TFP Fertility Privacy Policy

At TFP, we value your trust and confidence. This privacy policy explains what types of personal information will be gathered when you visit TFP's website, how we keep it secure, and how this information will be used. We are committed to being transparent and ensuring the protection of your privacy.

General Information

This Privacy Policy describes how TFP Fertility Group Ltd and its affiliates and partners ("TFP," "we," or "us") collect and process your personal information when you visit our website, use our digital applications, and interact with us via our clinics, live chats, digital app "Dia," email communications, and social media channels (together, the "Services").

This policy applies to all company web pages under www.tfp-fertility.com.

What data do we collect?

You directly provide most of the information we collect. We collect and process data you provide via three methods:

Information that you provide us:

• Contact Information: Your name, email address, mailing address, and phone number when you register for TFP Services, subscribe to TFP marketing, communicate with us, or make an enquiry.

• Patient Registration Information: Information provided in connection with your TFP "Patient Profile," including contact information, username, medical history, weight, height, age, gender, and other relevant details you consent to provide.

• Communications Information: Details of your interactions with our clinical or support teams, including certain calls (for training and Monitoring purposes), emails, live chats, video calls, and social media interactions.

• Survey and Review Information: Information you provide in surveys or testimonials about TFP goods and/or Services.

• Other User Information: Any other data you provide related to your use of TFP Treatment or Services, such as event bookings, appointment scheduling, and personal experience feedback.

Information we collect automatically:

Information generated through your use of the Services, events attended, appointments booked, classes attended, and phone enquiries made to TFP.

Patient Feedback from Patient Experience surveys received.

When someone visits TFP Fertility UK Homepage, we use Google Analytics: Standard internet tracking information collected anonymously to understand website usage patterns. We do not attempt to identify individual visitors through this data. If you visit our website, we collect the data below which are technically necessary for us to show you our website and ensure its stability and security:):

• IP address

• Date and time of your inquiry

• Time zone difference to Greenwich Mean Time (GMT)

• Content of the request (actual page)

• Access status/HTTP status code

• Transmitted data volume

• Website from which the request is received

• Browser

• Operating system and its interface

• Language and version of the browser software

You may want to opt out of your data being used by Google Analytics, Google Analytics opt-out browser to learn more about the opt-out and how to properly install the browser add-on here. How to Prevent Google Analytics from Tracking You (privacyaffairs.com)

Analytics and Third-Party Tools

We use the following analytics and tracking tools to improve user experience and website performance:

1. Google Analytics: Collects anonymous internet tracking information to help us understand usage patterns. We do not attempt to identify individual visitors through this data. You may opt out by installing the Google Analytics Opt-Out Browser Add-on.
   

2. Microsoft Clarity and Microsoft Advertising: Captures behavioural metrics, heatmaps, and session replays to improve our products and services. Cookies and tracking technologies help determine product popularity and online activity. For more information, visit the Microsoft Privacy Statement.
   

3. VWO (Wingify Software Private Limited): Provides website optimisation and testing services by processing anonymised user interaction data to help improve website usability. This includes collecting data on click patterns, scroll depth, and navigation paths, which helps us optimise website design and improve content for visitors. For more information, see their Privacy Policy.

CCTV Recording

Our facility is equipped with closed-circuit television (CCTV) cameras for the safety and security of our patients, staff, and property. These cameras are strategically placed in common areas and are not used in private or sensitive locations.

We use CCTV recordings to:

• Deter and detect unauthorized access or security incidents.

• Investigate any incidents that may occur on our premises.

• Ensure a safe environment for everyone visiting our facility.

• How We Handle CCTV Data

CCTV footage is securely stored and accessible only to authorized personnel.

• Retention Period: Recordings are retained for a limited time unless they are required for an investigation or legal purpose.

• Access: Footage is accessed only for legitimate security purposes and is not shared with third parties except when required by law or to assist law enforcement.

Phone Recording

Certain phone calls are recorded for training and monitoring purposes. These are only inbound calls linked to certain trackable phone numbers predominantly used by the centre call centre. However, if a call is forwarded to a clinic the call may continue to record. Phone recordings are only held for 30 days.

