https://cddi.co is the property of Competitive Drug Development International Ltd, a UK based limited company.
The party responsible for the processing of personally identifiable data on this website (the controller) is:
Competitive Drug Development International Ltd, 3 Courtnell Street, London, W2 5BU, UK
ICO Registration Number: ZA836551
We hope that we can satisfy queries you may have about the way we process your data. You can get in touch with our person responsible for Data Protection if you have any concerns or queries about how we process your data at email@example.com.
You may also email our Data Protection Officer (“DPO”) at:
Name: Pridatect, S.L.
Email address: firstname.lastname@example.org
1. What personal data do we collect and for which purposes?
Via this website:
Technical information: When you open our Website, your browser will transfer certain technical data to our web server. This is done for technical reasons and is required to make available to you the requested information and provide you with a streamlined user experience. To facilitate your access to the Website, the following data is collected, briefly stored and processed:
Date and time of access
Content of request (specific site)
Status of access/HTTP status code
Transferred volume of data
Website requesting access
Browser, language settings, version of browser software operating system and surface
Contact forms: If you contact us via the website’s contact form, CDDI will receive the name and email you have provided in addition to any other information you have included in the message. This data is only transmitted via email and is not stored on the website. There is a specific ‘contact’ mailbox for the purpose of receiving contact form requests and access is limited. CDDI will use this data only for the purpose for which you have entrusted it to us.
The personal data obtained through any of the channels on the website will form part of the Register of Processing Activities (RoPA) owned by CDDI. This will be updated periodically in accordance with the provisions of the UK GDPR.
CDDI, and any services available from our website, are not directed to people under the age of 16. If you learn that a child under the age of 16 has provided us with their personal information without providing parental consent, please contact our Data Protection Officer immediately so that we can take appropriate action. We reserve the right to delete any such data where we suspect it relates to anyone under the age of 16.
2. What is our legal basis for gathering this personal data?
Our legal basis for collecting and using your personal data on this website will depend on the personal data concerned and the specific context in which we collect it.
Unless otherwise indicated in the following chapters, the legal basis for the handling of your personal data results from the fact that such handling is required to make available the functionalities of the Website requested by you. Depending on your engagement with the website, Art. 6(1)(f) of the UK GDPR represents the lawful basis for temporary storage of log and security files.
Any data provided via our contact form will be processed according to legitimate interest (Art. 6(1)(f) UK General Data Protection Regulation). The processing of this personal data allows us to process your contact request and respond. If you submit your CV to us via the contact form, the lawful basis will be Art. 6(1)(b) of the UK GDPR, processing necessary to enter a contract. The contact mailbox is frequently purged of old contact requests to ensure that data is not maintained and stored for longer than is necessary to respond to your request, unless the information is transferred to another mailbox for another purpose - e.g., if you initially contact us to ask a question and then decide to apply to an open role via email.
Applicant data will be processed by us in order to assess whether the applicant is a good fit for our organisation. We primarily post job openings to LinkedIn, where the lawful basis will be Art. 6(1)(a) of the UK GDPR. If you are successful in applying, Art 6(1)(b) will apply when processing your data to enter the employment contract. Where we collaborate with recruitment agencies, they will gather any required consents and provide you with notice regarding how your data will be processed and shared with us. You may submit your CV via the contact us form, in which case the lawful basis will be Art. 6(1)(b).
Data related to the Equality Act 2010 will be processed according to Art. 6 (1)(c), legal obligation. The lawful basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious or ethnicity information is article 9(2)(b) of the GDPR, which relates to our obligations in employment and the safeguarding of your fundamental rights. And Schedule 1 part 1(1) of the DPA2018 which again relates to processing for employment purposes is with your express Consent.
We may process information about applicant criminal convictions and offences for certain job roles. We will always get your consent for this type of processing, unless you are a current employee and it is required to comply with our legal or contractual obligations (or those of our clients). We will always inform you before we request these types of checks.
3. Who do we share your data with?
Via this website:
In general, CDDI does not share your personal data with any third parties except in those situations where processors are used to manage the delivery of the website. In these cases, we ensure that the recipients respect confidentiality and have the appropriate contractual measures - Data Processing Agreements (“DPAs”) or International Data Transfer Agreements (“IDTAs”)/Standard Contractual Clauses (“SCCs”), as appropriate - in place to protect personal data.
