UKUnited Kingdom | Global Site Back To Top More

Privacy Notice

1. Overview

This Privacy Notice (“Notice”) defines the manner in which Mindray International Co., Ltd. based in Shenzhen, China and its European affiliate  Mindray UK Limited based at Mindray House, Kingfisher Way, Hinchingbrooke Business Park, Huntingdon, Cambs, PE29 6FN (“Company” or “we/us”) process Personal Information (as defined below) that pertains to its Suppliers, Clients and Websites Users, as respectively defined below (collectively, the “Data Subjects” or “you/your”). This Notice does not apply to Employees (i.e. employees, temporary workers, secondees, agents or former employees of the Company or candidates whom the Company may potentially employ or contract with).

This Notice applies to all categories of personal data of Data Subjects received and generated by the Company whether in electronic, paper or oral recorded format (“Personal Information”).

We collect and process your personal data in accordance with all applicable data protection laws and regulations, including, without limitation, the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 (“GDPR“), as well as the laws, orders and guidelines issued by the competent data protection authorities, as applicable (the “Data Protection Laws“).

In summary:

  1. We will not collect Personal Information without the Data Subjects’ knowledge or without a legal basis to do so. This Notice sets forth the purposes for which we collect and use Personal Information, how to contact us with any enquiries or complaints, the types of third parties to which we disclose the information, Data Subjects’ rights in respect of their Personal Information and the choices and means available for limiting its use and disclosure.
  2. We will not disclose Personal Information to third parties except as provided in this Notice.
  3. We may transfer Personal Information outside of the European Union, to other jurisdictions that may or may not have equivalent laws protecting Personal Information; if we transfer Personal Information outside of the European Union, we will take appropriate measures to abide by the originating company’s local laws and to protect the Personal Information we transfer.
  4. We have appropriate technical and organisational measures in place to protect the security of Personal Information we hold from loss, misuse and unauthorised access, disclosure, divulgence, alteration and destruction.
  5. We will allow Data Subjects to exercise their rights in accordance with Data Protection Laws and within its limits including, without limitation the rights to access, correct or remove Personal Information upon request.
  6. We will regularly review how we are meeting these privacy promises, and we will provide an independent specific way to resolve complaints about our privacy practices.

2. Scope of Notice

 This Notice applies to Personal Information related to physical persons within these categories:

Specific sections of this Notice are dedicated to a single category of Data Subject where expressly indicated.

3. Modifications and Updates

This Notice may need to be modified from time to time as necessary in the future to reflect changes in circumstances. We may provide Data Subjects with a new version when any substantial updates are made. The Data Subjects can access the most recent version at any time by visiting the Company Website, or by contacting the Company at the address or contact details indicated in the Notice.

4. Personal Information Collected, Purposes and Legal Basis

a) Cookies and browser data (website users)

When visiting and using the Website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server, which are technically necessary for us to display our website to you and to guarantee stability and security.

We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Mindray Group or to external service providers, contractors (e.g. hosting, content management system) in accordance with the purposes required (for displaying the website and setting up its content).

Legal basis: Art. 6 (1) b GDPR.

In addition to the aforementioned data, cookies and other similar storage technologies (hereinafter referred to as “Cookies”) are stored on your computer when visiting and using our website. Cookies are small text files that are stored by your browser on your device to save certain information. The next time you visit our website on the same device, the information saved in the cookies will subsequently be transmitted either to our website (“First Party Cookie”) or to another website to which the cookie belongs (“Third Party Cookie”).

Through the information saved and returned, the respective website recognises that you have already accessed and visited it with the browser you use on that device. We use this information to be able to design and display the website in an optimum way in line with your preferences. In that respect, only the cookie itself is identified on your device. Beyond this extent, your personal data will only be saved upon your express consent or if it is strictly necessary to be able to use the service offered to and accessed by you accordingly.

This website uses the following types of cookies, the scope and functionality of which are explained below:

These are cookies that guarantee functions without which you cannot use our web pages as intended. These cookies are used exclusively by us and are therefore first party cookies.

Legal basis: Art. 6 (1) b GDPR.

