The Open Drug & Disease Platform (opdp.org) recognizes the paramount importance of safeguarding personal data in accordance with the General Data Protection Regulation (GDPR), even though our primary operational jurisdiction is within the United States of America. We are committed to upholding the rights and freedoms of data subjects by adhering strictly to fair, transparent, and lawful data processing practices. Our platform collects personal information such as names, email addresses, and usage data for the purposes of facilitating platform functionalities, improving user experience, and ensuring the security and integrity of our services. All data collected is processed with strict confidentiality, utilized solely for its intended purposes, and retained no longer than necessary to accomplish those objectives. Data processing practices are continuously reviewed and updated to reflect the latest regulatory requirements, and extensive staff training is maintained to uphold these high standards. Users are informed about the specific categories of data collected at the point of data entry, and explicit consent is sought prior to any data collection beyond what is essential for standard operation.
We ensure that all personal data processed on opdp.org is undertaken only when there is a clear and legitimate legal basis as outlined under the GDPR framework and applicable United States laws. Our primary lawful bases for data processing include the fulfillment of contractual obligations, compliance with legal requirements, explicit user consent, and the legitimate interests pursued by opdp.org. When data is collected based on consent, users reserve the right to withdraw such consent at any time without adverse impact on their access to our core services. In every instance, we take great care to balance our legitimate interests against the fundamental rights and freedoms of individuals, ensuring that privacy and autonomy are never compromised. Additionally, where processing is required to comply with statutory obligations or to protect the vital interests of users or others, we undertake such measures diligently and with due proportionality.
We are dedicated to empowering our users with comprehensive rights pertaining to their personal data under the GDPR and applicable American privacy laws. These rights include, but are not limited to, the right to access, rectification, erasure, restriction of processing, data portability, and objection to processing. Users may also request a detailed account of the categories and specific pieces of personal information we process, and may seek correction of any inaccuracies in their records. Additionally, users have the right to lodge complaints with relevant supervisory authorities should they believe their data rights have been infringed. We have implemented robust internal procedures to handle such requests swiftly, and to provide clear guidance on exercising data rights through simple, accessible channels. Our dedicated privacy team remains on standby to facilitate these processes, ensuring all queries are addressed thoroughly and transparently.
Protecting the personal data of our users is of the utmost priority at opdp.org, and we employ a wide array of technical and organizational measures to maintain data integrity, confidentiality, and availability. These measures include but are not limited to strong encryption, secure access controls, multifactor authentication, routine vulnerability assessments, and adherence to industry-standard cybersecurity protocols. We also ensure that all staff and third-party service providers with access to personal information are bound by stringent confidentiality agreements and receive regular security awareness training. Our disaster recovery and incident response frameworks are regularly tested to ensure the rapid and effective handling of any potential data breaches. Should a data breach affecting personal data occur, we are committed to providing prompt notification to affected users and relevant authorities, in full compliance with applicable legal requirements.
Personal data submitted to opdp.org is retained only for as long as necessary to fulfill the established purposes for which it was collected, or as required by law. We have developed a comprehensive retention schedule that classifies and manages data based on its nature, sensitivity, and the associated legal or operational requirements. Once the retention period has expired or the underlying purpose has been fulfilled, all personally identifiable information is securely erased or rendered anonymous using industry-standard techniques. We periodically review our retention protocols to prevent unnecessary accumulation of user information and to support users’ rights to control their data. Related records of consent and user rights requests are also maintained for appropriate durations to comply with regulatory obligations and to facilitate robust audit trails.
Given that the owner and administrative operations of opdp.org are based in the United Kingdom, while our users comprise both US and international audiences, data transfers may at times occur across borders. We employ appropriate safeguards, including standard contractual clauses and data processing agreements, to ensure that these transfers comply with the rigorous requirements of the GDPR and other relevant privacy frameworks. Our commitment to maintaining adequate data protection standards is unwavering, and all transfers are evaluated on a case-by-case basis to uphold the security and privacy of user information. Whenever possible, data is stored within geographic regions that offer a high level of data protection and are compliant with international protocols. Users who have concerns regarding cross-border data transfers or wish to obtain further clarification may contact our data privacy team for additional information.
Opdp.org is not designed or intended for use by children under the age of 16, and we do not knowingly collect, process, or store personal information from minors without verified parental or guardian consent. We reserve the right to remove or anonymize such information immediately upon identification to ensure compliance with legal requirements. In addition, we handle any special categories of personal information—such as health-related data—with heightened caution and in strict accordance with applicable regulations. Explicit consent will always be acquired when processing such sensitive data, and additional security measures are enforced to guarantee its protection.
Your personal information will only be shared with carefully screened third parties and service providers when absolutely necessary for the provision of our services, fulfillment of contractual or legal requirements, or with your explicit authorization. All partners and vendors are subject to rigorous data protection standards and are contractually obligated to act solely under our instructions, maintaining the highest levels of confidentiality and security. We conduct regular audits and due diligence assessments to ensure compliance and to identify potential risks in data-sharing arrangements. Under no circumstances will your personal data be sold or shared for marketing purposes without your explicit, informed consent. Where legally compelled to disclose information to regulatory authorities or law enforcement, such disclosures will be made only following a thorough legal assessment and with minimal intrusion to your privacy.
For any questions, concerns, or requests regarding personal data protection, GDPR compliance, or the exercise of individual privacy rights, users are encouraged to contact the owner and data controller, Molissa Jordan, using the following information:
Molissa Jordan
University of Glasgow
University Avenue
Glasgow
G12 8QQ
United Kingdom
Email: [email protected]
We strive to respond to all communications in a timely and comprehensive manner, providing the necessary information and support to ensure your satisfaction with our data protection practices. Your trust is vital to us, and we endeavor to uphold transparency and accountability at all times.