KD Pharma Group – Privacy notice
Introduction and summary of our privacy policy
The KD Pharma Group specialises in research and development which accelerate pharmaceutical and product development. KD Pharma respects your privacy and is committed to protecting your Personal Data. This Notice tells you how we look after your Personal Data, the privacy rights you have according to applicable laws (including the General Data Protection Regulation (GDPR)) and how the law protects you.
You can click on the links below to find out more information:
Controller
KD Pharma Group (referred to as KD Pharma Group, "we", "us" or "our" in this privacy policy) is a Controller of the personal data to which this privacy policy relates. This means that we are responsible for making sure that we process your personal data in a safe and lawful way.
We have appointed a data protection officer (“DPO”) whose role includes overseeing questions in relation to how we process your personal data. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact our DPO using the details set out below.
Contact details
Our contact details are:
Our full name: KD Pharma Group
Email address: info@kdpharmagroup.com
Our postal address: Via Campagna 30, 6934 Bioggio, Lugano.
Our outsourced DPO contact details are:
DPO contact name: Amy Ford
DPO email address: dpo@kdpharmagroup.com
When we process personal data in the UK or UK citizen data, we have a UK representative who can also be contacted if you have any questions or concerns on how your data is processed uk.kdpharmagroup@kdpc.uk, +44 (0)20 3637 1111 and www.kdpc.uk/kdpharmagroup
Personal data processed
We process the following personal data for the purposes listed. Where we use personal data, we will only use the minimum necessary personal data for that purpose.
| Purposes of processing | Types of individuals | Types of personal data | Retention period | Lawful basis |
| Project management, financial records | Partners, Clients/staff or staff of suppliers and organisations associated with client projects | Name, work email address, work telephone numbers. | 8 years after last payment | Article 6(1)(b) - contract |
| Financial records and account management | Suppliers | Name, work email address, work telephone numbers | 8 years after last supply | Article 6(1)(b) - contract |
| Marketing of products and services, invitation to events, networking | Potential clients and suppliers | Name, email address, telephone number, organisation, job title. | 2 years from last contact. | Article 6(1)(a) – consent. |
| Recruitment, benefits, employment, contract, sickness, holiday, pension, payroll, emergency contract in case of injury or illness. | Employees and contractors | Name, email address, telephone number, address date of birth, social security number, Emergency contact details. | 8 years after leaving | Article 6(1)(b) – contract |
| Pension, basic staff record to allow for factual employment verification. | Past staff | Name, email address, telephone number, address, birthday, social security number | We will follow the pension regulator retention schedule or employment law | Article 6(1)(c) legal obligation. |
| To conduct research | Patients who register their interest and participate and study team professionals who conduct the research | Name, contact details, study ID and health data. | 15 years (UK) 25 years (EEA) | Article 6(1)(f) – legitimate interest and Article 9(2)(j) research |
| To ensure our patients are safe throughout the research | Patients who participate in the research and study team professionals who conduct the research | Name, contact details, study ID and health data | 15 years (UK), 25 years (EEA) | Article 6(1)(c) legal obligation and Article 9(2)(i) in the public interest to ensure high standards of quality and safety. |
| Further research purposes | All patients who participated in the research and the study team professionals who conducted the research. | Health data | 15 years (UK), 25 years (EEA) | Article 6(1)(f) legitimate interest and Article 9(2)(j) research |
| Communicating regarding any concerns, queries or complaints | All patients | Name, contact details, any relevant information including health | 8 years | Article 6(1)(f) legitimate interest and Article 9(2)(i) in the public interest to ensure high standards of quality and safety. |
| Complying with our legal or regulatory obligations, and defending or exercising our legal rights where necessary | All patients | All personal data held by KD Pharma Group where necessary | 8 years | Article 6(1)(c) legal obligation and Article 9(2)(f)/(g) in the substantial public interest/or (Article 9(2) |
Where we rely on Article 6(1)(f) our legitimate interests are as follows:
· Ensuring complaints and communications are handled appropriately
· Ensuring we provide and maintain a high level of quality of service
· Undertaking research on products and services
We receive personal data from several sources. If you are a patient participating in our research, we will receive information from your general practitioner or hospital care provider.
Sharing your personal data
In the context of Clinical Trials, we will only share your personal data with organisations involved with your care (for example your GP or hospital care provider), unless we have a legal obligation to share with another party. Where personal data will be shared outside the purposes of providing you care we will inform unless the law restricts us from doing so.
Your personal data will be transferred to Switzerland, European Economic Area (EEA) member states and the UK, all laws of which offer similar levels of data protection. Please refer to your research study privacy notices to understand how we process your personal data and if there are any transfers of data to our Processors outside of Switzerland, EEA and UK.
Further uses of personal data for corporate purposes:
| Purposes of processing | Types of individuals | Types of personal data | Retention period | Lawful basis |
| Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (eg tax or legal advice) | Patients, staff members and partners | Financial, contact details, name | 8 Years | Article 6(1)(f) legitimate interest and6(1)(c) legal obligation |
| Provide information in relation to new services offered by KD Pharma Group as an existing client or potential new client, or to invite clients to participate in service development activities, advertisement. | Individual’s registering interest and mail list subscribers | Name, contact details | 3 years | Article 6(1)(f) legitimate interest |
| Collect analytics to understand user numbers accessing website. | All individuals access social media platforms that click on our adverts | IP address, device address, time of day, length of time, what screens are visited | 1 year | Article 6(1)(f) legitimate interest |
Where we rely on Article 6(1)(f) our legitimate interests are as follows:
· Marketing our products, services and research.
Cookies
If you are a visitor to our website, KD Pharma will also process personal data using cookies. KD Pharma to manage e.g. Cookie management tool.
Your data protection rights
GDPR allows various rights for people whose data is being processed. The rights are not absolute and so sometimes do not apply. Where you wish to exercise any of your rights, you may do so free of charge (unless in specific circumstances, where you will be informed in advance) by contacting us at dpo@kdpharmagroup.com, or uk.kdpharmagroup@kdpc.uk We will respond within one month.
Details of the rights within UK GDPR are below. You will be informed if the right is available to you upon application:
| Right | Meaning |
Access GDPR Article 15 | You may request a copy of the data held by us about you. |
Rectification GDPR Article 16 | If you think the data held by us is wrong and you may request that it is corrected. |
Erasure (Right to be forgotten) GDPR Article 17 | You can request that your data is deleted by us.
|
Restriction GDPR Article 18 | There are circumstances in which you may ask us to stop processing your data but we must otherwise keep the data. For example, where required by law. |
Portability GDPR Article 19 | You can ask for a copy of your data in a format that can be readily transferred to another company. |
Objection GDPR Article 20 | You can object to the processing of your personal data when we are relying on a legal obligation or public duty legal basis or where we are processing in our legitimate interest, especially for direct marketing. |
Automated decisions GDPR Article 22 | Where a computer makes a decision about you without a human intervention, for example if an online loan application, you have the right to know how the decision was arrived at. |
Complaints
If you have any complaints regarding our use of personal data, please contact us by one of the above means. In the event we cannot resolve your complaint, you have the right to complain here. However, we would appreciate the chance to deal with your concerns before you approach the authority so please contact us in the first instance