Matchouse Privacy Policy

Last Updated: 14 May 2025

1. Introduction

Matchouse ("Matchouse", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website or services (collectively, the "Platform"). It also outlines your rights under the UK General Data Protection Regulation (UK GDPR) and EU GDPR, and how you can exercise those rights. We encourage you to read this notice carefully. By using the Platform www.matchouse.com or our mobile application (together, the "Services"), you agree to the collection and use of information in accordance with this Privacy Policy and our Terms and Conditions.

Data Controller: For the purposes of data protection law, Matchouse is the "data controller" of personal data processed through the Platform. If you reside in the United Kingdom or European Economic Area (EEA), Matchouse Ltd. is the data controller responsible for your information under UK and EU GDPR. Our contact information is provided in the "Contact Us" section below.

Please read this Privacy Policy carefully before using the https://matchouse.com website ("the Website"), operated by Percy Real Estate Ltd, a Private Limited Company registered in England and Wales with company number 15525233 ("us", "we", "our").

Third-Party Services: Please note that our Platform may introduce you to third-party service providers or other users (for example, property sellers, buyers, landlords, tenants, or contractors). When you engage with a third-party through Matchouse, that third party may become an independent data controller of any personal data you provide to them. This means they are responsible for their own compliance with data protection laws. Matchouse is not responsible for how third parties use your data once you have shared it with them – we recommend you review their privacy policies before sharing information. (For instance, if you are a buyer contacting a home seller via Matchouse, the seller will handle any personal data you provide to them under their own privacy practices.)

2. Information We Collect

We may collect various types of personal data from you when you use Matchouse, including:

• Information You Provide Directly: When you register an account or fill out forms on our Platform, you provide us with personal data such as your name, email address, phone number, postal address, login credentials, and any profile details. If you are posting listings or seeking services, you may provide content that includes personal information (for example, property descriptions or any documents). Communicating with other users through our Platform (e.g., sending messages or inquiries) may also transmit personal data that we collect and monitor for safety and support.
• Verification Information: We may request additional information to verify your identity or eligibility to use certain services (such as copies of identification documents, proof of address, or selfies for facial verification). This is to help prevent fraud and ensure a safe marketplace.
• Payment Information: If you make or receive payments through Matchouse, our third-party payment processor will collect payment card details or bank information. Matchouse itself generally does not store your full financial information, but we may retain tokens or references and transaction details (e.g., transaction ID, amount, timestamp) to track and confirm payments. All payments are processed in compliance with the Payment Card Industry Data Security Standard (PCI-DSS) or equivalent security standards.
• Automatically Collected Data: When you use the Platform, we automatically collect certain data about your device and usage via cookies and similar technologies. This can include your IP address, browser type and version, device identifiers, pages or listings you view, how you interact with links and content, and the date/time of your visits. We also gather technical data needed to ensure the service works properly (for example, operating system, screen size, and crash logs).
• Cookies & Tracking Data: We use cookies, pixels, and local storage to collect information about your usage and preferences. This may include browser cookies to keep you logged in, remember your preferences, and gather analytics on Platform usage. For detailed information, see the Cookies and Tracking section below and our separate Cookie Policy.
• Third-Party Sources: We may obtain information about you from third parties. For example, if you link your Matchouse account with a social media profile or another platform, or if a third-party (such as an identity verification service, credit reference agency, or publicly available database) provides us data for fraud prevention or KYC (know-your-customer) purposes. If you engage with Matchouse through an affiliate or referral partner, we might receive your basic details from that partner pursuant to your consent given to them.

We do not intentionally collect special categories of personal data (such as information about your health, political opinions, religious beliefs, etc.) through the Platform, nor do we seek to collect data from children. Matchouse is not intended for use by individuals under 18 years of age, and we do not knowingly collect personal data from minors. If you believe a child has provided us personal information, please contact us so we can remove it.

3. How We Use Your Data

We will only use your personal data where we have a lawful basis to do so. Under UK/EU GDPR, the main legal bases we rely on are: (a) performance of a contract with you, (b) compliance with a legal obligation, (c) our legitimate interests (or those of a third party), and (d) your consent (where you have given it). We describe the purposes for which we process your data and the corresponding legal bases below:

