top of page

Privacy Policy

At Competitive Drug Development International Ltd, we are committed to maintaining the trust and confidence of the visitors to our website. In this Privacy Policy we have provided information on when and why we collect your personal information, how we use it, the limited conditions under which we may disclose it to others and how we keep it secure. In this Privacy Policy, “CDDI”, “we” or “us” refers to Competitive Drug Development International Ltd.

https://cddi.co is the property of Competitive Drug Development International Ltd, a UK based limited company.

The party responsible for the processing of personally identifiable data on this website (the controller) is:

Competitive Drug Development International Ltd, 3 Courtnell Street, London, W2 5BU, UK

Email: dataprotection@cddi.co

ICO Registration Number: ZA836551

We hope that we can satisfy queries you may have about the way we process your data. You can get in touch with our person responsible for Data Protection if you have any concerns or queries about how we process your data at dataprotection@cddi.co.

 

You may also email our Data Protection Officer (“DPO”) at:

 

Name: Pridatect, S.L.

Email address: legal@pridatect.com

1. What personal data do we collect and for which purposes?

2. What is our legal basis for gathering this personal data?

3. Who do we share your data with?

4. Your rights as a data subject

5. How do we protect your Personal Data?

6. How long do we store Personal Data?

7. Applicant data

8. Updates to this Privacy Policy

9. Contact us

    1. What personal data do we collect and for which purposes?

    Via this website:

Technical information: When you open our Website, your browser will transfer certain technical data to our web server. This is done for technical reasons and is required to make available to you the requested information and provide you with a streamlined user experience. To facilitate your access to the Website, the following data is collected, briefly stored and processed:

  • IP address

  • Date and time of access

  • Content of request (specific site)

  • Status of access/HTTP status code

  • Transferred volume of data

  • Website requesting access

  • Browser, language settings, version of browser software operating system and surface

  • Cookies: The information gathered via this website are technical cookies, only designated to enhance the functioning and security of the site. CDDI has purposely minimised its cookie usage to ensure that your personal data is not used and transferred to third countries. The data captured by the cookies is anonymous. Additional information on how we use cookies and how you can control these can be found in our Cookie notice.

 

  • Contact forms:  If you contact us via the website’s contact form, CDDI will receive the name and email you have provided in addition to any other information you have included in the message.  This data is only transmitted via email and is not stored on the website. There is a specific ‘contact’ mailbox for the purpose of receiving contact form requests and access is limited. CDDI will use this data only for the purpose for which you have entrusted it to us.

The personal data obtained through any of the channels on the website will form part of the Register of Processing Activities (RoPA) owned by CDDI. This will be updated periodically in accordance with the provisions of the UK GDPR.

 

CDDI, and any services available from our website, are not directed to people under the age of 16. If you learn that a child under the age of 16 has provided us with their personal information without providing parental consent, please contact our Data Protection Officer immediately so that we can take appropriate action. We reserve the right to delete any such data where we suspect it relates to anyone under the age of 16.

    2. What is our legal basis for gathering this personal data?

Our legal basis for collecting and using your personal data on this website will depend on the personal data concerned and the specific context in which we collect it.

Unless otherwise indicated in the following chapters, the legal basis for the handling of your personal data results from the fact that such handling is required to make available the functionalities of the Website requested by you. Depending on your engagement with the website, Art. 6(1)(f) of the UK GDPR represents the lawful basis for temporary storage of log and security files.

 

The legal basis for the use of cookies on this website would usually be consent (Art. 6(1)(a) UK General Data Protection Regulation), however the cookies are limited to technical storage or security and those that are strictly necessary in order to provide the website service. For this reason, consent is not required.

