Trainingmatching

Oh no, something went wrong. Please check your network connection and try again.

Privacy Policy

Last updated: 18 September 2025

Important notice
This Privacy Policy is an English translation of the original Dutch Privacy Policy of Trainingmatching.com International B.V. In case of any conflict, inconsistency, or difference in interpretation between this English version and the Dutch version, the Dutch version shall prevail. Dutch law applies.

About this Privacy Policy

We are Trainingmatching.com International B.V. (“Trainingmatching.com”, “we”, “us” or “our”). This Privacy Policy applies to everyone who uses or considers using our products and services — such as providers who publish and sell offers via our platform, and participants (consumers or businesses) who search and book services through our platform.

This Privacy Policy explains:

  • which personal data we collect and process;
  • why and on which legal basis we process it;
  • with whom we share data and where it is processed;
  • how long we retain data and how we protect it;
  • which rights you have and how you can exercise them.

This Privacy Policy covers all data collected through our websites, (future) mobile apps, and related services (“the Platform”). Because our services evolve, this Policy may be updated. For material changes, we will inform you in advance via e-mail or inbox notification.

Definitions and roles under the GDPR

  • Trainingmatching.com: Trainingmatching.com International B.V., Olympia 2D, 1213 NT Hilversum, the Netherlands. Future affiliated entities may operate under the same responsibility.
  • Platform: our websites, (future) apps, and digital technologies that allow providers and participants to connect, communicate, and complete transactions.
  • Provider: a natural or legal person offering services/activities (e.g., courses, workshops, coaching) via the Platform.
  • Participant: a natural or legal person who searches and/or books via the Platform.
  • Personal data: any information relating to an identified or identifiable natural person (e.g., name, e-mail, IP address).
  • Controller: in most cases, Trainingmatching.com acts as controller. Providers are independent controllers for personal data they process in connection with their services, especially outside the Platform.
  • Processor: third parties engaged by us who process personal data on our behalf (e.g., hosting, payments, email).

See also our [Cookie Policy] for information about cookies and similar technologies.

Personal data we process

1) Data you provide

  • Account details: name, e-mail, phone number, password.
  • Profile (providers): profile photo, (company) name, description, qualifications, certifications, pricing.
  • Profile (participants): contact details, preferences, additional info (e.g., for group requests).
  • Payment / payout details: IBAN/payment method, transaction details (we do not store card data).
  • Address / ID data: where legally required (e.g., KYC/AML).
  • Communications: messages via the inbox module and contacts with support.
  • Reviews/feedback: score, comments, (display) name, profile photo.

2) Data we collect automatically

  • Technical: IP address, browser type, device/OS, language.
  • Usage: search queries, clicks, visited pages, navigation.
  • Logs: date/time, error reports, system activity.
  • Source: how you accessed the Platform (advertisement/partner/referral).
  • App data (future): crash logs, unique device IDs.

3) Data from other sources

  • Payment providers (transaction settlement, chargebacks).
  • Strategic/marketing partners (campaign measurement, anti-fraud).
  • Providers/participants (complaints, disputes).
  • Social media (if you link accounts).
  • Fraud prevention/security services.

We may combine this information to provide services, prevent fraud, and support users.

Purposes and legal bases (GDPR Art. 6)

A. Execution of bookings/requests

  • Examples: confirmations, changes, payments.
  • Legal basis: contract (Art. 6(1)(b)).

B. Customer service

  • Examples: answering questions, resolving issues, mediating disputes.
  • Legal basis: contract / legitimate interest (Art. 6(1)(b)/(f)).

C. Accounts & profiles

  • Examples: creating/managing accounts, visibility of profiles.
  • Legal basis: contract / legitimate interest (Art. 6(1)(b)/(f)).

D. Marketing & recommendations

  • Examples: newsletters, personalized suggestions.
  • Legal basis: consent (Art. 6(1)(a)) and/or legitimate interest (Art. 6(1)(f)).

E. Operational communication

  • Examples: reminders, notifications, security alerts.
  • Legal basis: contract / legitimate interest (Art. 6(1)(b)/(f)).

F. Research & surveys

  • Examples: voluntary participation in user research.
  • Legal basis: legitimate interest / consent (Art. 6(1)(f)/(a)).