• Providing and Managing the Platform: We process your registration data and account information to create and maintain your account, allow you to log in, and deliver the services you request. This includes displaying your profile or listings, facilitating communications with other users, and enabling transactions. Legal basis: Performance of our contract with you (User Agreement) – we cannot provide the service without this data. We also have a legitimate interest in operating and administering a functional platform for our users.
• Facilitating Transactions: If you enter into a sale, rental, or service contract via Matchouse, we use relevant personal data (such as contact details and transaction history) to enable you and the other party to complete the transaction. This may involve sharing needed information between the parties (for example, providing a landlord with a prospective tenant's contact info, or vice versa). Legal basis: Performance of a contract (we are helping facilitate the contract between users at your request) and legitimate interests in making the platform useful to users. We will only share the data necessary for the intended transaction.
• Communication: We use your contact information (email, phone) to send service-related communications: confirmations of actions you take, updates about transactions or inquiries, notifications about messages or offers, and important account or policy updates. Legal basis: Performance of contract (keeping you informed about the services you're using) and legitimate interests in ensuring customer satisfaction and support.
• Improving and Personalizing Services: We analyze usage data and feedback to understand how our Platform is used and to improve it. This includes debugging, data analysis, testing, research, and statistical analytics to drive product development. It also includes personalizing your experience, such as recommending listings that may interest you, customizing search results, or tailoring content in your feed. Legal basis: Legitimate interests – it is in our interest (and generally in our users' interest) to continuously improve our services and provide relevant content. We take steps to minimize privacy impacts, such as using aggregated or pseudonymized data for analysis where possible.
• Marketing and Promotions: With your consent (or as otherwise permitted by law), we will use your email address and/or phone number to send you marketing communications. These may include newsletters, promotions, surveys, or offers for new Matchouse features as well as relevant offers from our partners (e.g., home services, moving companies, or financial services that complement your use of Matchouse). We may also use information about your use of the Platform to tailor the marketing content you receive – for example, highlighting services in your area or similar listings to ones you viewed. Legal basis: Consent – we will obtain your opt-in consent for electronic direct marketing. You have the right to withdraw consent at any time (see Direct Marketing Choices below). In some cases, for existing customers, we may rely on our legitimate interest to inform you about our own services you have used or closely related offers, but you will always have a clear opportunity to opt-out, as required by law.
• Affiliate and Referral Tracking: If you were referred to Matchouse via an affiliate link or partner, we may process certain data (like an affiliate ID in a cookie or URL) to credit the referral and evaluate the success of our affiliate program. Legal basis: Legitimate interests in running our affiliate marketing program. This processing typically involves cookies – we will obtain consent for any non-essential cookies used for this purpose per applicable law.
• Cookies and Analytics: As detailed in Section 5 (Cookies), we use cookies and similar tech to operate our site (e.g., keeping you logged in, remembering preferences), as well as to collect analytics on user behavior. Analytics help us understand user engagement, which features are popular, and where improvements are needed. Legal basis: Legitimate interests for essential/analytics cookies (ensuring a smooth user experience and improving our service), and consent for any cookies that are not strictly necessary (such as certain advertising cookies, as required by PECR/ePrivacy rules).
• Security and Fraud Prevention: We process personal data to keep Matchouse safe, secure, and trustworthy. This includes using data to detect and prevent fraud, spam, abuse, or other malicious activities. For example, we may use your IP address, device info, and behavioral signals to identify possible fraudulent behavior (such as account takeover attempts or scam listings). We may block or remove fraudulent or abusive accounts and, where necessary, share information with law enforcement or fraud prevention agencies. It also includes enforcing our Terms of Service and verifying identities where needed to deter imposters or identity misuse. Legal basis: Legitimate interests – protecting our business and users from fraud and ensuring the integrity of our platform. In some cases, legal obligation – we may be required by law to report certain illegal activities or cooperate with authorities.
• Customer Support: If you contact us for help, we will use your contact information and any information you provide about your issue to assist you. We may also access your account or transaction data to troubleshoot problems you're facing. Legal basis: Legitimate interests in providing effective customer service and maintaining user satisfaction, and performance of contract to the extent support is necessary to fulfill our obligations to you.
• Legal Compliance: We will use or disclose personal data where necessary to comply with our legal obligations. This includes maintaining records required by law, responding to lawful requests by public authorities, or meeting obligations under applicable consumer protection, anti-money laundering, or data protection laws. Legal basis: Compliance with a legal obligation. For example, UK laws may require us to retain certain transaction data for tax or anti-fraud purposes, or to verify identity for anti-money laundering checks.
• Protecting Vital Interests: In rare cases, we may need to process personal data to protect someone's life or vital interests – for instance, if we become aware of an imminent threat to a person and need to inform authorities. Legal basis: Vital interests (as recognized under GDPR).
• Business Transfers: If Matchouse undertakes a merger, acquisition, restructuring, or asset sale, we may process and transfer personal data to the parties involved (and their advisors) as part of that transaction due diligence and completion. Legal basis: Legitimate interests in facilitating a business merger or sale. We will ensure any recipient of personal data in such context is bound to confidentiality and data protection obligations.

