email: anna.janicka@tfp-fertility.com

Vitrolive Limited liability company with registered office in Szczecin
Post: TFP Fertility Vitrolive, Vitrolive Sp. z o.o., ul. Wojska Polskiego 103, 70-483 Szczecin
KRS: 0000252423 | REGON: 320166514 | NIP: PL8512959483
Phone: +48 91 48 64 345
Email: vitrolive@tfp-fertility.com

Macierzyństwo Medical Center Limited liability company Limited partnership with its registered office in Kraków
Post: TFP Fertility Macierzyństwo, Centrum Medyczne Macierzyństwo Sp. z o.o. Sp. k., ul. Białoprądnicka 7A, 31-221 Kraków
KRS: 0000343047 | REGON: 356524003 | NIP: PL6782853606
Phone: +48 124 158 800
Email: motherhood@tfp-fertility.com