These cookies enable our website to store information already provided (such as language selection) and to offer you improved and more personalised functions based on this information. These cookies collect and store only anonymous information so that they cannot track your movements on other websites.

Our website uses functionality cookies for:

  1. Remembering information on the various pages, e.g. downloading brochures so that you don’t have to fill in all your details repeatedly
  2. Passing on information from one page to the next, for instance if a long survey is being filled in or if you need to fill in a large number of details
  3. Storing preferences such as language, location, the number of search results to be displayed etc.
  4. Storing settings for optimal video display, such as buffer size and your screen’s resolution details
  5. Reading your browser settings so that we can display our website optimally on your screen
  6. Locating misuse of our website and services, for example by recording several consecutive failed log-in attempts
  7. Loading the website evenly so that it remains accessible
  8. Making it possible to place a reaction on our website.

Legal basis: Art. 6 (1) b GDPR.

These cookies gather information about the surfing behavior of visitors to our websites, such as which pages are visited often and whether visitors receive error messages. By doing this we are able to make the structure, navigation and content of the website as user-friendly as possible for you. We do not link the statistics and other reports to third parties. We use cookies for:

  1. Keeping track of the number of visitors to our web pages
  2. Keeping track of the length of time that each visitor spends on our web pages
  3. Determining the order in which a visitor visits the various pages on our website
  4. Assessing which parts of our site need to be improved
  5. Optimising the website

Legal basis: Art. 6 (1) b GDPR.

Cookies, which are neither strictly necessary (Type A) nor functionality or performance cookies (Type B) will be used only upon your express consent, e.g. marketing cookies. We use:

  1. Cookies for behaviour-related content of a web page
  2. Cookies for sharing the content of our website via social media. Logged-in users of selected social media to share and like certain content from our website directly.

These social media parties may also collect your personal data for their own purposes. Mindray has no influence over how these social media parties make use of your personal data. For more information regarding the cookies set by the social media parties and the possible data that they gather, please refer to the privacy statement(s) made by the social media parties themselves. Below we have listed the privacy statements of the Social Media channels that are used the most by Mindray:

Legal basis: consent (Art. 6 (1) a GDPR).

Please be aware that Mindray currently does not make use of a technical solution that would enable us to respond to your browser’s ‘Do Not Track’ signals.

Administration and deletion of all cookies: You can set your web browser in such a way that cookies are generally prevented from being saved to your device and/or that you are asked each time whether you are in agreement with cookies being enabled. You can also at any time delete cookies that have been enabled again. You can find out how all this works in detail from your browser’s help function.

Please note that generally deactivating cookies may lead to functional restrictions of our website.

b) Administrative information (clients and suppliers)

Throughout a Client or Supplier relationship with the Company and for as long a period as is necessary following the termination of such relationship, the Company may generate, collect and keep records that may include, without limitation, all or some of the following categories of Personal Information for the purposes described below:

We collect administrative information of Suppliers and Clients to:

– select Suppliers and Clients;

– negotiate, enter into or execute a contract;

– fulfill obligations established by law, by regulations and by community legislation, including tax and/or accounting obligations;

– acquire information preliminary to the conclusion of contracts;

– fulfill, before the conclusion of the contract, specific requests from the Supplier or Client;

– perform obligations deriving from the contract concluded;

– provide a service or allow the supply of the same;

– answer questions and requests for information,

– exercise rights in court, in case of judicial proceedings, requests from courts and competent authorities or in relation to other legal obligations and if Mindray in good faith believes that the processing of Personal Data is necessary to fulfill obligations deriving from the legislation applicable and to protect and defend Mindray’s rights and property.

Legal basis: we process this information on the basis that it is necessary for the performance of the contract (Art. 6 (1) b GDPR), or that it is in the Company’s legitimate interests to do so in ensuring its business is run efficiently (Art. 6 (1) f GDPR).

c) Financial information (clients and suppliers)

The Company may collect and keep records that may include, without limitation, Bank account details or other account where Clients’ or Suppliers’ compensations are paid.