We will not use your personal data for new purposes that are not described in this Privacy Policy without first notifying you and, if required, obtaining your consent.

4. How We Share Your Information

Matchouse will never sell your personal data to third parties for their own marketing use without your explicit consent. However, we do share your data with certain categories of recipients in order to run our Platform and fulfill the purposes outlined above, under strict safeguards:

• Other Users and Parties to Transactions: If you engage in a transaction or communication through the Platform, we will share relevant information with the other party or parties involved. For example, if you as a buyer inquire about a property, the seller/landlord will see the profile information you choose to share (such as your name, profile, and message). Similarly, if you're a service provider and you bid on a job, the client will see your profile and any public reviews. We share only what is reasonably necessary for the interaction. Once the other user has your information, they are responsible for it as an independent controller (as noted in the Introduction).
• Service Providers (Processors): We employ trusted third-party companies to perform functions on our behalf and help us provide our services – for example:
  • Payment processing partners who handle payment transactions (they will process your payment details under strict PCI-DSS compliance).
  • ID verification services or credit/reference check services (to help verify user identities or backgrounds with your consent when required for certain transactions).
  • Cloud hosting and IT infrastructure providers (that store our data and ensure our Platform runs 24/7).
  • Analytics and marketing tools (that help us analyze data or execute email/SMS campaigns, only as permitted).
  • Customer support tools (to manage support tickets or chat communications with you).
  These service providers act under our instructions and are bound by data processing agreements under GDPR, meaning they cannot use your data for any purpose except to provide services to Matchouse and must safeguard your data to the same standards we do.
• Affiliate and Advertising Partners: If we run promotional campaigns or affiliate programs, we may share limited data with marketing partners or advertising networks. For example, we may upload a hashed version of your email to a social media platform to create a "custom audience" for Matchouse ads (only if you've consented to marketing), or use third-party ad networks that deploy cookies (with consent) on our site to serve relevant ads. Additionally, if you landed on Matchouse via an affiliate link, we might confirm to the affiliate network that a signup or action occurred for commission purposes. Any such sharing is done under agreements that protect your rights, and you can opt out of marketing as described below.
• Group Companies: (This applies if Matchouse is part of a corporate group.) We may share data with our parent company, subsidiaries, or affiliates as needed to support our services. For instance, if Matchouse is owned by a larger corporate group that provides IT infrastructure or security oversight, we will share data with them for those purposes. Any internal group data sharing will comply with applicable laws and this Policy, and our group affiliates will be required to maintain the data securely and only use it as we instruct.
• Legal and Regulatory Disclosures: We may disclose your information to government authorities, law enforcement, or regulatory bodies if required by law or if, in our reasonable belief, such disclosure is necessary to:
  • Comply with a legal obligation, court order, or summon;
  • Cooperate with an investigation (for example, responding to a law enforcement request or an ICO inquiry);
  • Protect the rights, property, or safety of Matchouse, our users, or the public. This can include exchanging information with other companies and organizations for fraud protection and credit risk reduction. For example, if we suspect fraud, we may share relevant account information with a fraud prevention agency or law enforcement agency.
  We will carefully review each request to ensure it has valid legal basis, and when permitted, we may inform affected users of such requests.
• Business Transfers: In the event of a prospective or actual merger, acquisition by another company, financing due diligence, reorganization, bankruptcy, or sale of all or part of our assets, your personal data may be disclosed to parties involved in the transaction. We would only do this as necessary and under appropriate confidentiality protections. If a new owner takes over our business, they may continue to use your data in line with this Privacy Policy (unless you're notified of changes).
• Enforcing Our Policies and Legal Claims: If necessary, we will share data with our professional advisors (such as lawyers, auditors, or insurers) for advice or defense of legal claims. We may also share information in connection with enforcing our agreements or resolving disputes (for example, providing a mediator or arbitrator with information in a dispute between a user and Matchouse).

No Third-Party Marketing Without Consent: We reiterate that we do not share or rent your contact information to unrelated third parties for their direct marketing purposes unless we have your consent. If in the future we ever consider such sharing, we will seek your opt-in consent.

When we share information with third parties, we apply the principle of data minimization – only the data necessary for each purpose will be disclosed. All third parties with whom we share data must agree to handle it in accordance with applicable privacy laws.

