Privacy policy

Privacy Policy

Phase 3 Medical Communications Ltd and Chill Pill Media Ltd are committed to protecting your personal data. This policy outlines:

What data we collect
How we use it
When we might share it
Your rights and choices
How we safeguard your information

1. Who We Are

Phase 3 Medical Communications Ltd (company number 11725207), registered address: 9, Yeovil Innovation Centre, Barracks Cl, Copse Road, Yeovil, Somerset BA22 8RN, and Chill Pill Media Ltd (company number 10721542), registered address: Chancery Station House, 31-33 High Holborn, London WC1V 6AX, are joint data controllers and registered in England and Wales.

2. What Personal Data do we collect

Personal data includes any information that can identify you, such as your name, address, email, phone number, and device identifiers like IP addresses.

We may also collect, use and share anonymised data and aggregated data such as statistical or demographic data for any purpose. Anonymised and aggregated data may be derived from your personal data but are not considered personal data in law if these data do not directly or indirectly reveal your identity. For example, we may aggregate statistics to understand usage of our website.

Examples of the data we may collect include:

Identity Data includes first name, last name, title or role and the company you work for.
Contact Data includes email address, work details, work address, telephone numbers.
Matter Data includes personal information provided to us by you or on your behalf, or by or on behalf of counterparties, or generated by us in the course of providing our services, which may include special categories of data.
Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
Usage Data includes information about how you use our website and email tracking data about whether you open, or click on links within, our marketing-related emails.
Marketing and Communications Data includes your preferences in receiving marketing communications from us.

3. How We Collect Data
We collect data through:

Direct interactions (e.g., contact forms, job applications, feedback)
Third parties (e.g., analytics providers, payment processors)
Automated technologies (e.g., cookies, device info)

Our website may from time to time contain links to and from the websites of other businesses. If you follow a link to any of these websites, please note that these websites have their own privacy notices and that we do not accept any responsibility or liability for their privacy obligations. Please check their privacy notices before you submit any personal data to these websites.

4. How We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where you have given your consent to the processing of your personal data for a particular purpose.
Where it is necessary for the performance of a contract with you or to take steps to enter into a contract with you.
Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.

For each purpose for which we collect or use your personal data, we rely on one (or more) of these legal grounds under UK GDPR:

Purpose	Lawful Basis
Responding to enquiries (e.g. contact form)	Performance of a contract*
Processing job applications	Legitimate interests**
Managing bookings, events or training	Performance of a contract*
Handling payments	Legal obligation (accounting/ tax)
Sending marketing emails or newsletters	Consent (opt-in)
Website analytics (e.g. Google Analytics)	Legitimate interests (to improve UX)
Fraud detection & security	Legitimate interests (to protect our network)
Compliance with a court order or regulator request	Legal obligation

* “Performance of a contract” covers when you’ve asked us to provide a service.
** “Legitimate interests” are limited to what you’d reasonably expect—if you ever feel unfairly affected, you can object (see Section 10).

5. Retention of Your Data

We keep your information only as long as necessary to fulfil the purpose, plus any additional time required by law. Typical retention periods are:

Data Category	Retention Period
Contact-form enquiries	1 year after last correspondence
Job applications (CVs, cover letters)	6 months from application review
Event or training registrations	3 years for audit and liability purposes
Financial & billing records	7 years (HMRC requirement)
Marketing consents & opt-out logs	Until you withdraw consent + 1 year for audit trail
Analytics data (aggregated, pseudonymized)	26 months, then auto-deleted or fully aggregated
Security logs & fraud-prevention data	1 year

After each period lapses, we securely delete or irreversibly anonymize your data.

6. Sharing Your Data

We may share data:

Within our partnership or with our IT service providers
As required by law or to enforce agreements
To detect and prevent fraud or misuse
In case of business sale or transfer
For analytics (e.g., Google Analytics)

Your personal information will be processed by us in the UK and the European Economic Area (EEA). Some of your personal data may be transferred, stored and/or processed outside of the UK and the EEA (including in the US) as our suppliers sometimes operate from outside of these jurisdictions. Whenever we transfer your data outside of the UK/EEA we ensure a similar degree of protection is afforded to it by utilising data transfer safeguards prescribed by data protection laws.

7. Security and Storage

We are committed to taking all reasonable steps to ensure the security of your information. Data are securely stored in Microsoft, Zoom and Google cloud environments. We use encryption and work with Cyber Essentials PLUS certified IT service providers.

However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and us or information stored on our website or host cloud environments will be completely free from unauthorized access by third parties such as hackers. Your use of our website demonstrates your assumption of this risk.

8. Protection for Children

This website and our services are not intended for users under the age of 13 years. If you are the parent or guardian of a child whom you believe has disclosed Personal Information to us, please contact us so that we may delete and remove such information from our system.

9. Data subject rights and complaints

Under the UK GDPR, you have the right to:

Access the personal data we hold about you and obtain a copy.
Rectify any inaccurate or incomplete information.
Erase your data (“right to be forgotten”) where there is no overriding legal requirement for us to keep it.
Restrict our processing of your data—for example while we verify a dispute.
Object to our processing where we rely on legitimate interests (you can ask us to stop unless we have compelling grounds).
Portability—receive your data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
Withdraw consent at any time for any processing based solely on your prior consent (this will not affect processing carried out before withdrawal).

To exercise any of these rights, or if you have questions about how we handle your data, please contact:

Data Protection Officer
Phase 3 Medical Communications Ltd & Chill Pill Media Ltd
Email: support@phase3medcomms.com
Address: see Section 1

We aim to respond to all requests within one calendar month of receipt. If your request is complex or numerous, we may extend by a further two months, but we’ll let you know within one month why and by when we’ll reply.

If you believe we have breached UK data protection law, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Website: https://ico.org.uk/make-a-complaint/
Helpline: 0303 123 1113

10. Effective Date

This policy was updated on 30th May 2025.
We may update this policy. Changes will be posted on this page.