Cdmo Services
Skip to main content

Explore about our broad range of CDMO Services and Products

Privacy Policy

KD Pharma Group – Privacy notice

Introduction and summary of our privacy policy

The KD Pharma Group specialises in research and development which accelerate pharmaceutical and product development. KD Pharma respects your privacy and is committed to protecting your Personal Data. This Notice tells you how we look after your Personal Data, the privacy rights you have according to applicable laws (including the General Data Protection Regulation (GDPR)) and how the law protects you.

You can click on the links below to find out more information:


KD Pharma Group (referred to as KD Pharma Group, "we", "us" or "our" in this privacy policy) is a Controller of the personal data to which this privacy policy relates. This means that we are responsible for making sure that we process your personal data in a safe and lawful way.

We have appointed a data protection officer (“DPO”) whose role includes overseeing questions in relation to how we process your personal data. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact our DPO using the details set out below.

Contact details

Our contact details are:

Our full name: KD Pharma Group

Email address:

Our postal address: Via Campagna 30, 6934 Bioggio, Lugano.

Our outsourced DPO contact details are:

DPO contact name: Amy Ford

DPO email address:

When we process personal data in the UK or UK citizen data, we have a UK representative who can also be contacted if you have any questions or concerns on how your data is processed, +44 (0)20 3637 1111 and

Personal data processed

We process the following personal data for the purposes listed. Where we use personal data, we will only use the minimum necessary personal data for that purpose.

Purposes of processingTypes of individualsTypes of personal dataRetention periodLawful basis
Project management, financial recordsPartners, Clients/staff or staff of suppliers and organisations associated with client projectsName, work email address, work telephone numbers.8 years after last paymentArticle 6(1)(b) - contract
Financial records and account managementSuppliersName, work email address, work telephone numbers8 years after last supplyArticle 6(1)(b) - contract
Marketing of products and services, invitation to events, networkingPotential clients and suppliersName, email address, telephone number, organisation, job title.2 years from last contact.Article 6(1)(a) – consent.
Recruitment, benefits, employment, contract, sickness, holiday, pension, payroll, emergency contract in case of injury or illness.Employees and contractorsName, email address, telephone number, address date of birth, social security number, Emergency contact details.8 years after leavingArticle 6(1)(b) – contract
Pension, basic staff record to allow for factual employment verification.Past staffName, email address, telephone number, address, birthday, social security numberWe will follow the pension regulator retention schedule or employment lawArticle 6(1)(c) legal obligation.
To conduct researchPatients who register their interest and participate and study team professionals who conduct the researchName, contact details, study ID and health data.15 years (UK) 25 years (EEA)Article 6(1)(f) – legitimate interest and Article 9(2)(j) research
To ensure our patients are safe throughout the researchPatients who participate in the research and study team professionals who conduct the researchName, contact details, study ID and health data15 years (UK), 25 years (EEA)Article 6(1)(c) legal obligation and Article 9(2)(i) in the public interest to ensure high standards of quality and safety.
Further research purposesAll patients who participated in the research and the study team professionals who conducted the research.Health data15 years (UK), 25 years (EEA)Article 6(1)(f) legitimate interest and Article 9(2)(j) research
Communicating regarding any concerns, queries or complaintsAll patientsName, contact details, any relevant information including health8 yearsArticle 6(1)(f) legitimate interest and Article 9(2)(i) in the public interest to ensure high standards of quality and safety.
Complying with our legal or regulatory obligations, and defending or exercising our legal rights where necessaryAll patientsAll personal data held by KD Pharma Group where necessary8 yearsArticle 6(1)(c) legal obligation and Article 9(2)(f)/(g) in the substantial public interest/or (Article 9(2)

Where we rely on Article 6(1)(f) our legitimate interests are as follows:

· Ensuring complaints and communications are handled appropriately

· Ensuring we provide and maintain a high level of quality of service

· Undertaking research on products and services

We receive personal data from several sources. If you are a patient participating in our research, we will receive information from your general practitioner or hospital care provider.

Sharing your personal data

In the context of Clinical Trials, we will only share your personal data with organisations involved with your care (for example your GP or hospital care provider), unless we have a legal obligation to share with another party. Where personal data will be shared outside the purposes of providing you care we will inform unless the law restricts us from doing so.

Your personal data will be transferred to Switzerland, European Economic Area (EEA) member states and the UK, all laws of which offer similar levels of data protection. Please refer to your research study privacy notices to understand how we process your personal data and if there are any transfers of data to our Processors outside of Switzerland, EEA and UK.

Further uses of personal data for corporate purposes:


Purposes of processingTypes of individualsTypes of personal dataRetention periodLawful basis
Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (eg tax or legal advice)Patients, staff members and partnersFinancial, contact details, name8 YearsArticle 6(1)(f) legitimate interest and6(1)(c) legal obligation
Provide information in relation to new services offered by KD Pharma Group as an existing client or potential new client, or to invite clients to participate in service development activities, advertisement.Individual’s registering interest and mail list subscribersName, contact details3 yearsArticle 6(1)(f) legitimate interest
Collect analytics to understand user numbers accessing website.All individuals access social media platforms that click on our advertsIP address, device address, time of day, length of time, what screens are visited1 year

Article 6(1)(f)

legitimate interest

Where we rely on Article 6(1)(f) our legitimate interests are as follows:

· Marketing our products, services and research.


If you are a visitor to our website, KD Pharma will also process personal data using cookies. KD Pharma to manage e.g. Cookie management tool.

Your data protection rights

GDPR allows various rights for people whose data is being processed. The rights are not absolute and so sometimes do not apply. Where you wish to exercise any of your rights, you may do so free of charge (unless in specific circumstances, where you will be informed in advance) by contacting us at, or We will respond within one month.

Details of the rights within UK GDPR are below. You will be informed if the right is available to you upon application:



GDPR Article 15

You may request a copy of the data held by us about you.


GDPR Article 16

If you think the data held by us is wrong and you may request that it is corrected.

Erasure (Right to be forgotten)

GDPR Article 17

You can request that your data is deleted by us.



GDPR Article 18

There are circumstances in which you may ask us to stop processing your data but we must otherwise keep the data. For example, where required by law.


GDPR Article 19

You can ask for a copy of your data in a format that can be readily transferred to another company.


GDPR Article 20

You can object to the processing of your personal data when we are relying on a legal obligation or public duty legal basis or where we are processing in our legitimate interest, especially for direct marketing.

Automated decisions

GDPR Article 22

Where a computer makes a decision about you without a human intervention, for example if an online loan application, you have the right to know how the decision was arrived at.


If you have any complaints regarding our use of personal data, please contact us by one of the above means. In the event we cannot resolve your complaint, you have the right to complain here. However, we would appreciate the chance to deal with your concerns before you approach the authority so please contact us in the first instance