5. Cookies and Tracking Technologies

Cookies are small text files that websites store on your device to save information. Matchouse uses cookies and similar tracking technologies (such as web beacons, pixels, and local storage) to provide, personalize, and improve our Platform. We categorize our use of cookies as follows:

• Strictly Necessary Cookies: These are essential for the operation of our website and services. For example, they include login session cookies that keep you logged in as you navigate pages, security cookies that help us detect irregular site behavior or protect against fraudulent activity, and cookies needed to remember your cookie consent choices. Without these cookies, the Platform might not function properly. These cookies do not gather information about you for marketing purposes.
• Functional Cookies: These cookies remember your preferences and enhance the functionality of the site. For instance, if you select certain filters or a preferred language, functional cookies may retain those settings for your next visit. They also help in remembering your saved items or past interactions so we can provide a smoother, personalized experience.
• Analytics and Performance Cookies: We use these to understand how users use our Platform and to improve it. Analytics cookies (like those from Google Analytics or similar services) track things like which pages you visit, how long you stay, what links you click, and if you encounter errors. The information is aggregated and does not directly identify you. It helps us identify usage trends, performance issues, and areas for optimization. We might also use similar technologies in emails to learn whether messages were opened or links clicked, to make our communications better.
• Advertising and Affiliate Cookies: Matchouse may use cookies or pixels for marketing purposes. Advertising cookies allow us to serve you targeted advertisements on our Platform or on other websites (e.g., showing you a Matchouse promotion on a social media feed after you visited our site). They do this by remembering that you visited our site and tracking your browsing activity, often by linking it with third-party advertising networks. We also use these cookies to measure the effectiveness of our ads and campaigns. Additionally, if we have affiliate partners, an affiliate cookie helps track which partner referred you to our site so we can reward them accordingly. These cookies may collect information about your online activity across sites and services to draw inferences about your interests.

Your Choices for Cookies: When you first visit Matchouse, you will be presented with a cookie consent banner (in jurisdictions where required) that allows you to accept or reject non-essential cookies (such as advertising or analytics cookies). You can always manage your cookie preferences through our Cookie Settings tool on the website or by adjusting your browser settings to refuse or delete cookies. Please note that if you disable certain cookies (especially Strictly Necessary or Functional cookies), some features of the Platform may not work correctly – for example, you might not be able to log in or use the search filters effectively.

Most web browsers also let you manually manage cookies. You can usually find these options under the "Settings" or "Preferences" menus of your browser. You may set your browser to refuse all third-party cookies or alert you when a cookie is being placed. For more information on controlling cookies, check your browser's help documentation or visit an online guide about managing cookies (ICO provides guidance on this).

Do Not Track: Some browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. Our Platform currently does not respond to DNT signals, because there is not yet an industry standard for how to interpret them. We instead provide the cookie consent and management options described above.

Analytics Opt-Out: To opt-out of Google Analytics specifically, you can install the Google Analytics Opt-out Browser Add-on, which prevents Google Analytics from collecting your data on any site.

For more details, please refer to our detailed Cookie Policy (if available on our site), which provides a full list of cookies in use and their purposes.

6. Data Retention

Matchouse retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. In general:

• Profile and account information is kept as long as you have an account with us. If you choose to delete your account, we will delete or anonymize your personal data within a reasonable time after your request, except for data we are required or permitted to retain by law (see below).
• Content you post (listings, reviews, messages) may be retained as long as your account exists, and in some cases even after deletion, if it has been shared with or visible to others, to maintain the integrity of the platform (for example, we may retain reviews you wrote under an anonymized author name after your account deletion, as they form part of another user's experience record).
• Transaction records are retained for at least the minimum period required by financial and tax regulations. For instance, we may keep payment transaction histories for X years to comply with HMRC record-keeping rules or anti-fraud laws.
• Communications with customer support or correspondence may be retained for a period to assist with future inquiries or for our records.
• Data collected for marketing purposes (e.g., email addresses for newsletter) is kept until you unsubscribe or withdraw consent, or if we notice email inactivity for a long period, we may remove you from the list proactively.
• Logs and analytics data are generally anonymized or aggregated over time, and raw logs with IP addresses are typically rotated or deleted within a few months, unless used for security analysis.
• If you exercise your right to erasure, we will endeavor to delete your personal data promptly. However, we may retain a record of your request and our response for compliance purposes. We may also retain suppressed identifiers (like your email in a "do not contact" list) to ensure we do not inadvertently re-contact you.
• Backup systems: Please note that deleted data may persist in secure backups for a short period but will be purged according to our backup retention schedule.

