Shenzhen Mindray Bio-Medical Electronics Co., Ltd, including its directly and/or indirectly controlled companies (hereinafter “Mindray”), is an organization with strong values of responsibility and integrity.
Mindray is committed to an environment where open, honest communications are the expectation, not the exception. We want you to feel comfortable, without fear of retaliation, in approaching our management in instances where you believe violations of company policies, regulations or standards have occurred.
We expect our employees and business partners to comply with all applicable laws and regulations that govern our activities around the world.
We are committed to conducting our business with honesty and integrity, and we expect all staff and the third parties Mindray does business with to maintain high standards of honesty and integrity.
We care about being a responsible partner in society, acting with integrity towards our employees, customers, business partners and shareholders, as well as the wider community. While pursuing our business objectives, we always strive to do this in a responsible manner to ensure we are doing the right thing.
We encourage our staff to report suspected wrongdoing as soon as possible, in the knowledge that their concerns will be taken seriously and investigated as appropriate, their confidentiality will be respected and that they will be protected against any form of retaliation.
Whistleblowing is the disclosure of information which relates to suspected wrongdoing or dangers at work that have occurred or are likely to occur. This may include (but is not limited to):
If you know of any ethical breaches regarding Mindray business, we invite you to report your concerns, confidentially, through Mindray Whistleblowing platform, a reporting website and toll-free telephone service. Your support will help us to live up to our aspirations for being a responsible business partner.
Mindray Whistleblowing group reporting channels are available 24 hours a day, 7 days a week, 365 days a year and in your local language. To ensure maximum confidentiality, Mindray Whistleblowing Group reporting system is hosted by a primary third-party international vendor outside Mindray organization. Our Whistleblowing group channels can be found following the link:
All reporting offices will maintain the confidentiality of the identity of i) the person providing the information, ii) the person that is subject of the reporting, and iii) every other mentioned person in the reporting. However, there can be exceptions to that principle of confidentiality, e.g. if the reporting person provides intentionally or grossly negligently incorrect information, or if information has to be disclosed at the request or order of law enforcement authorities, in an administrative proceeding or pursuant to a court decision.
We encourage you to identify yourself in order for us to follow up with questions we may have, but anonymous reports will also be accepted (unless not possible under local laws). Please consider that proper investigation may be more difficult or impossible if we do not know your identity and cannot obtain further information from you.
If your concern is reported via the Group Whistleblowing channels (hereinafter “Mindray Whistleblower channels”), please be informed that these channels are provided by Shenzhen Mindray Bio-Medical Electronics Co., Ltd. (in this Notice also referred to as “Mindray”). The website through which you may report a case is operated by an external independent operator (“External Provider”). In this case, the data controller of your personal data is Shenzhen Mindray Bio-Medical Electronics Co., Ltd, which is registered in China. The External Provider will be acting as Data Processor.
In this Notice, when we talk about personal data, we mean any information that relates to an identified or identifiable person – in this case, you or any other individual whose personal data is processed as part of a report submitted through Mindray Whistleblower system.
All personal data processed through the Mindray Whistleblower system will be done so in accordance with applicable legislation, including the EU General Data Protection Regulation (“GDPR”). You should read this Notice, so you know what personal data Mindray may collect about you, what Mindray do with it and how you can exercise your rights in connection with it. You should also read any other privacy notices that we give you, that might apply to our use of your personal data in specific circumstances from time to time.
Mindray may collect and use some or all of the following information for the purpose(s) described below:
- Personal details, such as your name, title and contact details;
- Personal details, such as names, titles and contact details related to individuals named in your report;
- A description of the alleged misconduct, as well as the circumstances involved (including the dates and locations involved);
- Any other relevant information.
Mindray will process the above information, including personal data, for the purposes of ensuring compliance with applicable legislation and internal policies, for the defense of legal claims and ensuring the well-being of Mindray personnel. In addition, we may require your personal data to comply with our regulatory monitoring and reporting obligations, including those related to adverse events, product complaints and patient safety. If you opted to report your concern via Mindray Whistleblowing channels and the reported matter that (allegedly) took place in a country where Mindray or its subsidiaries have designated a specific body or personnel as part of its organizational and control management system your report may also be shared or transmitted to them to allow such designated body or person to investigate the reported matter and undertake appropriate measures under the local law.
Our legal basis for collecting and using the personal data described above is our legitimate interest to investigate the report that you submitted to us. In some cases, we may also process personal data to satisfy a legal obligation. We will also assume that you are submitting a report on a voluntary basis and the relevant processing can be legitimately be based on your consent.
The information provided by you will be treated confidentially and only shared on a strict need-to- know basis. Personal data submitted as part of a report may be processed by the relevant personnel of Mindray, including authorised recipients and, depending on the nature of the report, members of e.g Human Resources, Finance, Audit, Legal and Compliance Personal data may also be shared with third parties, for example, the External Provider that operates Mindray Whistleblowing channels, and external advisors (for example, legal advisors) to assist with the investigation of any report submitted. In addition, your personal data might also be shared with competent law enforcement bodies, regulatory and trade associations, government agencies, courts or other third parties where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.
