1. Introduction

Matcher Technologies Ltd is owned by Fertility QMS Ltd (its “Affiliate”).

Matcher Technologies Ltd and its Affiliates (together “IMT Matcher”, “us” or “we”) are committed to protecting the privacy and security of Personal Data. This policy describes how we collect and use Personal Data about you.

IMT Matcher is a Data Controller. In simple terms this means that we (either alone or jointly with others) are responsible for deciding how we hold and use Personal Data.

IMT Matcher is a Data Processor. In simple terms this means that we collect, record, store, amend, use, disclose or destroy Personal Data.

IMT Matcher is also responsible for notifying the UK Information Commissioner about the types of data we hold or are likely to hold, the general purposes that this data will be used for, and about the Data Processing activities of IMT Matcher.

2. Information about us

Matcher Technologies Ltd

• Registered in England and Wales with company registration number 08345284.
• Registered address Unit 1b Canalside Business Park, Tattenhall, Chester, CH3 9BD, United Kingdom.
• Telephone number +44 (0)1829 771 327.
• ICO registration number ZA145170.

Fertility QMS Ltd

• Registered in England and Wales with company registration number 06082596.
• Registered address Unit 1c Canalside Business Park, Tattenhall, Chester, CH3 9BD, United Kingdom.
• Telephone number +44 (0)1829 771 327.
• ICO registration number ZA898790.

Our Data Protection Officer is Mr George Heywood, CEO. This person is responsible for ensuring that IMT Matcher follows our privacy policy and complies with the General Data Protection Regulations (“GDPR”) 2018. GDPR is the UK legislation that embodies the General Data Protection Regulations (EU Regulation 2016/679) and provides a framework for responsible behaviour by those using Personal Data.

Please send any correspondence relating to this policy, your Personal Data or data protection, including to make a subject access request, for the attention of ‘The Data Protection Officer’:

Email address info [@] imtmatcher.com.

Postal address Unit 1b Canalside Business Park, Tattenhall, Chester, CH3 9BD, United Kingdom.

3. What does this policy cover?

This policy explains how we use Personal Data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to Personal Data.

IMT Matcher needs to collect and use certain types of information about Data Subjects (the person whose Personal Data is being held or processed by IMT Matcher)) who come into contact with IMT Matcher in order to carry out our work. This Personal Data must be collected and dealt with appropriately regardless of format (e.g. on paper, electronically, or recorded on other material) and there are safeguards to ensure this under the GDPR.

This policy does not form part of any contract that you may have with us. It is provided for information purposes only.

4. What is Personal Data?

Personal Data is defined by the GDPR as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal Data is, in simpler terms, any information about a living individual that enables them to be identified. Personal Data covers obvious information such as a person’s name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. It does not include information about organisations, companies or agencies. It also does not include data where the identity has been removed (such as anonymous data).

The Personal Data that we use is set out in Section 5.

Certain types of Personal Data are referred to as Sensitive Personal Data. This means Personal Data that relates to a Data Subject’s:

Racial or ethnic origin;

• Political affiliations;
• Religion or similar beliefs;
• Trade union membership;
• Physical or mental health or condition;
• Sexuality; or
• Actual or alleged criminal record or proceedings.

Because information about these matters could be used in a discriminatory way, and is likely to be of a private nature, it needs to be treated with greater care than other Personal Data. It also requires explicit consent from the Data Subject in order for their Sensitive Personal Data to be processed, which means that consent must be through a freely given, specific and informed agreement by a Data Subject.

5. What Personal Data do we collect?

We collect some or all of the following Personal Data (this may vary according to your relationship with us):

• Contact information (name, email address, telephone number, address, organization name, job title), from you when you make an enquiry through our website, by telephone, at a conference, at a meeting, on becoming a customer, supplier or employee, or if you have provided these details to one of our distributors, agents or resellers and have given them permission to share it with us;
• Relationship information (information about your preferences, interests in/use of our products, engagements with our staff or distributors, agents and resellers in relation to those products, length of relationship, meetings, calls, references, testimonials), directly from you and indirectly via your use of our products during our interactions over the course of our relationship;
• Marketing information (e.g. conference attendances, marketing preferences, click-throughs, open-rates, bounce rates, return to sender notifications, browser type and version that you access our website from, operating system and platform that you access our website from), from you directly, or automatically from your interactions with our website by using cookies, server logs and other similar technologies. For information about the cookies that we use on our website and in our communications, please see Section 6;
• Social media information (e.g. username, organisation details, engagement details such as likes, retweets, shares, reactions, comments), from you directly or automatically from social media platforms when you visit our social media accounts on Twitter, LinkedIn or Facebook;
• Security information (CCTV footage, PC login details, use of our IT and communications systems), when you visit our premises or use our IT or communications systems;
• Financial details (bank account details, credit references), from credit reference agencies or from you if you have sent them to us upon becoming a customer, supplier, employee or in other paper or electronic correspondence; and/or
• Employment details (physical or mental health, criminal convictions and offences), from candidates, their medical professionals and reference agencies during the course of our recruitment processes and from employees and their medical professionals during the course of their employment, if relevant.

