Privacy Statement

Last updated: April 2026

Phoenix Health, Safety and Compliance ("Phoenix H&S", "we", "our", "us") is committed to protecting your personal information and respecting your privacy. This Privacy Statement explains how we collect, use, store, and protect your personal data when you visit our website or use our services.

Key Points:

We collect only essential information needed to provide our services
We will never sell your data to third parties
You can request deletion of your data at any time
We comply with UK GDPR, Data Protection Act 2018, and PECR regulations

1. Who We Are

Data Controller: Phoenix Health, Safety and Compliance
Contact: phoenixsafetycompliance@gmail.com
Service Area: United Kingdom

We are a UK-based health and safety consultancy specialising in construction and electrical contractor safety compliance.

2. What Information We Collect

Information You Provide Directly:

Name and email address - when you sign up for free resources or newsletters
Company name - when requesting business services
Additional context - any information you choose to provide in "What do you need help with?" form fields
Payment information - processed securely by Stripe (we do not store card details)

Information Collected Automatically:

Technical data - IP address, browser type, device type, operating system
Usage data - pages visited, time spent on site, referral sources (via Cloudflare analytics)

3. How We Use Your Information

We use your personal data for the following purposes:

Service Delivery (Lawful Basis: Contract / Legitimate Interest)

Sending requested free resources (RAMS templates, toolbox talks)
Processing purchases through Stripe
Responding to enquiries about our services
Delivering purchased products and services

Marketing Communications (Lawful Basis: Consent / Soft Opt-In)

Sending safety tips, regulatory updates, and product information
Promotional emails about our services (only if you've opted in or under the PECR soft opt-in exception for existing customers)

Your Marketing Rights:
You can unsubscribe from marketing emails at any time using the unsubscribe link in every email. This will not affect service-related communications (like order confirmations or account updates).

Website Improvement (Lawful Basis: Legitimate Interest)

Analyzing website traffic and user behavior to improve our service
Testing new features and content
Ensuring website security and preventing fraud

4. Who We Share Your Data With

We only share your personal information with trusted third-party service providers who help us operate our business:

Cloudflare - Website hosting and CDN (based in USA, adequate data protection)
Stripe - Payment processing (PCI-DSS compliant, does not share card details with us)
Email service provider - For sending newsletters and service emails (currently via direct SMTP, may move to MailerLite/ConvertKit in future)
Make.com - Automation platform for content scheduling (EU-based)

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

International Transfers

Some of our service providers (like Cloudflare and Stripe) are based outside the UK/EU. We ensure these transfers are protected by:

EU-US Data Privacy Framework participation
Standard Contractual Clauses (SCCs)
Adequacy decisions recognized by the UK government

5. How Long We Keep Your Data

Marketing contacts: Until you unsubscribe, or after 3 years of inactivity (no email opens/clicks)
Customer records: 7 years after last purchase (UK tax law requirement)
Enquiry data: 2 years from last contact (unless you become a customer or subscriber)
Website analytics: Anonymized after 26 months (Cloudflare default)

6. Your Data Protection Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

Right to Access - Request a copy of the personal data we hold about you
Right to Rectification - Correct inaccurate or incomplete information
Right to Erasure - Request deletion of your data (subject to legal obligations)
Right to Restrict Processing - Limit how we use your data in certain circumstances
Right to Data Portability - Receive your data in a machine-readable format
Right to Object - Object to processing based on legitimate interests or for marketing purposes
Right to Withdraw Consent - Withdraw consent for processing at any time (where consent is the lawful basis)

To exercise any of these rights, contact us at phoenixsafetycompliance@gmail.com. We will respond within 30 days.

7. Cookies and Tracking

Our website currently uses minimal cookies:

Essential cookies: Required for basic site functionality (session management)
Cloudflare analytics: Privacy-friendly server-side analytics (no personal identifiers, GDPR-exempt under DUAA 2025 analytics cookie relaxation)

We do not currently use:

Google Analytics
Facebook Pixel or Meta tracking
Third-party advertising cookies

If we introduce additional tracking in future, we will update this policy and implement a cookie consent banner where required under PECR.

8. Security Measures

We take appropriate technical and organizational measures to protect your personal data:

HTTPS encryption - All data transmitted to/from our website is encrypted using SSL/TLS
Secure hosting - Cloudflare's enterprise-grade infrastructure with DDoS protection
Payment security - Stripe handles all card data (PCI-DSS Level 1 compliant)
Access controls - Limited access to personal data on a need-to-know basis
Regular reviews - Periodic security and privacy assessments

While we implement robust security, no internet transmission is 100% secure. We cannot guarantee absolute security but will notify you of any data breaches as required by UK GDPR.

9. Children's Privacy

Our services are intended for business professionals and are not directed at children under 18. We do not knowingly collect data from minors. If you believe we have inadvertently collected information from a child, contact us immediately for deletion.

10. Changes to This Privacy Statement

We may update this Privacy Statement to reflect changes in our practices or legal requirements. Significant changes will be communicated via:

A notice on our website homepage
Email notification to active subscribers (for material changes affecting your rights)

The "Last Updated" date at the top of this page shows when changes were last made.

11. Complaints and Regulatory Contact

If you're unhappy with how we've handled your personal data, you have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
Website: ico.org.uk

We encourage you to contact us first so we can try to resolve any concerns.

12. Contact Us

For any questions about this Privacy Statement or how we handle your data:

Email: phoenixsafetycompliance@gmail.com
Subject line: "Privacy Enquiry - [Your Question]"

We aim to respond to all privacy-related queries within 5 working days.

This Privacy Statement complies with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, Privacy and Electronic Communications Regulations (PECR), and Data (Use and Access) Act 2025 (DUAA).

← Return to Phoenix H&S Homepage