We collect financial information to pay a Client or Supplier in accordance with the terms of their contract. We process this information on the basis that it is necessary to perform the contract (Art. 6 (1) b GDPR), or it is necessary to comply with the Company’s legal obligations under tax legislation (Art. 6 (1) c GDPR).

d) Personal information for inquiry and marketing purposes

The Company may collect the following information for contact purposes

When contacting or communicating with us, e.g. by email or via contact form on our website, the data you provide will be stored and processed by us in order to answer your questions, requests or for the purpose of business related correspondence. We delete the data arising in this context once storage is no longer necessary, unless statutory retention obligations exist or periods of limitation must be observed.

We may transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Mindray Group or to external service providers, contract processors (e.g. cloud hosting, service providers) if necessary and in accordance with the purposes required (e.g. for establishing contacts, business related correspondence, customer care, etc.).

Legal basis: Art. 6 (1) b GDPR.

– Newsletter and marketing communications

With your explicit consent ,when required, we may process Personal Information to send the Company’s Newsletter or other marketing communications. Consent may be provided by you in various ways, e.g. through the specific Website section, in writing to member of our staff during events, etc. Consent for the newsletter is optional and not necessary to receive other services from Mindray.

The newsletter contains news and further information on the Mindray products.

By subscribing to the newsletter or providing your consent for marketing purposes you may receive personalised information about the products, services or events of the Company by e-mail or phone, according to the preferences selected.

The data may be forwarded to our cloud management system and customer platform, which other Group Companies and/or service providers may also access to support and implement the marketing communications.

The collected data are deleted after 12 months or 24 months or in the lack of a new consent as requested. If you no longer wish to receive the newsletter, you can unsubscribe at any time. Click on the link contained in each newsletter, you will then be guided through the unsubscribe process, or send us your withdrawal by email.

Legal basis: Consent (Art. 6 (1) a GDPR).

e) Sensitive personal data of data subjects

During the Supplier’s selection process, the relationship with Clients, or the interaction with Website Users, the Company may receive Personal Information that contains Sensitive Personal Data, namely:

Sensitive Personal Data are collected merely if received by the Data Subjects.

We may also collect a limited amount of criminal convictions data where the law allows us to do so and to extent allowed. This will usually be where such processing is necessary to carry out our legal obligations or ethical due diligence and provided we do so in line with our data protection and retention policy.

5. Notice

1. How we collect personal information

We generate, collect and maintain Personal Information in connection with the Data Subject’s relationship, and as permitted or required by applicable law, for the legal bases identified above.

We obtain most Personal Information in the forms and applications that the Data Subject fills out in connection with his/her relationship with the Company.

We may obtain some Personal Information from third parties, including when we receive contact details for marketing purposes or where local law requires Data Subjects to provide his/her name to our service providers. In these cases, we inform Data Subjects of this Notice and use of the data at the time of first contact or no later than 1 months after receiving the personal data.

6. Choice – Recipients

From time to time, we may need to disclose some Personal Information we process about Data Subjects to relevant third parties as listed below, in order to perform our obligations under  a contractual relationship, in order to comply with our legal obligations or on the basis that it is in our legitimate interests to do so, in ensuring our business is run efficiently.

Any recipient or third party receiving the data by the Company, is a data processor duly authorised by us or an autonomous data controller, with the only exceptions provided by the Data Protection Laws.

a) The non-EU jurisdiction is on the EU Commission’s adequacy decision list; or

b) The Company has taken measures by way of appropriate safeguards for the data subject, which may consist of binding corporate rules approved the supervisory authority, standard data protection clauses adopted by the EU Commission or adopted by a supervisory authority and approved by the EU Commission, codes of conduct approved by a supervisory authority or the EU Commission, certification mechanism approved by supervisory authority, or contractual clauses authorised by a supervisory authority.