When we have no ongoing legitimate need or legal obligation to process your personal information, we will either delete it or anonymize it (so it can no longer be associated with you). If anonymization is used, we may retain anonymized information (which is no longer personal data) for analytics and improvement purposes without further notice to you.

7. Data Security

We take the security of your personal data seriously. Matchouse implements appropriate technical and organizational measures to protect your information from unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

• Encryption: We use TLS/SSL encryption to protect data transmitted between your device and our servers. Sensitive information (like passwords and payment tokens) is encrypted at rest and in transit. Passwords are stored hashed using industry-standard hashing algorithms – no one at Matchouse can read your password.
• Access Controls: Personal data is accessible only by those employees, contractors, and service providers who need it to perform their job duties and are subject to strict confidentiality obligations. We limit access to production databases and use role-based access control to ensure staff only access the data necessary for their function (principle of least privilege).
• Security Testing and Maintenance: Our systems are routinely monitored for vulnerabilities and we apply security patches and updates regularly to keep our infrastructure secure. We maintain firewalls and intrusion detection systems to guard our network. We also periodically engage in security audits and testing (including penetration testing by external specialists) to evaluate the strength of our defenses.
• Fraud Detection Systems: As mentioned, we utilize automated systems to detect suspicious activity (multiple failed logins, unusual account behaviors, etc.) and have measures to lock accounts or require additional verification when fraud is suspected.
• Backup and Recovery: We securely back up critical data to prevent data loss, and these backups are protected and encrypted. In case of any incident, we have a disaster recovery and incident response plan that includes restoring data from backups when needed.
• Training and Policies: Our personnel are trained in data protection best practices and are required to follow internal security policies aligned with GDPR and industry standards. We also have an incident response policy in case of a data breach.

Despite our strong efforts, no website or internet transmission is completely secure. We cannot guarantee absolute security of data, and you should also take care with how you handle and disclose your personal data. You are responsible for keeping your account credentials (passwords, verification codes) confidential and for monitoring any suspicious activity on your account. If you believe your account or data has been compromised, please contact us immediately so we can assist.

Phishing & Fraud Warning: Matchouse will never email or call you to ask for your password or authentication codes. Beware of fraudulent "phishing" emails or sites impersonating Matchouse. Always ensure you are logging in via our official domain. If you receive any communication that purports to be from Matchouse asking for sensitive info, double-check the sender's address and contact us through our official channels if in doubt. We are not responsible for breaches or losses arising from your sharing of personal data with a third party due to phishing or other fraudulent schemes outside of our Platform.

Account Security Features: We encourage you to use a strong, unique password for Matchouse and not reuse passwords from other accounts. Enable two-factor authentication (2FA) if we offer it, for an extra layer of security. Keep your devices and apps updated to ensure you have the latest security patches.

In the unfortunate event of a data breach that poses a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority (such as the ICO) as required by law, and work to mitigate any potential harm.

8. International Data Transfers

Matchouse is based in the United Kingdom. However, we may process your data in other countries if our service providers or partners are located outside the UK or EEA. For example, if we use a cloud hosting service or support team in the United States or another country, your personal data might be transferred to or accessed from that jurisdiction.

Whenever we transfer personal data out of the UK or EEA, we ensure appropriate safeguards are in place to protect it, as required by UK/EU GDPR. These safeguards may include:

• Adequacy Decisions: If the data is sent to a country that the European Commission (or UK government) has recognized as providing an adequate level of data protection, we rely on that decision (for example, transfers to countries in the EEA or those like Japan, Switzerland, etc. deemed adequate).
• Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision (such as the United States, in many cases), we utilize the European Commission-approved Standard Contractual Clauses or the UK's International Data Transfer Agreement/Addendum, as applicable. These are contractual commitments that legally require the recipient to protect your data to GDPR standards.
• Additional Technical Measures: Where needed, we will implement additional encryption or pseudonymization before transfer, so that data is protected in transit and storage abroad. We also conduct transfer impact assessments to evaluate whether additional safeguards are necessary.
• Binding Corporate Rules & Certifications: If relevant, some of our partners may operate under Binding Corporate Rules or frameworks like the EU-U.S. Data Privacy Framework (if and when approved) to facilitate compliant transfers. We will consider such mechanisms if appropriate.

You can request more information about our international data transfer safeguards (and obtain a copy of the relevant contractual commitments, where applicable) by contacting our Data Protection Officer (see Contact section).

Please note that users accessing the Platform from outside the UK/EEA are transferring their data to the UK by using our services. We process that data under this Policy and the same security measures.

