Personal Data Processing Notification
This notification refers to personal data processing by the processor STADA IT SOLUTIONS DOO Vršac.

STADA IT SOLUTIONS DOO Vršac processes personal data only of such data subjects whom it contacts to perform its business operations, either by collecting data directly from such persons, via their employers, sub-contractors, business partners or third parties, if applicable.

Personal data are processed by STADA IT SOLUTIONS DOO Vršac always in accordance with the principle of retention period limitation, within the minimum period in which it is important that the persons whom the data refer to are identifiable for purpose of meeting the specific purposes of the company.

The rules governing the personal data processing by STADA IT SOLUTIONS DOO Vršac include but are not limited to the following main categories of personal data subjects and personal data types:

1. Employees and persons engaged under temporary and occasional service contracts, former employees and pensioners

STADA IT SOLUTIONS DOO Vršac processes personal data of employees and persons engaged under temporary and occasional service contracts, as well as personal data of former employees and pensioners and members of their families, primarily for the purpose of implementing and complying with the relevant regulations governing the procedure with such type of data, including but not limited to regulations in the field of labour and records in the field of labour, pension, disability, health and social insurance, tax and accounting regulations, regulations in the field of occupational safety and protection, as well as corresponding industry regulations governing data processing in the pharmaceutical industry and other industry regulations.

The data of employees and other employees are also processed to the extent necessary for the conclusion and performance of an adequate contract with such persons. Data of this category of persons are processed also on the basis of their consent always when such consent is required to be obtained according to the applicable regulations, i.e. on the basis of a legitimate interest, if such a legitimate interest exists.

2. Employees and persons engaged under temporary and occasional service contracts from STADA Group

For the purpose of internal reporting and budgeting procedures, STADA IT SOLUTIONS DOO Vršac has a legitimate interest in processing personal data of persons employed or engaged by other companies within Stada Group, in accordance with the established in-house rules and procedures, as well as regulations applicable to the subject personal data.

3. Persons applying for a job, i.e. contractual engagement outside employment

Personal data of persons applying for a job, i.e. contractual engagement outside employment relation or internship are processed only to the extent necessary for the effective performance of the candidate recruitment and selection process, while observing the interests of STADA IT SOLUTIONS DOO Vršac and freedoms, rights, and interests of a candidate. Candidates who have failed the selection process and whose data have been collected for such purposes are granted all the rights they are entitled to on the grounds of the applicable regulations.

4. Persons entering the STADA IT SOLUTIONS DOO Vršac company area

STADA IT SOLUTIONS DOO Vršac has a legitimate interest in processing personal data of all persons entering the company area and business premises of STADA IT SOLUTIONS DOO Vršac, regardless of the site, and keeping records of such visits in accordance with all applicable regulations, including but not limiting to regulations governing personal security and video surveillance.

5. Business associates and natural persons engaged by business associates – legal entities

For the purpose of organizing business operations, STADA IT SOLUTIONS DOO Vršac collects personal data from natural persons acting independently, as well as natural persons employed with business partners (legal entities) and prospective business partners, i.e. persons engaged by them on other grounds. The subject processing is carried out for the purpose of not only concluding such contracts, but also their performance and meeting all legal obligations which STADA IT SOLUTIONS DOO Vršac has with regard thereto. If a contractual party is not a natural person but a legal entity that has engaged it, STADA IT SOLUTIONS DOO Vršac shall have a legitimate interest in personal data processing to the extent necessary for the contract to be performed.

If certain personal data are not required for concluding and performing a contract with a particular natural person who is the data subject, such personal data can be processed even if STADA IT SOLUTIONS DOO Vršac has a legitimate interest in performing a relevant processing, because otherwise the performance of the contract would be impaired, and the subject processing affects neither rights nor interests of the person whom the data refer to.

Personal data of business associates and natural persons engaged by business associates can also be processed if such persons have given a valid consent for the purpose that is not related to the performance of the contract, in accordance with the applicable regulations.

6. Natural persons with whom regular and appropriate business and partner relations are maintained

STADA IT SOLUTIONS DOO Vršac processes data of natural persons with whom regular and appropriate business and partner relations are maintained, both individuals and persons engaged by or representing other legal entities, institutions or authorities, but only to the extent necessary and appropriate for this purpose (sending invitations for celebrations and events, sending suitable and usual gifts, sending promotional material), while observing all principles of data processing, applicable regulations and in-house rules.

7. Taking photos of natural persons at events organized by STADA IT SOLUTIONS DOO Vršac

Photographs can be taken of natural persons - event participants, both from the category of employees and other engaged persons, as well as third parties invited to such events organized by STADA IT SOLUTIONS DOO Vršac. It shall be considered that the personal data processing in such a manner is carried out on the basis of the legitimate interest of companies for the reporting purposes to its employees, other engaged persons, business partners, and general public, as long as such processing is in accordance with established and general practice in the field of STADA IT SOLUTIONS DOO Vršac operations, whereby the persons to whom the data relate will be granted all rights pursuant to the applicable regulations.

8. Rights of data processing subjects

Natural persons whose personal data is processed can exercise the following rights towards STADA IT SOLUTIONS DOO Vršac in line with applicable data protection legislation:

• Right to information
• Right to access/copy
• Right to rectification
• Right to restriction of processing
• Right to objection
• Right to deletion / “right to be forgotten”
• Right of appeal

In order to assert one of the rights listed above, the respective natural person can contact STADA IT SOLUTIONS DOO Vršac at any time.

If the processing of personal data is based on a consent, the person in question has the right to object / withdraw his/her consent at any time, with effect for the future. The legality of the processing based on the consent until the withdrawal of the consent remains unaffected. Given consent can of course be cancelled under the following address at any time with effect for the future:

STADA IT SOLUTIONS DOO
Beogradski put bb
26300 Vršac, Serbia
E-mail: privacy@stadaitsolutions.com

Furthermore, the natural person has the right to complain to the data protection supervisory authority regarding processing of his/her personal data. The contact details of the supervisory authority can be accessed at https://www.poverenik.rs/sr/

9. Transfer

We transfer your personal data to the following categories of recipients:

• IT service providers
• Employees of affiliates of STADA Arzneimittel AG on a case-by-case basis depending on need-to-know principle
• Courts, public authorities or other public bodies in case necessary
• Service providers in course of investigations (e.g. law firms or auditing companies)
• Processors bound by instructions in accordance with Art. 45 of the Law on Protection of Personal Data, of the Republic of Serbia and Art. 28 GDPR

Your data will mainly be processed in Serbia. However, access to the data by foreign recipients is possible. If individual service providers or affiliated companies are located outside the EU, there may not be an adequate level of data protection compared to the level of data protection within Serbia or the European Union. This means that the data protection laws in this country, to which your data may be transferred, do not offer the same protection as in Serbia or EU. We have therefore taken appropriate protective measures to ensure data protection: a global Group-wide Code of Conduct, standard contracts for contract processing or standard contract clauses within the STADA Group and with external service providers.

10. Contact

If you have any questions or comments regarding this Personal Data Processing Notification, please contact us at privacy@stadaitsolutions.com
CONTACT
STADA GIS Serbia
Kneza Miloša 90A
11000 Beograd
Beogradski put bb
26300 Vršac
INFO