This Privacy Notice (“Notice”) defines the manner in which Mindray International Co., Ltd. based in Shenzhen, China and its European affiliate Mindray UK Limited based at Mindray House, Kingfisher Way, Hinchingbrooke Business Park, Huntingdon, Cambs, PE29 6FN (“Company” or “we/us”) process Personal Information (as defined below) that pertains to its Suppliers, Clients and Websites Users, as respectively defined below (collectively, the “Data Subjects” or “you/your”). This Notice does not apply to Employees (i.e. employees, temporary workers, secondees, agents or former employees of the Company or candidates whom the Company may potentially employ or contract with).
This Notice applies to all categories of personal data of Data Subjects received and generated by the Company whether in electronic, paper or oral recorded format (“Personal Information”).
We collect and process your personal data in accordance with all applicable data protection laws and regulations, including, without limitation, the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 (“GDPR“), as well as the laws, orders and guidelines issued by the competent data protection authorities, as applicable (the “Data Protection Laws“).
This Notice applies to Personal Information related to physical persons within these categories:
Specific sections of this Notice are dedicated to a single category of Data Subject where expressly indicated.
This Notice may need to be modified from time to time as necessary in the future to reflect changes in circumstances. We may provide Data Subjects with a new version when any substantial updates are made. The Data Subjects can access the most recent version at any time by visiting the Company Website, or by contacting the Company at the address or contact details indicated in the Notice.
When visiting and using the Website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server, which are technically necessary for us to display our website to you and to guarantee stability and security.
We transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Mindray Group or to external service providers, contractors (e.g. hosting, content management system) in accordance with the purposes required (for displaying the website and setting up its content).
Legal basis: Art. 6 (1) b GDPR.
In addition to the aforementioned data, cookies and other similar storage technologies (hereinafter referred to as “Cookies”) are stored on your computer when visiting and using our website. Cookies are small text files that are stored by your browser on your device to save certain information. The next time you visit our website on the same device, the information saved in the cookies will subsequently be transmitted either to our website (“First Party Cookie”) or to another website to which the cookie belongs (“Third Party Cookie”).
Through the information saved and returned, the respective website recognises that you have already accessed and visited it with the browser you use on that device. We use this information to be able to design and display the website in an optimum way in line with your preferences. In that respect, only the cookie itself is identified on your device. Beyond this extent, your personal data will only be saved upon your express consent or if it is strictly necessary to be able to use the service offered to and accessed by you accordingly.
This website uses the following types of cookies, the scope and functionality of which are explained below:
These are cookies that guarantee functions without which you cannot use our web pages as intended. These cookies are used exclusively by us and are therefore first party cookies.
Legal basis: Art. 6 (1) b GDPR.
These cookies enable our website to store information already provided (such as language selection) and to offer you improved and more personalised functions based on this information. These cookies collect and store only anonymous information so that they cannot track your movements on other websites.
Our website uses functionality cookies for:
Legal basis: Art. 6 (1) b GDPR.
Legal basis: Art. 6 (1) b GDPR.
Cookies, which are neither strictly necessary (Type A) nor functionality or performance cookies (Type B) will be used only upon your express consent, e.g. marketing cookies. We use:
These social media parties may also collect your personal data for their own purposes. Mindray has no influence over how these social media parties make use of your personal data. For more information regarding the cookies set by the social media parties and the possible data that they gather, please refer to the privacy statement(s) made by the social media parties themselves. Below we have listed the privacy statements of the Social Media channels that are used the most by Mindray:
Legal basis: consent (Art. 6 (1) a GDPR).
Please be aware that Mindray currently does not make use of a technical solution that would enable us to respond to your browser’s ‘Do Not Track’ signals.
Administration and deletion of all cookies: You can set your web browser in such a way that cookies are generally prevented from being saved to your device and/or that you are asked each time whether you are in agreement with cookies being enabled. You can also at any time delete cookies that have been enabled again. You can find out how all this works in detail from your browser’s help function.
Please note that generally deactivating cookies may lead to functional restrictions of our website.