9. Your Rights Under GDPR

As a user in the UK or EU, you have specific rights regarding your personal data. Matchouse is committed to honoring these rights. Your rights include:

• Right of Access: You have the right to request a copy of the personal data we hold about you, as well as information on how we process it. This commonly known as a "Data Subject Access Request." We will provide you with a copy of your data in a commonly used electronic format, unless you request another method. (For additional copies, we may charge a reasonable fee based on administrative costs.)
• Right to Rectification: If any personal data we have about you is incorrect or incomplete, you have the right to have it corrected or updated. You can update much of your basic account information by logging into your Matchouse account settings. For other corrections, contact us and we will rectify inaccuracies without undue delay.
• Right to Erasure: You have the right to request deletion of your personal data ("right to be forgotten"). Upon your request, we will erase your personal data from our records, provided that: (a) it is no longer needed for the purposes we collected it for; (b) you have withdrawn consent (if the data was processed on consent) and no other legal basis for processing exists; (c) you have validly objected to the processing (see Right to Object); or (d) the data was processed unlawfully or must be erased to comply with a legal obligation. Please note we might not be able to delete data entirely in all cases – for example, if we have a legal duty to retain certain records or if the data is needed to establish or defend legal claims, we may refuse the erasure request for those specific pieces of data. We will inform you of any such retention at the time of your request. If you delete your account or request erasure, we will also instruct our processors to delete any of your data they process that we can control.
• Right to Restrict Processing: You have the right to ask us to limit or "pause" the processing of your personal data in certain circumstances. This can apply if you contest the accuracy of the data (until we verify it); if you believe the processing is unlawful but you prefer restriction over deletion; if you need us to keep the data for establishment or defense of legal claims even though we would otherwise not keep it; or if you have objected to processing (pending verification of any overriding legitimate grounds). When processing is restricted, we will store your data securely and not use it except to the extent permitted by your request or required by law.
• Right to Data Portability: For data that you provided to us and which we process by automated means on the legal basis of consent or contract, you have the right to request that we provide it to you or directly transfer it to another service provider, in a structured, commonly used, machine-readable format (where technically feasible). This right applies to, for example, information you actively provided (profile data, listings) and the data generated by your activity under a contract (like your transaction history). We will comply with such requests to the extent required by law and technically practical.
• Right to Object: You have the right to object to our processing of your personal data in certain situations:
  • Direct Marketing: You can object at any time to processing of your personal data for direct marketing purposes. If you object, we will stop using your data for marketing immediately. This is an absolute right. (See also Marketing Preferences below.)
  • Legitimate Interests: If we are processing your data based on our legitimate interests (or those of a third party), you may object to that processing if you feel it impacts your rights and freedoms. We will then re-evaluate our reasons for processing. We may continue if we can demonstrate compelling legitimate grounds that override your interests or if the processing is necessary for legal claims. Otherwise, we will cease the processing in question.
  • Automated Decisions: If we ever use fully automated decision-making (including profiling) that produces legal or similarly significant effects on you, you have the right to object and request human intervention. (Currently, Matchouse does not make any such automated decisions without human review. Should that change, we will inform you and honor this right.)
• Right to Withdraw Consent: Where we rely on your consent to process data, you have the right to withdraw that consent at any time. For example, you can withdraw your consent to receive marketing emails or to a feature that you earlier opted into. Once you withdraw consent, we will stop the processing which was based on consent. Withdrawal does not affect the lawfulness of processing done prior to withdrawal.
• Right to be Informed: You have the right to clear and transparent information about how we use your data. This Privacy Policy, along with any just-in-time notices we provide (e.g., pop-up explanations of certain data collection) are intended to fulfill this right.
• Right to Not Be Subject to Automated Decision (if applicable): As mentioned under Object, you have rights in relation to automated decision-making and profiling. Matchouse does not currently make solely automated decisions that have legal or significant effects on individuals. In the event we implement such processes, we will ensure compliance by allowing you to request human review and express your point of view.

We strive to make it easy for you to exercise these rights. Many actions (like updating or deleting profile info, or opting out of marketing) you can do yourself through the Platform's user settings. For any rights that require our assistance, please see the next section on how to submit a request.

10. Exercising Your Rights and Contacting Us

Contact for Privacy Requests: If you wish to exercise any of your data subject rights, or have any questions or concerns about how we handle your personal data, you can contact us using the following details:

• Data Protection Officer (DPO): Percy Real Estate Ltd
• Email: [email protected]
• Postal Address: 25 Cabot Square, Canary Wharf, London, E14 4QZ

To help us process your request efficiently, please provide: (i) the email address associated with your Matchouse account (or other identifier we can use to locate your records), (ii) what right you wish to exercise (e.g., access, deletion, etc.), and (iii) details about your request (for example, specific data you want to access or delete). For security, we may need to verify your identity before fulfilling your request. This could involve asking you to confirm some information we already have on file, or through other verification methods. We do this to ensure we don't disclose data to the wrong person or delete the wrong account.

