Here is your English translation, keeping the original structure and formatting intact:
KRKA Slovensko, s.r.o. (hereinafter referred to as “Krka”) supports the observance of fundamental rights and pays special attention to the protection and processing of personal data.
Krka is committed to the secure and confidential processing of personal data relating to its employees, shareholders, contractual partners, website users, and other stakeholders. At the same time, Krka ensures that personal data is processed lawfully, fairly, and transparently, with respect for the rights of data subjects.
To fulfill this commitment, Krka has adopted new data protection rules that comply with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679 of the European Parliament and of the Council) and other applicable legal regulations.
Together with several additional internal rules and measures, these policies represent the Krka Group’s principles, ensuring that personal data is collected and processed for specified purposes, follows the principle of data minimization, and is stored only for the period necessary to fulfill the purpose for which it was collected.
Our policies apply to all individuals who have provided us with personal data: employees, job applicants, shareholders, customers, suppliers of Krka, etc.
These policies are binding for every individual or entity with whom Krka cooperates or who acts on behalf of Krka and may occasionally require access to personal data. All employees of Krka and its subsidiaries must comply with these policies, and they are also binding for suppliers, consultants, and other external data processors.
Our processes require the collection and processing of personal data. This includes all data that enables identification of a data subject, such as names, addresses, usernames and passwords, digital footprints, photographs, personal identification numbers, financial data, etc.
Krka collects such data transparently and only with the full cooperation and awareness of the stakeholders. Once the data is obtained, the following rules apply:
Data collected fairly and exclusively for legitimate purposes;
Accurate and up-to-date data;
Data processed within legal and ethical frameworks;
Data protected against unauthorized or unlawful access by internal or external parties.
Data transferred outside Krka without a legal basis;
Data stored longer than specified;
Data transferred to organizations or countries without adequate data protection rules;
Data disclosed to a party other than the one for which consent was given (except for legitimate requests from law enforcement authorities).
In addition to proper data processing, Krka has a direct obligation toward data subjects. Under the GDPR and other applicable data protection regulations, Krka is required, among other things, to ensure:
Information for each individual regarding their personal data, i.e., categories of data collected, purpose of collection, retention period, whether data is shared, etc.;
Correction of inaccurate personal data;
Deletion of personal data where conditions are met (e.g., withdrawal of consent);
Procedures in case of data loss, damage, or compromise.
We commit to implementing the following data protection activities:
Restricting and controlling access to special categories of personal data;
Developing and implementing transparent data collection procedures;
Training employees on personal and technical security measures;
Creating a secure network to protect data from cyberattacks;
Establishing clear procedures for reporting data breaches or fraud;
Including contractual clauses or clear instructions regarding data processing;
Implementing best practices in data protection (clean desk and clean screen policies, document shredding, secure locking, encryption, regular backups, access permissions, etc.).
Krka holds ISO 27001 certification, meaning it applies best practices in data protection according to the ISO 27001 Information Security Management Systems standard.
Krka’s data protection provisions are defined in the following documents:
Specific privacy policies on our website;
Data protection policies describing the overall system of personal data protection;
Addendum to general data protection procedures, including a summary of technical and organizational security measures;
Records of personal data processing – descriptions of data processing systems.
Employees of Krka must strictly comply with all rules described in these policies. Violations of data protection rules may result in disciplinary and other measures.
