Biometric Data Policy

1. Policy

1.1. ICU Medical, Inc., and its affiliates (collectively, “ICU Medical” or the “Company”) recognizes the need to maintain the confidentiality of Biometric Data, as defined below, in accordance with applicable state, federal and local regulations and other data protection laws. This Biometric Data Policy (the “Policy”) defines ICU Medical’s policy for collection, use, safeguarding, storage, and destruction of Biometric Data collected by ICU Medical.

 

2. Scope

2.1. This Policy is applicable to all ICU Medical Personnel. This Policy does not apply to ICU Medical’s processes to address privacy risk management across the Company (i.e., confidential and secure handling of personal data). Please see ICU Medical’s Global Privacy Policy for more information.

 

3. Definitions

3.1. For purposes of this Policy, the following terms have the following meanings:

3.1.1. “Biometric Data” means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person (e.g., fingerprint scan).
3.1.2. “Biometric Identification System” or “System” means computer and/or terminal-based devices that scan ICU Medical Personnel fingertips for purposes of identification. The System uses unique data points scanned at the terminal on ICU Medical Personnel fingertips and creates a unique mathematical representation used to verify the identity of ICU Medical Personnel; for example, when the ICU Medical Personnel arrives or departs from the workplace.
3.1.3. “ICU Medical Personnel” includes ICU Medical officers, directors, and full-time, part-time, temporary and contract employees of ICU Medical.

 

4. ICU Medical’s Processing of Biometric Data

4.1. ICU Medical collects, stores, and uses Biometric Data for the purpose of identification, training and accurate timekeeping and will not be used for any other business purpose.

4.2. Pursuant to the terms in this Policy (and in particular Section 7 below), the Biometric Data may be collected centrally in United States and/or Mexico, as the case may be, and stored locally or via third party cloud provider.

 

5. Consent

5.1. In order to use the System, ICU Medical Personnel shall be required to sign (electronically or otherwise) a consent authorizing ICU Medical to collect, store on a continual basis throughout employment and capture such ICU Medical Personnel’s Biometric Data as described in this Policy.

 

6. Disclosure

6.1. ICU Medical will not sell, lease, trade, or otherwise profit from ICU Medical Personnel’s Biometric Data. ICU Medical will not disclose or disseminate ICU Medical Personnel’s Biometric Data unless authorized to do so by ICU Medical Personnel or required to do so by state, federal and local law (and shall comply with such regulations to the extent disclosing such Biometric Data).

 

7. Data Storage, Retention and Deletion

7.1. ICU Medical will store and protect Biometric Data using a reasonable standard of care, and in a manner that is the same as the manner in which ICU Medical treats other confidential and sensitive information. ICU Medical shall retain ICU Medical Personnel Biometric Data only until the initial purpose for collecting or obtaining such Biometric Data has been satisfied, such as termination of the ICU Medical Personnel’s employment with the Company. At that time, the Company will take the necessary steps to permanently delete ICU Medical Personnel’s Biometric Data from ICU Medical’s systems.

 

8. Auditing and Monitoring

8.1. This Policy, together with the supporting documents and records required by it, is subject to periodic auditing and monitoring.

 

9. Reporting and Questions

9.1. ICU Medical Personnel may report any concerns through an anonymous and confidential hotline at 1-844-330-0007. Anonymous and confidential reports can also be made by email to reports@lighthouse-services.com (must include Company name in the report), through confidential web submission at https://www.lighthouse-services.com/icumed, or via the Governance Reporting section in our corporate governance website at https://ir.icumed.com/corporate-governance. ICU Medical Personnel may also make confidential reports to his/her supervisor, HR, the Compliance Officer, or the General Counsel.

 

10. Exceptions

10.1. Any exceptions to the requirements of this Policy must be approved by ICU Medical’s General Counsel.