 

Any data provided via our contact form will be processed according to legitimate interest (Art. 6(1)(f) UK General Data Protection Regulation). The processing of this personal data allows us to process your contact request and respond. If you submit your CV to us via the contact form, the lawful basis will be Art. 6(1)(b) of the UK GDPR, processing necessary to enter a contract. The contact mailbox is frequently purged of old contact requests to ensure that data is not maintained and stored for longer than is necessary to respond to your request, unless the information is transferred to another mailbox for another purpose - e.g., if you initially contact us to ask a question and then decide to apply to an open role via email.

 

Applicant data will be processed by us in order to assess whether the applicant is a good fit for our organisation. We primarily post job openings to LinkedIn, where the lawful basis will be Art. 6(1)(a) of the UK GDPR. If you are successful in applying, Art 6(1)(b) will apply when processing your data to enter the employment contract. Where we collaborate with recruitment agencies, they will gather any required consents and provide you with notice regarding how your data will be processed and shared with us. You may submit your CV via the contact us form, in which case the lawful basis will be Art. 6(1)(b).

 

Data related to the Equality Act 2010 will be processed according to Art. 6 (1)(c), legal obligation. The lawful basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious or ethnicity information is article 9(2)(b) of the GDPR, which relates to our obligations in employment and the safeguarding of your fundamental rights. And Schedule 1 part 1(1) of the DPA2018 which again relates to processing for employment purposes is with your express Consent.

 

We may process information about applicant criminal convictions and offences for certain job roles. We will always get your consent for this type of processing, unless you are a current employee and it is required to comply with our legal or contractual obligations (or those of our clients). We will always inform you before we request these types of checks.

 

    3. Who do we share your data with?

 

Via this website:

 

In general, CDDI does not share your personal data with any third parties except in those situations where processors are used to manage the delivery of the website. In these cases, we ensure that the recipients respect confidentiality and have the appropriate contractual measures - Data Processing Agreements (“DPAs”) or International Data Transfer Agreements (“IDTAs”)/Standard Contractual Clauses (“SCCs”), as appropriate - in place to protect personal data.

 

Recipients:

 

Web hosting: The CDDI website is hosted by Wix via Amazon Web Services. Wix maintains headquarters in Israel, an adequate country under the GDPR, and stores limited technical data on servers located in Israel, Ireland and the United States of America. Amazon Web Services has been configured to ensure that your personal data is geolocated to Germany.

 

Applicants: CDDI primarily uses LinkedIn as a job portal. They are a US company, and you can view their privacy policy here. We occasionally employ the use of third-party recruitment agencies, though we do not use just one. In these instances, they will be bound by Data Processing Agreements to ensure your data is safeguarded and provide you with appropriate privacy notices.

 

Contact form: Information provided via the contact form will only be transferred to and accessible to employees for whom this information is directly relevant to their job function. The contact form automatically transmits your request to our contact inbox, which means Microsoft (via Outlook) is a recipient.

 

Disclosure to authorities: When obliged by applicable law or regulation, or by a competent court or authority, CDDI may need to disclose personal information necessary or desirable to comply with legal or regulatory obligations. Where possible, you will be informed in these circumstances.

 

It is important to note that Wix, AWS, LinkedIn and Microsoft – as processors – have either a headquarters in the United States, are affiliated with a United States office, or process data in some form in the United States. The United States has not yet received a finding of “adequacy” from the UK Secretary of State under Article 45 of the UK GDPR, which means your data might not receive their equal protection as under the UK or EU GDPR. Once the upcoming adequacy decision, the ”data bridge” is in place, we will endeavour to engage only with US companies that are certified. All listed processors are currently participants of the EU-US Data Privacy Framework.

 

Until further developments are achieved on this matter, we rely on contractual measures as set forth in Article 46 of the UK GDPR. In particular, we collect and transfer to the U.S. personal data only: when necessary, and when International Data Transfer Agreements and other safeguards are in place. We and our processors endeavour to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with us and the practices described in this Privacy Policy.

