Corporate Compliance Policy
Purpose
This purpose of this Policy is to set forth the privacy
principles that KCI follows with respect to transfers of Personal
Data from the European Economic Area to the United States which has
been collected or received by KCI in conducting clinical or market
research and/or in managing our workforce.
General Principle
KCI is committed to protecting the privacy of those who entrust
us with Personal Data. KCI abides by the Safe Harbor Principles
developed by the U.S. Department of Commerce and the European
Commission and the Frequently Asked Questions (FAQs) issued by the
U.S Department of Commerce on July 21, 2000. This Policy sets forth
the privacy principles that KCI follows with respect to transfers
of Personal Data from the European Economic Area to the United
States which has been collected or received by KCI in conducting
business with customers and patients, in doing clinical or market
research and/or in managing our workforce.
Scope
This Policy applies to KCI and all KCI Personnel. Compliance
with this Policy is mandatory. Adherence to this Policy is a
condition of employment for every KCI Employee and a condition to
continuation of a professional relationship with KCI for every KCI
Contractor. Violations of this Policy may result in disciplinary
measures up to and including the termination of employment or other
engagement.
KCI Personnel who do not comply with this Policy or engage in
conduct that is contrary to this Policy may be held financially
responsible for all expenses associated with such conduct. KCI
Personnel who are unsure whether an activity is allowed by this
Policy should consult the KCI Legal and Compliance Department prior
to conducting, engaging in or permitting any such activity.
This Policy restricts KCI Personnel from conducting any action
or engaging in or permitting any conduct directly through their own
personal activities or indirectly through any consultant, agent,
sales representative, sales associate, distributor, joint venture
partner, contractor or other third party that would be otherwise
prohibited by this Policy if such action or conduct were taken
directly by KCI Personnel.
Definitions
"Agent" any third party that processes Personal Data on behalf
of and under the instruction of KCI.
"KCI" Kinetic Concepts, Inc. and all of its worldwide
subsidiaries and affiliates including, but not limited to, KCI USA,
Inc., KCI International and LifeCell Corporation.
"KCI Contractor" any person or entity engaged (directly or
indirectly) to provide services and/or products to KCI, whether or
not pursuant to a written agreement, including but not limited to
any consultant, agent, sales representative, sales associate,
distributor, joint venture partner, contractor or other third
party.
"KCI Employee" any employee of KCI, including any international
employee, who files a U.S. W-2 Tax Form or an international
equivalent.
"KCI Personnel" any KCI Contractor, KCI Employee or director or
officer of KCI.
"Personal Data" any information or set of information that
identifies or can reasonably be uses to identify an individual.
Personal Data do not include information that is encoded or
anonymized, or publicly available information that has not been
combined with non-public personal information.
"Sensitive Personal Data" personal information that reveals race,
ethnic origin, political opinions, religious or philosophical
beliefs, or trade union membership, or that concerns health or sex
life. Information will be treated as Sensitive Personal Data where
it is received from a third party that treats and identifies it as
sensitive.
Notice
KCI will inform individuals about the purposes for which we
collect and use Personal Data about them, how to contact us, the
types of non-agent third parties with whom we may share Personal
Data, and any ways that individuals may limit the use and sharing
of such data. This notice will be provided when individuals are
first asked to provide Personal Data or as soon thereafter as is
practicable. Such notice may be provided by various means, such as
internal policies, statements in forms and questionnaires, work
agreements or a privacy policy
Choice
KCI will offer an individual the opportunity to choose (opt out)
whether Personal Data are (a) shared with a non-agent third party
or (b) used for a purpose other than that for which the data were
originally collected or subsequently authorized by the individual.
For Sensitive Personal Data, KCI will endeavor to give an
individual an affirmative or explicit (opt in) choice if the
information is to be disclosed to a third party or used for a
purpose other than those for which it was originally collected or
subsequently authorized by the individual; provided, however that
choice is not required where the processing of Sensitive Personal
Data is: (i) in the vital interests of the data subject or another
person; (ii) necessary for the establishment of legal claims or
defenses; (iii) required to provide medical care or diagnosis; (iv)
carried out in the course of legitimate activities by a foundation,
association or any other non-profit body with a political,
philosophical, religious or trade-union aim and on condition that
the processing relates solely to the members of the body or to the
persons who have regular contact with it in connection with its
purposes and that the data are not disclosed to a third party
without the consent of the data subjects; (iv) necessary to carry
out our obligations in the field of employment law; or (vi) related
to data that are manifestly made public by the individual.
Access
KCI will provide individuals with reasonable access to Personal
Data about them and they may request the correction or amendment of
Personal Data that they demonstrate to be incorrect or incomplete.
KCI will endeavor to process all reasonable requests for access
within a reasonable time period but reserves the right to deny
access or limit access in cases where the burden or cost of
providing access would be disproportionate to the risks to the
individual’s privacy or in the case of a vexatious or fraudulent
request. Any KCI Employee who desires to review or update their
Personal Data can do so by contacting their human resources
representative.
Transfers to Agents
KCI will only transfer Personal Data to an Agent where the Agent
has provided assurances that the Agent provides at least the same
level of privacy protection as is required by these principles.
Should KCI become aware of an Agent using or sharing Personal Data
in a way that is contrary to these principles, KCI will take
reasonable steps to prevent or stop such activity.
Onward Transfer
KCI will only transfer Personal Data to a non-agent third party
where consistent with the notice provided to the individuals who
are the subject of the data and any consent that those individuals
have given.
Data Integrity
KCI will only use Personal Data only in ways that are consistent
with the purposes for which it was collected or subsequently
authorized by the individual. To the extent necessary for those
purposes, KCI will take reasonable steps to ensure that the
Personal Data are relevant for its intended use, accurate, complete
and current.
Security
KCI will take reasonable precautions to protect Personal Data in
its possession from loss, misuse and unauthorized access,
disclosure, alteration and destruction. KCI endeavors to limit
access to Personal Data to KCI Personnel that have a specific
business purpose for maintaining and processing such Personal Data.
KCI Personnel who have been granted access to Personal Data are
aware of their responsibilities to protect the security,
confidentiality and integrity of such information.
Enforcement
KCI has put in place mechanisms to verify our ongoing adherence
to the privacy principles set forth in this Policy. Individuals who
wish to file a complaint, ask a question or raise a concern with
this Policy should direct such communication to KCI at the address
provided below. KCI will investigate and attempt to resolve
complaints, questions and concerns regarding the use and disclosure
of Personal Data in accordance with the principles set forth in
this Policy. Furthermore, KCI is committed to cooperating with
local European Data Protection Authorities to resolve any dispute
and will take steps to remedy any problems arising out of a failure
to comply with the Safe Harbor principles.
Limitations on Scope of Principles
Adherence by KCI to these privacy principles may be limited to
the extent required to meet a legal, governmental, national
security or public interest obligation.
Contact for Concerns
KCI Employees should address questions or concerns regarding
this Policy or the practices of KCI concerning Personal Data
to:
KCI EMEA Privacy Officer
Phone: +31 (0) 20.426.0044
Email: privacyofficer@kci-medical.com
Mail: Van Heuven Goedhartlaan 11
1181 LE Amstelveen, The Netherlands
All other individuals covered by this Policy should contact KCI
at:
Kinetic Concepts, Inc.
8023 Vantage Drive
San Antonio, Texas 78230-4726
Attention: Legal and Compliance Department
|