Please note that in the absence of an adequacy decision pursuant to Article 45(3) of the GDPR, or if appropriate safeguards pursuant to Article 46 of the same rule, the Company may still transfer Personal Information to non-EU jurisdictions only on one of the following conditions:

a) The Data Subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards;

b) The transfer is necessary for the performance of a contract between the Data Subject and the Company or the implementation of pre-contractual measures taken at the Data Subject’s request;

c) The transfer is necessary for the conclusion or performance of a contract concluded in the interest of the Data Subject between the Company and another natural or legal person;

d) The transfer is necessary for important reasons of public interest;

e) The transfer is necessary for the establishment, exercise or defence of legal claims;

f) The transfer is necessary to protect the vital interests of the Data Subject or of other persons, where the Data Subject is physically or legally incapable of giving consent;

g) The transfer is made from a register which according to the European Union or Member State law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by European Union or Member State law for consultation are fulfilled in the particular case.

Personal Information may be transferred to and processed by, or on behalf of, entities in the Mindray’ group that are based outside of the European Union. Each such entity has adopted, for the protection of our Data Subjects’ Personal Information, a Notice and procedures that are consistent with the provisions of this Notice.

7. Onward Transfer

From time to time we may transfer Personal Information to third parties outside of the European Union but only if the third party (whether controller or processor) has provided appropriate safeguards. The appropriate safeguards may be provided for by: (1) binding corporate rules or (2) the European Commission’s standard data protection clauses.

8. Conditions to a Transfer of Disclosure 

When the Company shares Personal Information with another entity, the Company requires this other entity to agree in writing:

9. Security

The Company has appropriate technical and organisational measures in place to maintain physical, procedural, and technical security in its offices, information systems, and information storage facilities to protect Personal Information from loss, misuse, unauthorised access, erroneous disclosure, alteration, or destruction. We restrict access to Personal Information to those individuals who need access to that information to assist us in performing our duties and obligations.

The Company requires employees with access to Personal Information to keep it strictly confidential, to access it only on a need to know basis, and not to use it or to disclose it to third parties other than as permitted under this Notice, or as permitted or required by the applicable law. Failure to do so, such as unauthorised, inappropriate, or excessive disclosure of Personal Information about individuals, will be regarded as serious misconduct and will be dealt with in accordance with the Company’s disciplinary procedures.

Data Subjects acknowledge that transmission over the Internet is never completely secure or error-free. Because of this, we cannot and do not guarantee the security of Personal Information that the Data Subject provides to us when in transit through the Internet. Thus, when submitting Personal Information to the Company through an Internet connection, the Data Subject must weigh both the benefits and the risks before submission.

10. Data Integrity and Accuracy

The Company is committed to collecting only Personal Information that is relevant for the purposes for which it is to be used as listed above. The Company is also committed to ensuring that Personal Information is not processed in a way that is incompatible with the purposes for which it has been collected or subsequently authorised by a Data Subject.

To the extent necessary for these purposes, the Company takes reasonable steps to ensure that all Personal Information is reliable, accurate, complete, and current.

11. Data Subjects’ Rights

According to Data Protection Laws and within its limits, the Data Subject has the following rights:

If the Data Subject wishes to have access to the Personal Information about him/her that we hold, the Data Subject should contact us as set forth in the section “How to Contact Us” below. We will process all requests for access within the time frames defined by applicable law (and if no such time frames are specified, within a reasonable time period).

12. Storage and Retention of Personal Information

We retain Personal Information and dispose of it in paper and electronic format, in a form that allows the identification of the Data Subjects, for a period of time not exceeding the achievement of the purposes for which they are processed or in accordance with Data Protection Laws and this Notice. Personal Information may also be stored in a cloud environment with a server located in Germany.

We may also need to retain certain Personal Information to prevent fraudulent activity, to protect ourselves against liability, permit us to pursue available remedies, or limit any damages that we may sustain, or if we believe in good faith that an order, law, regulation, rule or guideline requires such retention.

13. Data Controller – How to Contact us

The controller of the personal data that are collected when using the Website is Mindray International Co., Ltd..

The controller of the personal data that are collected for marketing activities outside the Website and for the processing of all Personal Information of Clients and Suppliers is Mindray UK Limited based at Mindray House, Kingfisher Way, Hinchingbrooke Business Park, Huntingdon, Cambs, PE29 6FN .

To access any of the rights mentioned in section 11 and contact the Data Controller, please write at privacy@mindray.com or the address indicated above.