 

Please note that transfers to the US are very limited, and in particular, transfers from large cloud companies (Google, Youtube, etc.) could be declared illegal in court. Therefore, this paragraph as a “disclaimer” should not be understood as a disclaimer that may protect the company in case of inspection, but rather, as a gesture of good faith or transparency that allows users to make a better decision.

 

        4. Your rights as a data subject

You have various rights in relation to your personal information under the UK GDPR and EU GDPR. In particular, you have the right to:

  • Obtain confirmation that we are processing your personal information and request a copy of the personal information we hold about you

  • Obtain a copy of your data in a machine-readable format

  • Ask that we update the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete

  • Ask that we delete personal information that we hold about you, or restrict the way in which we use such personal information

  • Object to our processing of your personal information for reasons of our own legitimate interest, public interest, or profiling, unless we are able to proof that compelling, warranted reasons superseding your interests, rights and freedom exist, or that such processing is done for purpose of the assertion, exercise or defence of legal claims

  • Wherever we rely on your consent, you will always be able to withdraw that consent

To exercise any of these rights, you can get in touch with us or our data protection responsible using the details set out at the start of this policy.

 

You have also the right to launch a complaint with the privacy commission (https://ico.org.uk) should you be of the opinion that we have not complied with applicable privacy obligations, though we encourage you to contact us directly as we may be able to immediately remedy any issue you may have.

    5. How do we protect your Personal Data?

We use appropriate technical, administrative, and physical safeguards to protect the information collected through this website. If you have reason to believe that your interaction with us is no longer secure (for example, if your personal information might have been compromised), please contact us immediately at dataprotection@cddi.co.

Protecting the information that we receive about you is our priority. We take appropriate security measures to protect your information from loss, misuse, and unauthorized access, alteration, disclosure, or destruction. We have taken measures to ensure the ongoing confidentiality, integrity, availability and resiliency of systems and services that process personal information and will restore the availability and access to information in the event of a physical or technical incident in a timely manner.

    6. How long do we store Personal Data?

We will retain your personal information for as long as needed or permitted considering the purpose(s) for which it was obtained.  CDDI maintains a retention policy and schedule for the purpose of ensuring your personal data is not stored longer than is necessary or legally required.

 

The criteria used to determine our retention periods include: 

(i) the length of time we have an ongoing relationship with you and provide the Service to you;

(ii) whether there is a legal obligation to which we are subject; and

(iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

 

For more specific information regarding how long we retain your data in particular, please contact our DPO at dataprotection@cddi.co.

    7. Applicant Data

 

CDDI does not have an application portal on our website, though you may submit your CV via our contact form. Please see section 2, “What is our legal basis for gathering this personal data”, for more information on how we process incoming applicant data. Our purpose for processing this information is to assess your suitability for a role you have applied for and to help us develop and improve our recruitment process.

 

Our primary method of recruitment is postings via LinkedIn. Further information about how they process your personal data can be found in their privacy policy. If you apply for one of our vacancies via the LinkedIn jobs page, LinkedIn will collect your CV and other application documents and information that you provide. This data will be made available to us for review. LinkedIn also uses cookies. You can find more information about LinkedIn’s terms of use here. We do not operate a talent pool of unsuccessful applicants, though at your request we may retain your CV for a further 12 months.

    8. Updates to this Privacy Policy

CDDI reserves the right to modify or amend this Policy. For instance, we may need to change this Policy as new privacy legislation is introduced, or as existing regulations are amended. Changes to this Policy will be posted on the CDDI website. Please check back periodically for updates to this Policy.

    9Contact us

If you have any questions, complaints, or concerns about this Privacy Policy or you wish to exercise your data privacy rights, please email us at dataprotection@cddi.co or write us at the following address:

Competitive Drug Development International Ltd

3 Courtnell Street

London W2 5BU

United Kingdom

 

Last review: 4 August 2023

 

Anchor 1
Anchor 2
Anchor 3
Anchor 4
Anchor 5
Anchor 6
Anchor 8
Anchor 9
Anchor 10
bottom of page