TPM Logo

TPM Privacy Notice

Last Updated: 24/10/2025

  1. Introduction

    2. Comera Movement Science Limited (“we”, “us”, “our”) provides education, consultancy, training, and technology to support movement professionals. Through our online platform — The Performance Matrix — we help physiotherapists and other professionals assess and track client movement health.

    We are committed to protecting your privacy and handling personal data fairly, lawfully, and transparently. This Privacy Notice explains how we collect, use, and protect personal information when you visit our websites or use our services.

    Comera Movement Science Limited is the Data Controller for personal information we collect and process.

  2. Our Contact Details

    3. Comera Movement Science Limited
    Origin Workspace, 40 Berkeley Square, Bristol, BS8 1HP, United Kingdom
    Tel: +44 (0)117 971 8128
    Email: privacy@comeragroup.co.uk

    Privacy Contact: Data Protection Lead

    If you have any questions about this Privacy Notice or how we process your data, please contact us using the details above.

    You also have the right to contact the Information Commissioner’s Office (ICO) — the UK’s data protection authority — at https://ico.org.uk.

  3. Personal Data We Collect
    4. We collect and process the following types of personal data:
    1. Account and Contact Information
      • Name, email address, organisation, and login credentials.
      • Information provided when creating or managing your account.
    2. Client Screening Data
      • Data relating to client movement assessments or performance results entered by physiotherapists using The Performance Matrix platform.
      • This may include health-related data, classed as “special category data” under the UK GDPR.
    3. Technical and Usage Data
      • IP address, browser type, device details, and site usage statistics.
      • Log-in sessions, cookies, and interactions with video or embedded content.
    4. Marketing Preferences
      • Your communication preferences and consent for receiving updates, newsletters, or promotional content.
  4. How We Collect Your Data
    5. We collect data in several ways:
    • When you register for or use The Performance Matrix platform.
    • When you communicate with us by email, phone, or contact forms.
    • When physiotherapists enter or upload client screening data to the platform.
    • When you visit our website, which uses cookies and analytics tools (see Section 10).
  5. Why We Process Your Data (Legal Bases)
    6. We process personal data under the following legal bases:
    PurposeLegal Basis
    Provide and manage your account and servicesContract – necessary to perform our agreement with you
    Process and store client screening resultsLegitimate Interests or Explicit Consent (for health data)
    Communicate about your account, support, or updatesLegitimate Interests
    Send marketing communicationsConsent (you can withdraw at any time)
    Comply with legal or regulatory obligationsLegal Obligation
    Improve our platform and website through analyticsLegitimate Interests
    Generate anonymised or aggregated data for research and analysisLegitimate Interests (outside GDPR scope once anonymised)

    Where we process health-related data, we rely on the physiotherapist’s responsibility to obtain the client’s explicit consent before entering data into the system.

  6. How We Use Your Data

    7. We use personal data to:

    • Deliver, manage, and improve our movement-health tools and services.
    • Store and display client screening results securely within The Performance Matrix system.
    • Communicate with users and respond to enquiries.
    • Maintain platform security, troubleshoot issues, and prevent fraud.
    • Comply with legal obligations and maintain records.
    • Send relevant updates and marketing information (if you have opted in).
    • Create anonymised or aggregated datasets for research, product improvement, and insight purposes (see Section 6A).

    We never sell personal data.

  7. Use of Anonymised and Aggregated Data

    8. We may use data collected through The Performance Matrix in an anonymised or aggregated form for purposes such as:

    • Research and statistical analysis into movement health and performance;
    • Improving our technology, algorithms, and training methods; and
    • Developing reports, insights, or commercial datasets that do not identify any individual.

    Anonymised data means data that has been processed to remove all personal identifiers and cannot reasonably be used to identify you or any individual.

    We may share or sell anonymised or aggregated data with third parties, including research institutions, universities, commercial partners, or industry bodies, for the purposes listed above. This data will never contain personally identifiable information, and we will not attempt to re-identify any individual from anonymised datasets.

