KRKA UK Ltd (hereafter: „Krka“) encourages the respect of fundamental rights and gives special attention to the protection and processing of personal data.
Krka is committed to safe and confidential processing of personal data concerning its employees, shareholders, contracting parties, website users and other interested parties. At the same time, Krka ensures that personal data is processed lawfully, fairly and in a transparent manner – and with respect to the rights of data subjects.
To implement its commitment, Krka adopted new Rules on personal data protection, which comply with the General Data Protection Regulation, GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council) and other applicable legislation. Non EU Krka Group Companies which do not process personal data of data subjects who are in the EU comply with local personal data protection legislation. These new Rules, together with several other internal rules and measures, represent the policy of the Krka Group, which ensures that personal data are collected and processed for specified purposes, complies with the principle of data minimisation, and ensures that personal data will only be stored for the time period necessary to achieve the purpose for which they were collected.
Our policy applies to all persons submitting any personal information to us: Krka employees, candidates for employment, shareholders, customers, suppliers, etc.
This policy is binding for any person or entity Krka cooperates with, or who acts in Krka's name and occasionally requires access to personal data. All employees at Krka and its subsidiaries must comply with it, and it is also binding for contractors, advisers and other external processors of personal data.
In order to be able to execute our processes, we also need to collect and process personal data. These include any data enabling the identification of a data subject, such as names, addresses, usernames and passwords, digital footprints, photographs, personal ID numbers, financial data, etc.
Krka collects such data in a transparent manner and only on the basis of full cooperation and awareness of interested parties. Once such data is obtained, the following rules apply:
Personal data collected by Krka shall be:
Personal data collected by Krka shall not be:
Apart from appropriate data handling, Krka also has a direct obligation to data subjects. In accordance with the GDPR and other applicable legislation on personal data protection, Krka shall ensure, among others, the following:
We hereby undertake to execute the following personal data protection activities:
Krka is ISO 27001 certified, which means that it implements good data protection practices in accordance with ISO 27001 – Information security management systems.
Krka's provisions on data protection are defined in the following documents:
Krka employees must strictly adhere to all principles described within this policy. The violation of rules on data protection may lead to disciplinary and other measures.