We will respond to legitimate requests as soon as possible and no later than one month from receipt of the request. If your request is particularly complex or if you have made multiple requests, we are allowed to extend this period by up to two further months. We will inform you within the initial one-month period if an extension is needed and the reasons why. If we decline your request (either wholly or partially) due to a legal exemption or overriding interest, we will explain our reasoning and outline how you can challenge our decision.

Generally, we charge no fee for the exercise of your rights. However, if a request is manifestly unfounded or excessive (for example, repetitive requests with no reasonable purpose), we may either charge a reasonable fee to cover the administrative cost or refuse to act on the request. We will explain our justification if this situation arises.

If you request deletion, restriction, or rectification, we will notify any third parties/processors who have received your data from us (where feasible) about these changes, so they can also act accordingly. However, some third parties (like those you engaged with directly) may still have lawful grounds to keep your data in their own systems – in such cases, your rights should be exercised directly with those parties.

11. Marketing Communications and Preferences

Opt-In: Matchouse will send you promotional communications (such as newsletters, offers, or event updates) via email, SMS, or other channels only if you have opted in to receive them, or if you are an existing user and the communications relate to products or services similar to those you've previously used (as permitted under applicable law). We aim to conduct our marketing in line with your preferences and the law – you will not receive a barrage of unrelated marketing from us or any third party without consent.

Opt-Out: You have full control over your marketing preferences. If you no longer wish to receive marketing emails or texts from Matchouse, you can opt out at any time. The easiest way is to click the "Unsubscribe" link in any promotional email, which will instantly remove you from our mailing list for that type of content. For SMS, you may reply with a stop command if instructed, or contact our support. You can also adjust your preferences in your account settings under "Notification Preferences" or a similarly named section – there, you can usually toggle off newsletters, updates, or partner offers.

Please note that even if you opt out of marketing messages, we will still send you transactional or service-related communications when necessary. These include messages like account notifications, password reset emails, legal/terms updates, booking confirmations, and other essential notices. You cannot opt out of those as they are considered part of the service, except by discontinuing use of the Platform.

If you have multiple communication channels with us (e.g., multiple email addresses or a phone number and email), please make sure to adjust preferences for each or let us know specifically which contact method you want to opt out from. We will endeavor to comply with opt-out requests promptly; however, do allow a few days for all our systems to be updated, during which you might still receive communications already in process.

We do not perform unsolicited telemarketing. If we ever consider phone outreach for marketing, it will be in accordance with your consent and applicable "Do Not Call" laws.

12. Third-Party Links and Services

The Matchouse Platform may contain links to websites or services operated by third parties (for example, a link to a partner's service, or user-posted link, or an integration with a map or social media site). Clicking on those links or enabling those integrations may allow third parties to collect or share data about you. We do not control these third-party sites and are not responsible for their privacy practices or content.

We encourage you to be cautious when you leave our Platform and to read the privacy notices of every website/app you visit that collects personal data. This Privacy Policy applies solely to data processed by Matchouse within our Platform. If you provide personal information to a third-party site or via a plugin (like a payment provider's widget or a chat tool provided by a third party), that data is governed by the third party's terms.

For example, if we use Google Maps for location selection in listings, using that feature might be subject to Google's Privacy Policy. Or if you go to a mortgage provider's site through a link on Matchouse, any data you give to that provider would not be covered by Matchouse's Privacy Policy. We strive to make it clear when you are engaging with a third-party service, but please be mindful of this.

13. User Responsibilities and Community Privacy

As a user of Matchouse, you may have access to other users' personal information (for example, through profiles, reviews, or communications). You are responsible for protecting the privacy of others just as we protect yours. You agree to use any personal data obtained through Matchouse only for the intended purpose (such as communicating regarding a transaction) and not for unauthorized purposes (like harvesting data, spamming, or violating someone's privacy).

You must not misuse any personal data accessed on our Platform. This includes refraining from stalking, harassing, or abusing other users, and not disclosing someone's information to third parties without consent. Any misuse of user data is a serious violation of our terms and may lead to account suspension or termination, and potentially legal consequences.