Finally, we also share information related to the usage of Mindray Whistleblowing channels with Mindray’s management and other group companies, however, this will never contain personal data and is restricted to statistical or aggregated data.
Mindray has contracted with External Provider to protect the confidentiality and security of your personal data. We use appropriate technical and organisational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the categories of personal data processed. International data transfers your personal data may be transferred outside of the European Economic Area (“EEA”). For example, in limited circumstances, to provide administrative services and for the purpose of translation by the External Provider, its subsidiaries or subcontractors. Those individuals may be located in the United States, the United Kingdom or elsewhere. Please note that countries outside of the EEA may not provide the same level of protection for your personal data as within the EEA. Where we transfer your personal data outside of the EEA, we ensure that appropriate safeguards are put in place and that all transfers of your personal data comply with applicable data protection laws. The appropriate safeguards that Mindray uses are based on the model clauses approved by the European Commission.
We retain personal data for as long as necessary where we have an ongoing legitimate need to do so (for example, to comply with applicable legal requirements).
Information relating to a report made via Mindray Whistleblowing system will be archived or deleted based on the following criteria: when the investigation has been closed and no further action is needed; when the time period for any relevant litigation has lapsed; and when our obligations for record keeping relating to investigations has lapsed.
You have the following rights regarding personal data processed by Mindray that may apply depending on the circumstances:
| Right | What does this mean? |
|---|---|
| 1. The right to be informed | You have the right to be provided with clear, transparent and easily understandable information about how your information is used and your rights. This is provided in this Notice. |
| 2. The right of access | You have the right to obtain access to your information (if an organisation is processing it), and certain other information (similar to that provided this Notice). |
| 3. The right to rectification | You are entitled to have your information corrected if it is inaccurate or incomplete. |
| 4. The right to erasure | This is also known as 'the right to be forgotten' and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for an organisation to keep using it. This is not a general right to erasure; there are exceptions (for example, where you have provided consent to processing, this applies only where you have withdrawn your consent, if we are processing in connection with performance of a contract or for compliance with law, this applies only where such data are no longer necessary and where we are relying on our legitimate interests this applies only if there are no overriding legitimate interests). |
| 5. The right to restrict processing | You have rights to 'block' or suppress further use of your information in certain circumstances. When processing is restricted, the relevant organisation can still store your information, but may not use it further. Please note that your right to restrict processing is limited in certain situations; for example, when we are processing personal data that we collected from you with your consent, you can only request restriction on the basis of inaccuracy of data or where our processing is unlawful and you don't want your personal data erased or you need it for a legal claim. You do not have this right where we are processing your personal data for compliance with law. |
| 6. The right to data portability | You have rights to obtain and reuse your personal data in a structured, commonly used and machine readable format in certain circumstances, which do not include where we are processing on the basis of legitimate interests or for compliance with law. |
| 7. The right to object | You have the right to object to certain types of processing, in certain circumstances such as when we rely on our legitimate interests. |
1. The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how your information is used and your rights. This is provided in this Notice.
2. The right of access
You have the right to obtain access to your information (if an organisation is processing it), and certain other information (similar to that provided this Notice).
3. The right to rectification
You are entitled to have your information corrected if it is inaccurate or incomplete.
4. The right to erasure
This is also known as 'the right to be forgotten' and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for an organisation to keep using it. This is not a general right to erasure; there are exceptions (for example, where you have provided consent to processing, this applies only where you have withdrawn your consent, if we are processing in connection with performance of a contract or for compliance with law, this applies only where such data are no longer necessary and where we are relying on our legitimate interests this applies only if there are no overriding legitimate interests).
5. The right to restrict processing
You have rights to 'block' or suppress further use of your information in certain circumstances. When processing is restricted, the relevant organisation can still store your information, but may not use it further. Please note that your right to restrict processing is limited in certain situations; for example, when we are processing personal data that we collected from you with your consent, you can only request restriction on the basis of inaccuracy of data or where our processing is unlawful and you don't want your personal data erased or you need it for a legal claim. You do not have this right where we are processing your personal data for compliance with law.
6. The right to data portability
You have rights to obtain and reuse your personal data in a structured, commonly used and machine readable format in certain circumstances, which do not include where we are processing on the basis of legitimate interests or for compliance with law.
7. The right to object
You have the right to object to certain types of processing, in certain circumstances such as when we rely on our legitimate interests.
Where your personal data is processed on the basis of your consent, you have the right to withdraw your consent at any time.
You also have the right to complain to a data protection authority about our collection and use of personal data.
Should you have any questions in regards to the protection of your personal data or if you wish to exercise your legal rights, please submit your query or contact Mindray by emailing: privacy@mindray.com