Throughout a Client or Supplier relationship with the Company and for as long a period as is necessary following the termination of such relationship, the Company may generate, collect and keep records that may include, without limitation, all or some of the following categories of Personal Information for the purposes described below:
We collect administrative information of Suppliers and Clients to:
– select Suppliers and Clients;
– negotiate, enter into or execute a contract;
– fulfill obligations established by law, by regulations and by community legislation, including tax and/or accounting obligations;
– acquire information preliminary to the conclusion of contracts;
– fulfill, before the conclusion of the contract, specific requests from the Supplier or Client;
– perform obligations deriving from the contract concluded;
– provide a service or allow the supply of the same;
– answer questions and requests for information,
– exercise rights in court, in case of judicial proceedings, requests from courts and competent authorities or in relation to other legal obligations and if Mindray in good faith believes that the processing of Personal Data is necessary to fulfill obligations deriving from the legislation applicable and to protect and defend Mindray’s rights and property.
Legal basis: we process this information on the basis that it is necessary for the performance of the contract (Art. 6 (1) b GDPR), or that it is in the Company’s legitimate interests to do so in ensuring its business is run efficiently (Art. 6 (1) f GDPR).
The Company may collect and keep records that may include, without limitation, Bank account details or other account where Clients’ or Suppliers’ compensations are paid.
We collect financial information to pay a Client or Supplier in accordance with the terms of their contract. We process this information on the basis that it is necessary to perform the contract (Art. 6 (1) b GDPR), or it is necessary to comply with the Company’s legal obligations under tax legislation (Art. 6 (1) c GDPR).
The Company may collect the following information for contact purposes
When contacting or communicating with us, e.g. by email or via contact form on our website, the data you provide will be stored and processed by us in order to answer your questions, requests or for the purpose of business related correspondence. We delete the data arising in this context once storage is no longer necessary, unless statutory retention obligations exist or periods of limitation must be observed.
We may transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the Mindray Group or to external service providers, contract processors (e.g. cloud hosting, service providers) if necessary and in accordance with the purposes required (e.g. for establishing contacts, business related correspondence, customer care, etc.).
Legal basis: Art. 6 (1) b GDPR.
– Newsletter and marketing communications
With your explicit consent ,when required, we may process Personal Information to send the Company’s Newsletter or other marketing communications. Consent may be provided by you in various ways, e.g. through the specific Website section, in writing to member of our staff during events, etc. Consent for the newsletter is optional and not necessary to receive other services from Mindray.
The newsletter contains news and further information on the Mindray products.
By subscribing to the newsletter or providing your consent for marketing purposes you may receive personalised information about the products, services or events of the Company by e-mail or phone, according to the preferences selected.
The data may be forwarded to our cloud management system and customer platform, which other Group Companies and/or service providers may also access to support and implement the marketing communications.
The collected data are deleted after 12 months or 24 months or in the lack of a new consent as requested. If you no longer wish to receive the newsletter, you can unsubscribe at any time. Click on the link contained in each newsletter, you will then be guided through the unsubscribe process, or send us your withdrawal by email.
Legal basis: Consent (Art. 6 (1) a GDPR).
During the Supplier’s selection process, the relationship with Clients, or the interaction with Website Users, the Company may receive Personal Information that contains Sensitive Personal Data, namely:
Sensitive Personal Data are collected merely if received by the Data Subjects.
We may also collect a limited amount of criminal convictions data where the law allows us to do so and to extent allowed. This will usually be where such processing is necessary to carry out our legal obligations or ethical due diligence and provided we do so in line with our data protection and retention policy.
We generate, collect and maintain Personal Information in connection with the Data Subject’s relationship, and as permitted or required by applicable law, for the legal bases identified above.
We obtain most Personal Information in the forms and applications that the Data Subject fills out in connection with his/her relationship with the Company.
We may obtain some Personal Information from third parties, including when we receive contact details for marketing purposes or where local law requires Data Subjects to provide his/her name to our service providers. In these cases, we inform Data Subjects of this Notice and use of the data at the time of first contact or no later than 1 months after receiving the personal data.
From time to time, we may need to disclose some Personal Information we process about Data Subjects to relevant third parties as listed below, in order to perform our obligations under a contractual relationship, in order to comply with our legal obligations or on the basis that it is in our legitimate interests to do so, in ensuring our business is run efficiently.
Any recipient or third party receiving the data by the Company, is a data processor duly authorised by us or an autonomous data controller, with the only exceptions provided by the Data Protection Laws.
a) The non-EU jurisdiction is on the EU Commission’s adequacy decision list; or
b) The Company has taken measures by way of appropriate safeguards for the data subject, which may consist of binding corporate rules approved the supervisory authority, standard data protection clauses adopted by the EU Commission or adopted by a supervisory authority and approved by the EU Commission, codes of conduct approved by a supervisory authority or the EU Commission, certification mechanism approved by supervisory authority, or contractual clauses authorised by a supervisory authority.