Web hosting: The CDDI website is hosted by Wix via Amazon Web Services. Wix maintains headquarters in Israel, an adequate country under the GDPR, and stores limited technical data on servers located in Israel, Ireland and the United States of America. Amazon Web Services has been configured to ensure that your personal data is geolocated to Germany.
Contact form: Information provided via the contact form will only be transferred to and accessible to employees for whom this information is directly relevant to their job function. The contact form automatically transmits your request to our contact inbox, which means Microsoft (via Outlook) is a recipient.
Disclosure to authorities: When obliged by applicable law or regulation, or by a competent court or authority, CDDI may need to disclose personal information necessary or desirable to comply with legal or regulatory obligations. Where possible, you will be informed in these circumstances.
It is important to note that Wix, AWS, LinkedIn and Microsoft – as processors – have either a headquarters in the United States, are affiliated with a United States office, or process data in some form in the United States. The United States has not yet received a finding of “adequacy” from the UK Secretary of State under Article 45 of the UK GDPR, which means your data might not receive their equal protection as under the UK or EU GDPR. Once the upcoming adequacy decision, the ”data bridge” is in place, we will endeavour to engage only with US companies that are certified. All listed processors are currently participants of the EU-US Data Privacy Framework.
Please note that transfers to the US are very limited, and in particular, transfers from large cloud companies (Google, Youtube, etc.) could be declared illegal in court. Therefore, this paragraph as a “disclaimer” should not be understood as a disclaimer that may protect the company in case of inspection, but rather, as a gesture of good faith or transparency that allows users to make a better decision.
4. Your rights as a data subject
You have various rights in relation to your personal information under the UK GDPR and EU GDPR. In particular, you have the right to:
Obtain confirmation that we are processing your personal information and request a copy of the personal information we hold about you
Obtain a copy of your data in a machine-readable format
Ask that we update the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete
Ask that we delete personal information that we hold about you, or restrict the way in which we use such personal information
Object to our processing of your personal information for reasons of our own legitimate interest, public interest, or profiling, unless we are able to proof that compelling, warranted reasons superseding your interests, rights and freedom exist, or that such processing is done for purpose of the assertion, exercise or defence of legal claims
Wherever we rely on your consent, you will always be able to withdraw that consent
To exercise any of these rights, you can get in touch with us or our data protection responsible using the details set out at the start of this policy.
You have also the right to launch a complaint with the privacy commission (https://ico.org.uk) should you be of the opinion that we have not complied with applicable privacy obligations, though we encourage you to contact us directly as we may be able to immediately remedy any issue you may have.
5. How do we protect your Personal Data?
We use appropriate technical, administrative, and physical safeguards to protect the information collected through this website. If you have reason to believe that your interaction with us is no longer secure (for example, if your personal information might have been compromised), please contact us immediately at email@example.com.
Protecting the information that we receive about you is our priority. We take appropriate security measures to protect your information from loss, misuse, and unauthorized access, alteration, disclosure, or destruction. We have taken measures to ensure the ongoing confidentiality, integrity, availability and resiliency of systems and services that process personal information and will restore the availability and access to information in the event of a physical or technical incident in a timely manner.
6. How long do we store Personal Data?
We will retain your personal information for as long as needed or permitted considering the purpose(s) for which it was obtained. CDDI maintains a retention policy and schedule for the purpose of ensuring your personal data is not stored longer than is necessary or legally required.
The criteria used to determine our retention periods include:
(i) the length of time we have an ongoing relationship with you and provide the Service to you;
(ii) whether there is a legal obligation to which we are subject; and
(iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).
For more specific information regarding how long we retain your data in particular, please contact our DPO at firstname.lastname@example.org.
7. Applicant Data
CDDI does not have an application portal on our website, though you may submit your CV via our contact form. Please see section 2, “What is our legal basis for gathering this personal data”, for more information on how we process incoming applicant data. Our purpose for processing this information is to assess your suitability for a role you have applied for and to help us develop and improve our recruitment process.
CDDI reserves the right to modify or amend this Policy. For instance, we may need to change this Policy as new privacy legislation is introduced, or as existing regulations are amended. Changes to this Policy will be posted on the CDDI website. Please check back periodically for updates to this Policy.
9. Contact us
Competitive Drug Development International Ltd
3 Courtnell Street
London W2 5BU
Last review: 4 August 2023