We have many customers who operate within healthcare, and who use our products and services with their patients. We do not collect Personal Data relating to patients.

Transmission of data over the Internet can never be guaranteed to be 100% secure. As a result, while we strive to protect your Personal Data, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your Personal Data, we make our best efforts to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our website(s), you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

6. Cookies

A cookie is a small text file which is placed onto your device (e.g. computer, smartphone or other electronic device) when you use our website. Our website may use cookie and tracking technology depending on the features offered from time to time.

Cookie and tracking technology are useful for gathering information such as browser type and operating system, tracking the number of visitors and understanding how visitors use our website. Cookies can also help customise the site for visitors. Personal information cannot be collected via cookies and other tracking technology, however, if you previously provided personally identifiable information, cookies may be tied to such information. In addition, some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. Aggregate cookie and tracking information may be shared with third parties.

If you do not wish cookies to be placed on your PC or other device, then they can be disabled in your web browser. The option to do so is normally found in your browser’s “security settings” section. However, please note, permanently disabling cookies in your browser may result in a loss of functionality when using our website, as well as other websites and interactive services.

The cookies we place on your device fall into the following categories:

• Session cookies: these allow our website to link your actions during a particular browser session. These expire each time you close your browser and do not remain on your device afterwards.
• Persistent cookies: these are stored on your device in between browser sessions. These allow your preferences or actions across our website to be remembered. These will remain on your device until they expire, or you delete them from your cache.

In addition, the cookies that we place on your device may also be:

• Strictly necessary cookies: these cookies are essential for you to be able to navigate our website and use its features. Without these cookies, the services you have asked for could not be provided
• Performance cookies: these cookies collect information about how you use our website, e.g. which pages you go to most often. These cookies do not collect personally identifiable information about you. All information collected by these cookies is aggregated and anonymous, and is only used to improve how our website works. E.g. we use Google Analytics, a web analytics service provided by Google Inc which uses cookies to show us how visitors found and explored our website, and how we can enhance their experience, it provides us with information about the behaviour of our visitors (e.g. how long they stayed on the site, the average number of pages viewed) and also tells us how many visitors we have had.
• Functionality cookies: these cookies allow our website to remember the choices you make (such as your user name, language, last action and search preferences) and provide enhanced, more personal features. The information collected by these cookies is anonymous and cannot track your browsing activity on other websites.

Throughout our website we may link to other websites owned and operated by certain trusted third parties, e.g. to direct you to expert guidance on certain matters, or to connect you with reference users of our products or services. These third-party websites may also use cookies or similar technologies in accordance with their own separate cookie polices. For privacy information relating to these other third-party websites, please consult their cookie policies as appropriate.

For further information, including how to amend your cookie settings, please visit www.aboutcookies.org.

7. Data collection

Informed consent is when:

• A Data Subject clearly understands why their information is needed, who it will be shared with, the possible consequences of them agreeing or refusing the proposed use of the data; and
• Provides their consent.

IMT Matcher will ensure that data is collected via informed consent and within the boundaries defined in this policy. This applies to data that is collected in any format, whether in person, electronically, or by any other means.

When collecting data, IMT Matcher will ensure that the Data Subject:

a) Clearly understands why the information is needed;

b) Understands what it will be used for and what the consequences are should the Data Subject decide not to give consent to processing;

c) As far as reasonably possible, grants explicit consent, either written or verbal for data to be processed;

d) Is, as far as reasonably practicable, competent enough to give consent and has given so freely without any duress; and

e) Has received sufficient information on why their data is needed and how it will be used.

8. How do we use Personal Data?

We will only use Personal Data when we have a lawful basis for doing so. This may include where use of the data is necessary for our performance of a contract that we have entered into with you, because you have consented to our use of your Personal Data, or because it is in our legitimate business interests (or those of a third party) to use it and we believe that using Personal Data in that way is not overridden by the interests or fundamental rights of the Data Subject to whom the Personal Data relates.

We use Personal Data for one or more of the following purposes:

• Contact information: for communicating with you and supplying our services to you. This may include responding to emails or calls from you. Your personal details may be required in order for us to enter into a contract with you;
• Relationship information: for personalising and tailoring our products and services for you, for strengthening our relationship with you, and ensuring you receive a seamless, streamlined service from us;
• Marketing information: for supplying you with information, news, offers, or invitations to events by email that you have opted-in to, and for measuring how relevant and useful our marketing activities are. You will not be sent any unlawful marketing or spam. We will always work to protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
• Social media information: for maintaining a visible, engaging and relevant social media presence;
• Security information: for ensuring the security of our physical premises, network and information security, including preventing unauthorized access to our premises, network and systems;
• Financial details: for on-boarding you as a customer, supplier or employee, for paying you and for complying with our legal and compliance obligations; and
• Employment details: for recruiting and retaining employees, and for protecting our employees and customers.