Please note that in the absence of an adequacy decision pursuant to Article 45(3) of the GDPR, or if appropriate safeguards pursuant to Article 46 of the same rule, the Company may still transfer Personal Information to non-EU jurisdictions only on one of the following conditions:
a) The Data Subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards;
b) The transfer is necessary for the performance of a contract between the Data Subject and the Company or the implementation of pre-contractual measures taken at the Data Subject’s request;
c) The transfer is necessary for the conclusion or performance of a contract concluded in the interest of the Data Subject between the Company and another natural or legal person;
d) The transfer is necessary for important reasons of public interest;
e) The transfer is necessary for the establishment, exercise or defence of legal claims;
f) The transfer is necessary to protect the vital interests of the Data Subject or of other persons, where the Data Subject is physically or legally incapable of giving consent;
g) The transfer is made from a register which according to the European Union or Member State law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by European Union or Member State law for consultation are fulfilled in the particular case.
Personal Information may be transferred to and processed by, or on behalf of, entities in the Mindray’ group that are based outside of the European Union. Each such entity has adopted, for the protection of our Data Subjects’ Personal Information, a Notice and procedures that are consistent with the provisions of this Notice.
From time to time we may transfer Personal Information to third parties outside of the European Union but only if the third party (whether controller or processor) has provided appropriate safeguards. The appropriate safeguards may be provided for by: (1) binding corporate rules or (2) the European Commission’s standard data protection clauses.
When the Company shares Personal Information with another entity, the Company requires this other entity to agree in writing:
The Company has appropriate technical and organisational measures in place to maintain physical, procedural, and technical security in its offices, information systems, and information storage facilities to protect Personal Information from loss, misuse, unauthorised access, erroneous disclosure, alteration, or destruction. We restrict access to Personal Information to those individuals who need access to that information to assist us in performing our duties and obligations.
The Company requires employees with access to Personal Information to keep it strictly confidential, to access it only on a need to know basis, and not to use it or to disclose it to third parties other than as permitted under this Notice, or as permitted or required by the applicable law. Failure to do so, such as unauthorised, inappropriate, or excessive disclosure of Personal Information about individuals, will be regarded as serious misconduct and will be dealt with in accordance with the Company’s disciplinary procedures.
Data Subjects acknowledge that transmission over the Internet is never completely secure or error-free. Because of this, we cannot and do not guarantee the security of Personal Information that the Data Subject provides to us when in transit through the Internet. Thus, when submitting Personal Information to the Company through an Internet connection, the Data Subject must weigh both the benefits and the risks before submission.
The Company is committed to collecting only Personal Information that is relevant for the purposes for which it is to be used as listed above. The Company is also committed to ensuring that Personal Information is not processed in a way that is incompatible with the purposes for which it has been collected or subsequently authorised by a Data Subject.
To the extent necessary for these purposes, the Company takes reasonable steps to ensure that all Personal Information is reliable, accurate, complete, and current.
According to Data Protection Laws and within its limits, the Data Subject has the following rights:
If the Data Subject wishes to have access to the Personal Information about him/her that we hold, the Data Subject should contact us as set forth in the section “How to Contact Us” below. We will process all requests for access within the time frames defined by applicable law (and if no such time frames are specified, within a reasonable time period).
We retain Personal Information and dispose of it in paper and electronic format, in a form that allows the identification of the Data Subjects, for a period of time not exceeding the achievement of the purposes for which they are processed or in accordance with Data Protection Laws and this Notice. Personal Information may also be stored in a cloud environment with a server located in Germany.
We may also need to retain certain Personal Information to prevent fraudulent activity, to protect ourselves against liability, permit us to pursue available remedies, or limit any damages that we may sustain, or if we believe in good faith that an order, law, regulation, rule or guideline requires such retention.
The controller of the personal data that are collected when using the Website is Mindray International Co., Ltd..
The controller of the personal data that are collected for marketing activities outside the Website and for the processing of all Personal Information of Clients and Suppliers is Mindray UK Limited based at Mindray House, Kingfisher Way, Hinchingbrooke Business Park, Huntingdon, Cambs, PE29 6FN .
To access any of the rights mentioned in section 11 and contact the Data Controller, please write at firstname.lastname@example.org or the address indicated above.