Privacy policy

Phase 3 Medical Communications Ltd and Chill Pill Media Ltd are committed to protecting your personal data. This policy outlines:

What data we collect
How we use it
When we might share it
Your rights and choices
How we safeguard your information

1. Who We Are

Phase 3 Medical Communications Ltd (company number 11725207), registered address: 9, Yeovil Innovation Centre, Barracks Cl, Copse Road, Yeovil, Somerset BA22 8RN, and Chill Pill Media Ltd (company number 10721542), registered address: Chancery Station House, 31-33 High Holborn, London WC1V 6AX, are joint data controllers and registered in England and Wales.

2. What is Personal Data?

Personal data includes any information that can identify you, such as your name, address, email, phone number, and device identifiers like IP addresses.

3. How We Collect Data

We collect data through:

Direct interactions (e.g., contact forms, job applications, feedback)
Third parties (e.g., analytics providers, payment processors)
Automated technologies (e.g., cookies, device info)

4. How We Use Your Data

For each purpose we collect or use your personal data, we rely on one (or more) of these legal grounds under UK GDPR:

Purpose	Lawful Basis
Responding to enquiries (e.g. contact form)	Performance of a contract*
Processing job applications	Legitimate interests**
Managing bookings, events or training	Performance of a contract*
Handling payments	Legal obligation (accounting/ tax)
Sending marketing emails or newsletters	Consent (opt-in)
Website analytics (e.g. Google Analytics)	Legitimate interests (to improve UX)
Fraud detection & security	Legitimate interests (to protect our network)
Compliance with a court order or regulator request	Legal obligation

* “Performance of a contract” covers when you’ve asked us to provide a service.
** “Legitimate interests” are limited to what you’d reasonably expect—if you ever feel unfairly affected, you can object (see Section 10).

5. Retention of Your Data

We keep your information only as long as necessary to fulfil the purpose, plus any additional time required by law. Typical retention periods are:

Data Category	Retention Period
Contact-form enquiries	1 year after last correspondence
Job applications (CVs, cover letters)	6 months from application review
Event or training registrations	3 years for audit and liability purposes
Financial & billing records	7 years (HMRC requirement)
Marketing consents & opt-out logs	Until you withdraw consent + 1 year for audit trail
Analytics data (aggregated, pseudonymized)	1 year
Security logs & fraud-prevention data

After each period lapses, we securely delete or irreversibly anonymize your data.

6. Sharing Your Data

We may share data:

Within our partnership or with our IT service providers
As required by law or to enforce agreements
To detect and prevent fraud or misuse
In case of business sale or transfer
For analytics (e.g., Google Analytics)

7. Security and Storage

We are committed to taking all reasonable steps to ensure the security of your information. Data is securely stored in Microsoft, Zoom and Google cloud environments. We use encryption and work with Cyber Essentials PLUS certified IT service providers.

However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and us or information stored on the Site or host cloud environments will be completely free from unauthorized access by third parties such as hackers. Your use of the Site demonstrates your assumption of this risk.

8. Your Rights

You can:

Withdraw consent
Request access or corrections to your data
Ask us to delete or limit use of your information

Please note that, although we may have removed your information from our list of active users, we reserve the right to keep any information submitted or collected for business reasons, such as archiving data.

9. Protection for Children

This website and our services are not intended for users under the age of 13 years.

10. Data subject rights and complaints

Under the UK GDPR, you have the right to:

Access the personal data we hold about you and obtain a copy.
Rectify any inaccurate or incomplete information.
Erase your data (“right to be forgotten”) where there is no overriding legal requirement for us to keep it.
Restrict our processing of your data—for example while we verify a dispute.
Object to our processing where we rely on legitimate interests (you can ask us to stop unless we have compelling grounds).
Portability—receive your data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
Withdraw consent at any time for any processing based solely on your prior consent (this will not affect processing carried out before withdrawal).

To exercise any of these rights, or if you have questions about how we handle your data, please contact:

Data Protection Officer

Phase 3 Medical Communications Ltd & Chill Pill Media Ltd
Email: support@phase3medcomms.com Address: see Section 1

We aim to respond to all requests within one calendar month of receipt. If your request is complex or numerous, we may extend by a further two months, but we’ll let you know within one month why and by when we’ll reply.

If you believe we have breached UK data protection law, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office

Website: https://ico.org.uk/make-a-complaint/
Helpline: 0303 123 1113

11. Effective Date

This policy was updated on 29th April 2025.
We may update this policy. Changes will be posted on this page.