Our lawful basis for processing Personal Data is set out below:

• Contact information: it is necessary in order to perform our contracts that we have with customers, and in order to pursue the legitimate interest of the entity you represent in seeking to purchase and configure our products and services;
• Relationship information: it is necessary in order to pursue our legitimate interest in creating deep and lasting relationships with our customers and the key decision makers of the entities they represent;
• Marketing information: you have provided your consent. You may opt-out at any time by emailing info [@] imtmatcher.com;
• Social media information: it is necessary in order to pursue our legitimate interest in maintaining a visible, engaging and relevant social media presence;
• Security information: it is necessary in order to pursue our legitimate interest in securing our premises, information and systems;
• Financial details: it is necessary in order to perform our contracts that we have with customers, suppliers and employees, and to comply with the law for retaining certain financial information; and
• Employment details: it is necessary in order to pursue our legitimate interest to recruit and retain employees.

We do not conduct any automated decision making. We may on occasion profile our customers for the purposes of targeting marketing at them, and where this is done this is undertaken for our legitimate interests of ensuring our marketing is relevant to its audience. For example, we may classify an appropriate audience for a promotion by what territory they are based in, what job title they hold within their organization, and what products or services they have previously expressed an interest in. We do not conduct any online behavioural tracking.

9. Who does IMT Matcher share Personal Data with?

IMT Matcher may share data between our group companies, and with third parties such as our distributors, agents and resellers in the relevant territory for the purpose of following up with enquiries, providing customer support, and/or fulfilling our contractual obligations to you. It is possible that we could expand our group of companies in the future and in that scenario we may share your data within our group in order to provide our products and services to you in a seamless and streamlined manner. If this occurs, we will update this policy to include any new Affiliates, and they will use Personal Data in accordance with this policy. This is in our legitimate interests of cost efficiency and growing our business.

IMT Matcher may also share data, including internationally, with third parties we use for helping to provide certain services, such as our support ticket software systems, project management software systems, shipping services, public relations and marketing, IT support systems, CRM systems, document management systems, email marketing management systems, survey feedback and polling services, banking, payment and accounting systems.

We require all third parties to respect the security of Personal Data and treat it in accordance with the law, including taking appropriate security measures to protect Personal Data in line with our policies.

The Data Subject will be made aware in most circumstances how and with whom their information will be shared. There are however some circumstances where the law allows IMT Matcher to disclose data (including Sensitive Personal Data) without the data subject’s consent.

These are:

a) Carrying out a legal duty or as authorised by the Secretary of State;

b) Protecting vital interests of a Data Subject or other person;

c) The Data Subject has already made the information public;

d) Conducting any legal proceedings, obtaining legal advice or defending any legal rights;

e) Monitoring for equal opportunities purposes – i.e. race, disability or religion; or

f) Providing a confidential service where the Data Subject’s consent cannot be obtained or where it is reasonable to proceed without consent: e.g. where we would wish to avoid forcing a stressed or ill Data Subject to provide consent signatures.

As part of the services offered to you through our website, the data which you provide to us may be transferred to countries outside the European Economic Area. By way of example, this may happen if any of our servers are from time to time located in a country outside of the European Economic Area. These countries may not have similar data protection laws to the United Kingdom. By submitting your Personal Data when you contact us through our website, you agree to this transfer, storing or processing. If we transfer your information outside of the European Economic Area in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.

Our website may contain links to other websites run by other organisations. This policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

10. IMT Matcher’s approach to data protection

IMT Matcher regards the lawful and correct treatment of Personal Data as very important to successful working, and to maintaining the confidence of those with whom we deal.

IMT Matcher intends to ensure that Personal Data is treated lawfully and correctly. To this end, IMT Matcher will adhere to the Principles of Data Protection, as detailed in the GDPR.

Specifically, the Principles require that Personal Data shall:

a) Be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met;

b) Be obtained only for one or more of the purposes specified in the GDPR, and shall not be processed in any manner incompatible with that purpose or those purposes;

c) Be adequate, relevant and not excessive in relation to those purpose(s);

d) Be accurate and, where necessary, kept up to date;

e) Not be kept for longer than is necessary;

f) Be processed in accordance with the rights of data subjects under the GDPR;

g) Be kept secure by the Data Controller who will take appropriate technical and other measures to prevent unauthorised or unlawful processing or accidental loss or destruction of, or damage to, it; and

h) Not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of Data Subjects in relation to the processing of Personal Data.

