Privacy Policy

Last Updated: 5th November 2024

1. Introduction

This Privacy Policy explains how TeamMatch Holdings Ltd ("we", "our", or "the Company") collects, uses, and protects personal data processed through this corporate website (the "Site"). TeamMatch Holdings Ltd is a UK-registered holding company. This Site is intended solely to:

  • provide corporate information about the TeamMatch group structure;
  • facilitate communication with prospective SEIS/EIS investors;
  • enable enquiries regarding grants, partnerships, and investor relations; and
  • allow vetted professionals to request access to our Virtual Data Room (VDR).

This Site is not the TeamMatch operational platform ("OpCo") used by players, parents, clubs, or minors.

We do not process any children's data on this Site.

All operational and safeguarding-sensitive data (including data subject to GDPR-K) is handled only by the ring-fenced operating subsidiary. OpCo maintains its own separate and comprehensive privacy governance framework.

We are committed to complying with the UK GDPR, Data Protection Act 2018, and all applicable privacy laws.

2. Who We Are (Data Controller)

TeamMatch Holdings Ltd

Registered in England & Wales

Registered Office: 71-75 Shelton Street, Covent Garden, London. WC2H 9JQ

Company Number: 16824383

For all privacy-related enquiries, contact:

Email: privacy@teammatch.uk

We act as the data controller for personal data collected on this Site.

3. What Data We Collect

We only collect information necessary for legitimate corporate and investor-relations purposes.

3.1 Information You Provide

Collection PointData CollectedPurpose
"Download Pitch Deck" FormName, email addressProvide investor materials; manage angel-investor outreach
"Request VDR Access" FormName, email, fund/firm name, role, verification detailsAssess professional legitimacy; determine suitability for secure VDR access
Segmented Contact FormsName, email, organisation, message contentRespond to enquiries from professionals and corporate partners

We do not request or collect sensitive data (special category data).

3.2 Automatic Data Collection

We use standard analytics tools (e.g., Google Analytics, Vercel Analytics) to collect:

  • IP address
  • device/browser information
  • pages visited
  • session duration
  • referral sources

All analytics are used solely for performance monitoring and Site security.

4. Lawful Basis for Processing

We rely on the following lawful bases under the UK GDPR:

  • Legitimate Interests – investor relations, grant-funding applications, partnership enquiries, corporate communications, preventing fraud, and ensuring Site security.
  • Consent – where required for analytics cookies or marketing communications (if used in future).
  • Contractual Necessity – responding to enquiries initiated by you.

We conduct a legitimate-interest assessment (LIA) for relevant processing activities.

5. How We Use Your Data

Your information may be used to:

  • respond to investor/grant/partnership enquiries;
  • assess and verify professional credentials for VDR access;
  • send investor materials such as pitch decks;
  • maintain audit records for SEIS/EIS compliance purposes;
  • improve Site security and performance;
  • generate anonymised analytics reports.

We do not use your data for profiling, automated decision-making, or unrelated marketing.

6. Who We Share Your Data With

Your personal data may be shared with:

  • Professional advisors (e.g., corporate lawyers, accountants conducting due diligence)
  • Third-party service providers (VDR provider, analytics tools, hosting partners such as Vercel)
  • Government or regulatory authorities (only where required by law)

We do not sell or rent personal data.

7. International Transfers

Where data is transferred outside the UK (e.g., use of US-based cloud providers), we ensure adequate safeguards such as:

  • UK Addendum to EU Standard Contractual Clauses;
  • UK International Data Transfer Agreement (IDTA); or
  • transfers to countries with an adequacy decision.

8. Data Retention

We retain data only as long as necessary for corporate governance and investor-relations purposes:

Data CategoryRetention Period
Enquiry Form Submissions24 months
Investor/VDR Vetting RecordsUp to 7 years (aligned with SEIS/EIS audit requirements)
Analytics DataAs per provider's default retention settings

Data may be retained longer if required by law or for legitimate legal interests.

9. Your Rights

Under UK GDPR, you have the right to:

  • access your data;
  • request correction or deletion;
  • object to processing based on legitimate interests;
  • request restriction of processing;
  • request data portability;
  • withdraw consent (where consent is used).

To exercise your rights, email privacy@teammatch.uk.

10. Data Security

We implement appropriate technical and organisational measures, including:

  • encryption in transit (HTTPS/TLS);
  • hardened hosting infrastructure;
  • strict VDR access controls;
  • administrative access logging;
  • least-privilege permissions;
  • staff confidentiality obligations.

11. Children's Data (GDPR-K Notice)

This Site is intended exclusively for professional adults.

We do not process children's personal data here.

All processing of minors' data (e.g., football players) is performed only by the TeamMatch operating company, which maintains its own robust safeguarding, GDPR-K, and data-protection frameworks.

12. Changes to this Policy

We may update this Policy periodically. Changes will be posted on this page with a new "Last Updated" date.

For privacy enquiries, please contact: privacy@teammatch.uk