G. Analytics & improvement

  • Examples: performance monitoring, bug fixing, optimization.
  • Legal basis: legitimate interest (Art. 6(1)(f)).

H. Price & availability

  • Examples: location/device-based display of prices.
  • Legal basis: contract / legitimate interest (Art. 6(1)(b)/(f)).

I. Reviews

  • Examples: collecting, publishing, moderating.
  • Legal basis: legitimate interest (Art. 6(1)(f)).

J. Communication monitoring

  • Examples: compliance checks, anti-spam, abuse prevention.
  • Legal basis: legitimate interest (Art. 6(1)(f)).
  • Note: Messages via the inbox module may be accessed if necessary for fraud investigations, security, dispute handling, or compliance.

K. Security & fraud prevention

  • Examples: detection, investigation, enforcement (incl. automated alerts with human review).
  • Legal basis: legitimate interest / legal obligation (Art. 6(1)(f)/(c)).

L. Legal obligations

  • Examples: tax retention, regulatory oversight, legal proceedings.
  • Legal basis: legal obligation (Art. 6(1)(c)).

Sharing of personal data

Within Trainingmatching.com (group)

Data may be shared within Trainingmatching.com International B.V. and future affiliates for:

  • managing bookings and payments;
  • customer support;
  • fraud/security/datalek (notice-and-action);
  • analytics and product improvement;
  • marketing/personalization (where lawful or with consent);
  • technical hosting and maintenance;
  • compliance with law/regulation.

Legal basis: legitimate interest, legal obligation, or consent (where applicable). Always under contractual and technical safeguards.

With third parties

  • Providers: only necessary booking/contact data (never payment card details). Sometimes additional info (e.g., booking history, cancellations) to prevent misuse.
  • Payment providers: settlement, refunds, chargebacks; partly as independent controllers (e.g., AML/financial regulation).
  • Strategic/marketing partners: visibility, measurement, anti-fraud; with consent or clear role-sharing agreements.
  • Service providers/processors: hosting, e-mail, analytics, support, IT maintenance, research, marketing, legal/accounting. Always bound by data processing agreements.
  • Authorities: where legally required (e.g., fraud, criminal investigation, tax).
  • Other partners: where strictly necessary for combined services (e.g., venue hire, catering, certification).

International data transfers

Data may be processed outside the EEA/UK (e.g., cloud, analytics, marketing). We ensure safeguards under GDPR (Art. 44–46):

  • Adequacy decisions, or
  • Standard Contractual Clauses (SCCs) + technical measures (e.g., encryption).

Details available upon request at privacy@trainingmatching.com.

Retention periods

  • Account data: as long as the account is active. Deleted within 30 days after closure, unless law requires longer retention.
  • Booking/transaction data: up to 7 years (tax/legal).
  • Messages (inbox): as long as needed for execution, disputes, safety.
  • Reviews: may remain visible unless deletion/anon request is possible.
  • Logs/security data: usually ≤ 12 months, longer if required for investigations.

After expiry, data will be securely deleted or irreversibly anonymized.

Security

We take measures in line with GDPR Art. 32, including:

  • TLS encryption in transit and encryption at rest where applicable;
  • strict access control and MFA for administrators;
  • logging/monitoring and vulnerability management;
  • secure SDLC, backups, recovery;
  • processor/sub-processor oversight.

No system is 100% secure. See also limitations of liability in our Terms & Conditions.

Cookies & tracking

We use cookies, pixels, scripts, and local storage. For details on types, purposes, consent, and your options, see our [Cookie Policy]. Essential cookies do not require consent; preference, analytics, and marketing cookies do.

Artificial intelligence & automated decision-making

We may use AI for fraud detection, recommendations, search, analytics, and support.

  • Data is anonymized/pseudonymized where possible.
  • No solely automated decisions with legal or similarly significant effects are made (GDPR Art. 22). Automated fraud blocks are always subject to human review.
  • Legal basis: contract, legitimate interest, or consent (for personalization/marketing).
    You can object, request explanation, or demand human review.

AI Chatbot (Athena) and Privacy

  1. Purpose of Athena
    Trainingmatching.com provides an AI chatbot (“Athena”) as an informational support tool within the Platform. Athena may assist with navigation, answering questions about the Platform, or providing general guidance.

