Medline Industries, Inc., along with its subsidiaries and affiliates (together "Medline" or the "Medline Group") is committed to respecting and protecting the privacy of those who entrust Medline with their Personal Information. Accordingly, Medline has self-certified to the U.S.-EU Safe Harbor Framework and adheres to the Safe Harbor privacy principles as agreed to by the U.S. Department of Commerce and the European Commission. Medline has also self-certified to the U.S.-Swiss Safe Harbor Framework and adheres to the Safe Harbor privacy principles as agreed to by the U.S. Department of Commerce and the Federal Data Protection and Information Commissioner of Switzerland. To learn more about the Safe Harbor program (the "Safe Harbor"), please visit http://www.export.gov/safeharbor/.
SCOPE OF SAFE HARBOR COMMITMENT
Medline certifies to the Safe Harbor for all Personal Information that it processes and which is transferred from countries in the European Economic Area and Switzerland to the United States, both in electronic or paper form, including Personal Information and Sensitive Personal Information from employees, agents, consultants, contractors, vendors, service providers, business associates, healthcare professionals, patients, clinical trial participants and others.
This certification covers both "Personal Information" which means any information from which a living individual can be directly or indirectly identified, as well as "Sensitive Personal Information" which means Personal Information revealing an individual's racial or ethnic origin, political opinions or membership of political parties or similar movements, religious or philosophical beliefs, membership of a professional or trade organization or union, physical or mental health, including any opinion thereof, sex life, and, where permitted by applicable law, criminal offences and alleged offences, criminal records or proceedings with regard to criminal or unlawful behavior.
OUR SAFE HARBOR PRIVACY PRINCIPLES
The following privacy principles apply to Medline's collection, use, disclosure and other processing of Personal Information, except to the extent required to meet a legal, governmental, national security or similar paramount public interest obligation.
Individuals will receive a notice explaining the purposes for which Medline processes Personal Information about them, how to contact Medline regarding inquiries or complaints, as well as the types of third parties to which Medline disclose Personal Information and how and when individuals can limit such uses and disclosure. This notice will be provided when individuals are first asked to provide Personal Information or as soon thereafter as is practicable.
CHOICE AND CONSENT
Medline will offer an individual the opportunity to choose (opt out) whether Personal Information about them will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by them, unless such choice is not required by law.
For Sensitive Personal Information, Medline will seek affirmative or explicit (opt in) consent before the Sensitive Personal Information is disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by the individual.
Personal Information will not be transferred to another Medline company, or to a third party, unless reasonable and appropriate steps have been taken to maintain the required level of data protection as provided in this Policy, including the provision of notice and choice where appropriate.
Medline may use independent companies or other third parties and individuals as agents, consultants, contractors, vendors and service providers. All agents, consultants, contractors, vendors and service providers are required to comply with Medline's privacy practices and policies and are permitted to use Personal Information only for the purpose of performing services on behalf of Medline. A company that processes Personal Information on behalf of Medline is allowed to do so only if it guarantees to provide the technical and organizational security measures required for processing Personal Information and to provide sufficient guarantees with respect to the protection of data protection rights of individuals under applicable law.
Medline may share Personal Information as required or permitted by law to comply with a subpoena or similar legal process or government request, or when Medline believes in good faith that disclosure is legally required or otherwise necessary to protect Medline's rights and property, or the rights, property or safety of others.
Medline may transfer Personal Information to a third party that acquires all or part of the assets or stock of Medline, or that succeeds Medline in carrying on all or a part of the business of Medline, whether by merger, acquisition, reorganization or otherwise. Medline will obligate by contract any successor owner or company to, notify individuals via email and/or by putting a prominent notice on the Medline website or relevant successor site of any change in ownership, privacy policies or uses of Personal Information.
INDIVIDUALS' ACCESS TO PERSONAL INFORMATION
Individuals can update, correct, and access the Personal Information about them that Medline processes, and may be able to correct, amend, or delete that information where it is inaccurate, except where, and to the extent permitted by applicable law, the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated.
Medline will make reasonable efforts to ensure that Personal Information is accurate and updated, adequate, relevant, not excessive for the purposes for which the Personal Information are processed and kept only for the period necessary for permitted purposes.
The security of Personal Information is important to Medline. Medline will take reasonable steps, consistent with generally accepted industry standards, including technical, administrative and physical safeguards to protect the Personal Information that Medline processes from loss, misuse and unauthorized access, disclosure, alteration and destruction.
INQUIRIES AND ENFORCEMENT OF COMPLIANCE
Medline has established internal means to ensure continuing compliance with the Safe Harbor.
We self-certify compliance with
Medline Industries, Inc.
One Medline Place
Mundelein, Illinois 60060
If you are unsatisfied with the way Medline has responded to any concerns about Medline's handling of Personal Information about you, the matter may be dealt with through the following independent dispute resolution mechanisms: the panel established by European data protection authorities and the Swiss Federal Data Protection and Information Commissioner for human resources data; American Arbitration Association for all other personal data.
CHANGES TO THIS POLICY
Because of Medline's commitment to the protection of Personal Information, Medline periodically evaluates its privacy policies and procedures to implement improvements and refinements from time to time. When this policy is amended, Medline will revise the "last updated" date at the bottom of this policy. For material changes to this policy, Medline will notify individuals by placing a notice on this page.
Initial Effective Date: February 1, 2012
Last Updated: February 1, 2012