IMT Matcher will, through appropriate management and strict application of criteria and controls:

• Observe fully conditions regarding the fair collection and use of information;
• Meet our legal obligations to specify the purposes for which information is used;
• Collect and process appropriate information, and only to the extent that it is needed to fulfill our operational needs or to comply with any legal requirements;
• Ensure the quality of information used;
• Ensure that the rights of people about whom information is held, can be fully exercised under the GDPR. These include;
  • The right to be informed that processing is being undertaken;
  • The right of access to one’s Personal Data;
  • The right to prevent processing in certain circumstances; and
  • The right to correct, rectify, block or erase information which is regarded as wrong information).
• Take appropriate technical and organisational security measures to safeguard Personal Data;
• Ensure that Personal Data is not transferred abroad without suitable safeguards;
• Treat people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information; and
• Set out clear procedures for responding to requests for information
  

11. Data storage

Information and records relating to service users will be stored securely and will only be accessible to authorised staff. All electronic data is accessible only via secure password control.

Information is stored for only as long as it is needed or required by law and is disposed of appropriately. Information is deleted once we no longer require it, or it has passed the relevant expiry date.

It is IMT Matcher’s responsibility to ensure all personal and company data is non-recoverable from any computer system previously used within the organisation, which has been passed on/sold to a third party.

12. How long do we keep Personal Data?

IMT Matcher will not keep Personal Data longer than is necessary in light of the reason(s) for which it was first collected. Personal Data will therefore be kept for the following periods:

• For a maximum of four years after we have collected it if we have not entered into a contract with your business for the provision of services, except for the following case;
• In the case of social media information, for the period during which we are connected on any given social media platform only;
• For a maximum of four year after the expiry of a contract with you for the provision of services, except for the following case;
• In the case of financial information, seven years after the expiry of a contract with you for the provision of services, in order to comply with HRMC regulations in the United Kingdom; and

Where you have chosen to unsubscribe from marketing communications, we will retain your contact details indefinitely to ensure that you are not sent any further communications.

13. What are your rights ?

Under the GDPR, Data Subjects have the following rights, which we will always work to uphold:

a) The right to be informed about our collection and use of your Personal Data. This policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions, using the contact details in Section 2;

b) The right to access the Personal Data we hold about you. This can be requested using the contact details in Section 2;

c) The right to have your Personal Data rectified if any of your Personal Data held by us is inaccurate or incomplete. This can be requested using the contact details in Section 2;

d) The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your Personal Data that we have. This can be requested using the contact details in Section 2;

e) The right to restrict (i.e. prevent) the processing of your Personal Data;

f) The right to object to us using your Personal Data for a particular purpose or purposes;

g) The right to data portability: This means that if you have provided Personal Data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means. You can ask us for a copy of that Personal Data to re-use with another service or business in many cases;

h) Rights relating to automated decision-making and profiling: We do not use your Personal Data in this way; and

i) For more information about our use of your Personal Data or exercising your rights as outlined here, please contact us using the details in Section 2.

Further information about your rights can also be obtained from the Information Commissioner’s Office. If you have any cause for complaint about our use of your Personal Data, you have the right to lodge a complaint with the Information Commissioner’s Office.

Their address is, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom. Telephone number +44 (0)303 123 1113. Web address www.ico.org.uk.

We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

14. Data access and accuracy

All Data Subjects have the right to access the information IMT Matcher holds about them. IMT Matcher will also take reasonable steps ensure that this information is kept up to date by asking data subjects whether there have been any changes.

In addition, IMT Matcher will ensure that:

• We have a Data Protection Officer with specific responsibility for ensuring compliance with Data Protection;
• Everyone processing Personal Data understands that they are contractually responsible for following good data protection practice;
• Everyone processing Personal Data is appropriately trained to do so;
• Everyone processing Personal Data is appropriately supervised;
• Anybody wanting to make enquiries about handling Personal Data knows what to do;
• We deal promptly and courteously with any enquiries about handling Personal Data;
• We describe clearly how we handle Personal Data;
• We will regularly review and audit the ways we hold, manage and use Personal Data;
• We regularly assess and evaluate our methods and performance in relation to handling Personal Data; and
• All staff are aware that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them.

15. How can you access your Personal Data?

If you want to know what Personal Data we hold about you, you can ask us for details of that Personal Data and for a copy of it (where any such Personal Data is held). This is known as a “subject access request”.

All subject access requests should be made in writing and sent to the email or postal addresses shown in Section 2.

There is a £10 charge for each access request.

We will respond to your subject access request within 14 days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your Personal Data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

It is important that the Personal Data we hold about you is accurate and up to date. Please keep us informed if your Personal Data changes during your relationship with us.

16. Changes to this policy

This policy may be updated from time to time as necessary to reflect best practice in data management, security and control, and to ensure compliance with any changes or amendments made to the GDPR.

This document was last modified on 10.06.23