Portal documents

Documents uploaded to portals are only held within patient portals for a maximum of 60 days. The documents can be reinstated on the portal after this time if requested.

Information we collect from Third Parties 

• Third-Party Applications: Information collected through third-party applications like App Stores or Social Networking Sites, where you have made certain data public via your privacy settings.

• Third-Party Sources: Information received from other sources to supplement the data you provide, enhancing our ability to provide information about our business, products, and Services.

How we use your personal data

User-provided information:

• Personal information you provide to TFP will only be used for the stated purposes, such as providing information about our treatments and seeking feedback from you.

• Personal information will not be sold to third parties or provided to direct marketing companies without your explicit permission.

• While contacting TFP for treatment we ask you for your active and free consent according to Art. 6 (1) (a) GDPR EU 2016/679, UK 2018 for taking part in our patient feedback surveys. Based on your content you will receive emails asking you about your experience during the different stages of your treatment. The process controller for sending the mails is your clinic, for the surveys we need: your first and last name, your email address and the questions and answers in the survey. Please note, the survey results are personal and could be – theoretically – associated to your patient file within the clinic. It is possible, that a staff member of the clinic contacts you afterwards the survey e.g., for discussing what you need for a complete treatment or how to improve negative aspects.

• We use third-party tools such as VWO to improve website functionality and user experience. VWO helps us conduct A/B testing, track user engagement, and visualise browsing patterns to enhance site usability. The data collected is anonymised and does not contain personally identifiable information (PII).

Automatic demographic and statistical information:

• Information collected through Google Analytics is used to evaluate the effectiveness of TFP's website and improve content relevance and marketing campaigns.

• Any disclosure of this information will always be anonymized and will not identify individual users.

How we store your data

We are dedicated to safeguarding your data:

• Regular review of information collection, storage, and processing practices to protect against unauthorized access.

• Restricted access to personal information to authorized TFP/Clinic employees, contractors, and agents, subject to strict confidentiality obligations.

• Commercially reasonable administrative, technical, and physical safeguards to protect against unauthorized access, disclosure, or access of personal information.

• Personal information is stored on secure servers hosted by a third-party contractor, Vercel, in the United States and the EEA, complying with GDPR EU 2016/679, UK 2018, and EU-U.S. and Swiss-U.S. Privacy Shield framework.

• For surveys, we use AskNicely, and all data transfers between TFP companies are governed by Data Protection Agreements (DPA). Patient Data will primarily be stored at your registered clinic; however, we sometimes perform scans using a partner organization, Ultrasound Direct. If you receive a scan as part of your treatment, they may store and process your data in accordance with their privacy policy

Data retention period

• We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy and comply with legal obligations.

• In addition to GDPR, there are additional consideration for healthcare providers set out by our regulators:

Access to Health Records Act 1990 (AHRA)

Governs access to the health records of deceased individuals and requires records to be retained long enough to allow access requests to be processed (typically a minimum of 8 years after death).

NHS Records Management Code of Practice

This is the primary framework for healthcare record retention in the UK, issued by NHS England and endorsed across the healthcare sector.

Limitation Act 1980

Defines the statute of limitations for legal claims. Healthcare providers often retain records for at least 6 years to cover potential claims for negligence or malpractice.

Care Quality Commission (CQC) Standards

Healthcare providers must comply with CQC regulations, which require robust record-keeping practices and adherence to statutory retention requirements.

Human Fertilisation and Embryology Authority (HFEA)

Provide additional requirements specifically for licensed Fertility clinics.

Regulation & Quality Improvement Authority (RQIA)

Provide additional requirements specifically for licensed Fertility clinics.

Marketing

We may send you information about our products and services, and those of our affiliates or partners, with your consent. You can unsubscribe from marketing communications at any time.

Cookie technology

Our website uses cookies to improve your browsing experience. You can disable cookies through your browser settings.

Who we share your personal information with?