If you are a business user (for example, an independent landlord or service provider using Matchouse), you may also have legal obligations under GDPR as a data controller for any personal data you obtain via our Platform. For instance, a landlord receiving a tenant's information should handle that data in accordance with data protection laws (keeping it secure, using it only for tenancy purposes, etc.). Matchouse cannot be held liable for any breach on your part in how you handle data you obtained through our system. We encourage all users to respect privacy and secure any data they download or store from Matchouse.

14. Liability Disclaimer

No Warranty for Third-Party Actions: While Matchouse is committed to protecting your information, we cannot and do not guarantee the privacy or security of information you choose to share with another Matchouse user or third-party, and we disclaim liability for the actions of those third parties. If you suffer harm or loss because another user or an unrelated third party misused your personal data (for example, a counterparty using your phone number for harassment, or a data breach on a third-party payment processor), Matchouse will not be responsible for those outcomes. We contractually require certain standards of our partners and provide guidance to users, but ultimately we do not control third parties' actions and thus cannot accept liability for them.

Security Incidents Outside Our Control: Matchouse maintains high security standards (see Data Security section). However, in the event of a breach or unauthorized access that occurs despite our safeguards – particularly if caused by factors beyond our control, such as a cyber-attack by an advanced actor, force majeure events, or your own security lapses (e.g., you fell victim to phishing or reused a compromised password) – Matchouse will not be held liable for the consequences of such incidents, provided we have complied with applicable laws and taken reasonable measures to protect your data. We will of course fulfill any legal obligations in responding to the incident (including notification and remediation), but we cannot guarantee compensation for external breaches or user errors that are not due to our negligence.

No Indirect Liability: We are not liable for any indirect, incidental, special, consequential or punitive damages related to your use of personal data on the Platform, or any loss of data that was beyond our reasonable control. Our liability to you, in any event, will be limited as set out in our Terms of Service. (This clause is not intended to limit rights you have under GDPR or applicable law to seek compensation for breaches; rather it clarifies that standard platform provider limitation of liability applies to contexts outside of legal violations.)

Indemnity for Misuse: If you, as a user, misuse the Platform or someone's data causing Matchouse to incur liability (for instance, a claim or fine because of something you did with data obtained from Matchouse), you may be required to indemnify Matchouse as per our Terms of Service. We put this here as a reminder that protecting privacy is a shared responsibility.

15. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make material changes, we will notify you by posting the updated policy on our website and updating the "Last Updated" date at the top. In some cases, we may provide additional notice (such as adding a statement to our homepage or sending you a notification or email).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If you do not agree with any updates to the policy, you should discontinue using the Platform or adjust your preferences. Where required by law (for example, if new processing purposes are introduced that rely on consent), we will obtain your consent or give you a choice before the changes take effect.

16. Contact Us and Complaints

If you have any questions, comments, or requests regarding this Privacy Policy or our data handling practices, please do not hesitate to contact us:

Email: [email protected]
Address: Percy Real Estate Ltd, 25 Cabot Square, Canary Wharf, London, E14 4QZ
Data Protection Officer: Percy Real Estate Ltd

We will be grateful for the chance to address your concerns. Your feedback helps us improve.

Complaints: If you are ever dissatisfied with how we handle your personal data or any privacy request, please let us know and we will try our best to resolve the issue. In the event that you feel we have not adequately addressed your concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) or your local supervisory authority.

• UK ICO: You can contact the ICO (the UK's data protection regulator) by visiting their website ico.org.uk/concerns or calling their helpline. The ICO's address is Water Lane, Wycliffe House, Wilmslow, Cheshire SK9 5AF, United Kingdom.
• EEA Supervisory Authorities: If you reside in the EEA, you can find the contact details of your national data protection authority via the European Data Protection Board website. You have the right to lodge a complaint with your local authority or with our lead authority if one is designated.

We do ask that before you approach a regulator, you give us the opportunity to address your complaint directly – we are committed to resolving any issues in a fair and transparent manner. Your privacy is of utmost importance to Matchouse, and we will continually work to protect and respect it in everything we do.

When you exercise any of these rights we will respond within a reasonable period and in any event within one month (in compliance with the UK GDPR and the EU GDPR). Please note that in some circumstances we have the right to extend the period within which we respond to your rights request by up to two months.

If you have consented to our processing of your personal data, you have the right to withdraw, at any time, any consent that you have previously given to us for use of your personal information. In certain circumstances even if you withdraw your consent we may still be able to process your personal information if required or permitted by law or for the purpose of exercising or defending our legal rights or meeting our legal and regulatory obligations.

To make a request to exercise any of these rights (where applicable) in relation to your personal data, please contact us using the relevant contact details above.