  2. Processing of data
    When you interact with Athena, your input (the questions and messages you type) and the chatbot’s responses may be processed for the following purposes:

  • to provide answers and guidance in real time;
  • to improve the chatbot’s accuracy and functionality;
  • to ensure compliance with our security, fraud-prevention, and support policies.
  1. Type of data collected
    The following categories of data may be processed when using Athena:
  • User input (messages/questions entered into the chatbot);
  • Technical metadata (time, device, browser, session ID);
  • Contextual usage data (frequency of use, error reports).

Athena does not intentionally process sensitive personal data (such as health, political, religious, or financial account details). Users should not share confidential or sensitive information with Athena.

  1. Storage and retention
    Chatbot interactions may be logged and stored securely for:
  • debugging and service improvement (short-term logs), and
  • legal and security compliance (where applicable).
    We apply strict retention limits and anonymization wherever possible.
  1. Legal basis under GDPR
    The processing of data by Athena is based on:
  • Legitimate interest (Art. 6(1)(f) GDPR) – ensuring a functional and user-friendly platform;
  • Consent (Art. 6(1)(a) GDPR) – when users choose to share data for personalized guidance or support.
  1. Sharing of data
    Trainingmatching.com does not share Athena’s conversation data with third parties, except:
  • where legally required (e.g., in response to lawful requests by authorities);
  • with contracted processors that support hosting, logging, or technical improvement of the chatbot, always under strict data processing agreements (DPAs).

  1. User responsibility
    Users remain fully responsible for the information they provide to Athena. You must not use the chatbot to transmit unlawful, sensitive, or misleading information.

  2. No automated decisions with legal effect
    Athena does not take automated decisions that produce legal or similarly significant effects (Art. 22 GDPR). Any system-flagged case (e.g., fraud suspicion) is always reviewed by a human.

  3. Indemnification
    By using Athena, users agree that Trainingmatching.com is not liable for decisions taken on the basis of chatbot responses. Users indemnify Trainingmatching.com against any claims, damages, or costs arising from reliance on Athena’s answers, except where liability cannot be excluded by mandatory law.

Minors

Our services are intended for users 18+. Data from minors is only processed with parental/legal guardian consent or through a responsible organization.

Providers offering services for minors are independently responsible for compliance with relevant child data laws. If we discover unlawful processing of minors’ data, we will delete it as soon as possible.

Your rights under GDPR

You may exercise:

  • Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17);
  • Restriction (Art. 18), Data portability (Art. 20);
  • Objection (Art. 21) to processing based on legitimate interest/marketing;
  • Withdrawal of consent (Art. 7) without affecting prior lawful processing.

Requests can be made via:

  • Account settings (where available)
  • E-mail: privacy@trainingmatching.com
  • Mail: Trainingmatching.com International B.V., Attn: Privacy Team, Olympia 2D, 1213 NT Hilversum, The Netherlands

We may require verification of your identity. We respond within 1 month (extendable by 2 months for complexity).

If unsatisfied, you may file a complaint with the Dutch Data Protection Authority (www.autoriteitpersoonsgegevens.nl) or your local EEA regulator.

Responsibilities of providers

Providers using the Platform are independent controllers for personal data they process in connection with their services. They must comply with applicable privacy laws and implement appropriate safeguards.

Trainingmatching.com is not responsible for data processed by providers outside the Platform (e.g., via private email/phone).

Data breaches

In case of a data breach (unauthorized access, loss, misuse of personal data), Trainingmatching.com will:

  • promptly investigate;
  • notify the Dutch DPA where required (GDPR Art. 33);
  • notify affected users where required (GDPR Art. 34);
  • take corrective measures.

Providers are expected to meet their own legal obligations regarding data breaches.

Governing law and language

This Privacy Policy is governed by Dutch law.
In case of conflict between translations, the Dutch version prevails.

Contact details

Controller
Trainingmatching.com International B.V.
Olympia 2D
1213 NT Hilversum
The Netherlands

E-mail: privacy@trainingmatching.com

Data Protection Officer / Privacy Team
Reachable at privacy@trainingmatching.com

Supervisory authority
Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Changes to this Privacy Policy

We may update this Privacy Policy periodically. Check the effective date above. For material changes, we will inform you in advance via e-mail or inbox notification.

By continuing to use the Platform after the effective date, you agree to the updated version.