  8. Sharing Your Information

    9. We may share personal data with:

    • Service providers and processors that host, support, or maintain our systems, including:
      • Krystal Hosting (UK hosting)
      • Microsoft 365 / Zoho CRM (email and CRM)
      • Google Analytics (website analytics)
      • Vimeo (video content delivery)
      • Stripe (payment processing)
    • Regulators, awarding bodies, and associated companies, where necessary to deliver our services.
    • Authorities or law enforcement where required by law or to protect our rights.

    All third parties are bound by data-protection obligations and process data only under our instructions.

    We may also share anonymised or aggregated data for research, statistical, or commercial purposes as described in Section 6A.

  9. International Data Transfers

    10. We currently store and process all personal data within the United Kingdom. If in the future data is transferred outside the UK or EEA, we will ensure adequate safeguards are in place, such as Standard Contractual Clauses or UK adequacy regulations.

    For users based in the United States, we comply with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

    You have the right to:

    • Request details of the personal information we hold about you;
    • Request deletion of your data (subject to legal obligations); and
    • Opt out of the sale or sharing of personal data (note: we do not sell personal data, only anonymised data that cannot identify you).
  10. Your Data Protection Rights

    11. Under the UK GDPR, you have the following rights:

    • Access – request copies of your personal data.
    • Rectification – correct inaccurate or incomplete information.
    • Erasure – request deletion of your data in certain circumstances.
    • Restriction – limit how we process your data.
    • Objection – object to processing based on legitimate interests.
    • Data portability – receive a copy of your data in a structured, machine-readable format.

    To exercise these rights, contact us using the details in Section 2.

    You also have the right to lodge a complaint with the ICO if you are not satisfied with our response.

  11. Cookies and Tracking Technologies

    12. Our website uses cookies to improve your browsing experience and platform functionality.

    Types of Cookies Used

    • Essential cookie – required for secure login sessions and to maintain platform functionality.
    • Functional cookies – enable features such as video playback via Vimeo.
    • Analytics cookies – provided by Google Analytics to measure website traffic and user behaviour.

    You can manage or disable cookies through your browser settings. Please note that disabling cookies may limit some website functions.

    We do not use cookies for targeted advertising.

  12. Data Security

    13. We use appropriate technical and organisational measures to protect personal data, including:

    • Encryption and secure data storage.
    • Access controls and user authentication.
    • Staff confidentiality and data-protection training.
    • Regular testing and monitoring of systems.

    Access to personal data is limited to authorised personnel who require it to perform their duties.

  13. Data Storage and Retention

    14. We retain personal data only as long as necessary for the purposes for which it was collected, including for legal, regulatory, and audit reasons.

    • Client data (including screening results) retained for up to 6 years after account closure or final contact, unless required longer by law.
    • Staff or business contact data retained for up to 6 years after the relationship ends.
    • Anonymised or aggregated data may be retained indefinitely for research and analysis, as it no longer identifies any individual.

    We may keep data longer where required by law, regulation, or to resolve disputes and enforce agreements.

  14. Updates to This Privacy Notice

    15. We may update this Privacy Notice from time to time. The latest version will always be available on our website, with the revision date shown at the top.

    If we make significant changes that affect how we process your data, we will notify you via email or within The Performance Matrix platform.

  15. Contact Us

    16. If you have any questions, concerns, or complaints about this Privacy Notice or how we process your data, please contact:

    Comera Movement Science Limited

    Origin Workspace, 40 Berkeley Square, Bristol, BS8 1HP, United Kingdom

    Tel: +44 (0)117 971 8128

    Email: privacy@comeragroup.co.uk

    Privacy Contact: Data Protection Lead

    You may also contact the Information Commissioner’s Office (ICO) at https://ico.org.uk or, for U.S. residents, your state privacy regulator.