We may disclose your personal information to the following categories of recipients:

• Group Companies, Third-Party Service Providers, and Business Partners: Information shared to provide IT, analytics, payment processing, technical support, and marketing services. Data Protection Agreements are in place.

• Competent Law Enforcement Bodies, Regulators, Government Agencies, Courts, or other Third Parties: When required to comply with the law, establish legal rights, protect vital interests, or detect/prevent security or fraud issues.

Privacy policy for other websites

Our privacy policy applies to our website. If you follow a link to another website, please review their privacy policy.

International data transfers

Your personal information may be transferred to, processed, and stored in countries other than your resident country, including the European Union and UK. Appropriate safeguards are in place to protect your data during such transfers.

Legal basis for processing

TFP Fertility Group Ltd collect information from individuals for various purposes related to providing fertility-related services, ensuring effective care, complying with legal requirements, and safeguarding the vital interests of individuals. The legal basis for processing data is shown below:

• Contractual Performance: TFP collect and processes personal information based on the necessity of fulfilling the contractual obligations between TFP and the individuals supply data. This includes data required for scheduling appointments, providing fertility treatments, managing patient records, and processing payments for the services rendered.

• Legitimate Interests: TFP process personal data based on legitimate interests pursued by TFP or third parties. For instance, these legitimate interests might include improving the quality of fertility treatments, conducting research to enhance fertility outcomes, or optimizing internal processes to ensure better patient care. TFP will also ensure that these legitimate interests are balanced with the rights and freedoms of the individuals whose data is being processed.

• Consent: TFP seek explicit consent from patients or individuals for specific data processing activities. This could include obtaining consent for conducting fertility-related research studies, sharing medical information with other healthcare providers, or using personal data for marketing purposes. Consent should be freely given, informed, and easily revocable by the individual at any time.

• Legal Obligations: TFP is subject to various legal requirements and regulatory obligations. Data processing may be necessary to comply with these legal obligations, which could include maintaining accurate medical records, reporting certain medical conditions to health authorities, and adhering to data protection and healthcare laws.

• Protecting Vital Interests: In certain critical situations where an individual's life or health is at risk, TFP may process personal data based on the vital interests of the individual. For example, during emergency medical situations, TFP may access relevant medical information to provide timely and appropriate medical care.

It's essential for TFP to be transparent and inform individuals about the specific purposes for which their data is being collected and processed, as well as the legal basis for each processing activity. Patients should also be made aware of their rights regarding their personal data, including the right to access, rectify, erase, and object to the processing of their data. By adhering to data protection regulations and ensuring clear communication with patients, fertility companies can build trust and maintain the confidentiality and security of personal information.

Changes to our privacy policy

We regularly review our compliance with this privacy policy. Any changes will be posted on our website and, where appropriate, notified to you by email.

Last updated on 24 March 2025.

Your rights

Under GDPR you have the right to access, rectify, erase, restrict processing, object to processing, and data portability. However please bear in mind the exemptions for health records:

Retention of Health Records

Under applicable laws and regulations, we are required to retain health records for a specified period, even if you request their deletion. Health records are critical for ensuring continuity of care, meeting legal obligations, and maintaining an accurate medical history.

Why Health Records Cannot Be Deleted on Request

• Legal Compliance: Healthcare providers are legally mandated to retain medical records for a minimum period to comply with laws and regulations.

• Continuity of Care: Your health records provide a comprehensive history that ensures safe and effective treatment in the future.

• Public Interest: Retaining health records is necessary to fulfil public health responsibilities, facilitate medical research (where applicable), and address potential legal claims or inquiries.

While we cannot delete your health records on request, we are committed to ensuring your data is handled securely and used only for appropriate purposes.

How to contact us

The Data Protection Officer will answer any questions you have about our privacy policy or information we hold. Please contact us in any of the following ways:

Data Protection Officer
Email: dpo@tfp-fertility.com
Phone: 0808 164 5341
Post: TFP Ltd, Institute of Reproductive Sciences, Oxford Business Park North, Alec Issigonis Way, Oxford, OX4 2HW, United Kingdom.