Ethics Hotline

Mölnlycke processes personal data in the manner and for the purposes described in the tables below. The tables below also show the legal basis on which Mölnlycke bases its processing for each purpose and for how long we will retain your personal data.

What we do and why

We handle reports received through the whistleblowing channel by collecting and administering the reports. We will also communicate with the persons who the reports concern, including alleged witnesses of the reported incident. We will handle, follow-up and document the content of the report and any upcoming questions. We will do this in order to be able to properly handle all whistleblowing reports concerning violations of the law.

The personal data that we process:

• Contact information, such as name, telephone number, address and e-mail address
• Report history and report
• Employment information (such as job title and role)
• Pictures and audio recordings
• Personal data related to criminal convictions, suspicion of and/or actual violations of the law in the form of violations of, for example, the Money Laundering Act

Our legal basis for processing

Legal obligation: The processing of your personal data is required by law. If the personal data is not processed, our legal obligation cannot be fulfilled.

How we share and transfer your data

In order to fulfil the purposes stated above, Mölnlycke will share your personal data with the following recipients;

• With our legal advisors, that assist us in the investigation of whistleblowing reports
• With data forensics experts or other experts on a case by case basis
• Relevant authorities
• IT provider of Whistleblowing channel Convercent by OneTrust

to the extent it is necessary for them to perform their services to us.

Mölnlycke will not transfer your personal data to a country outside the European Union (“EU”)/European Economic Area (“EEA”) within the scope of this processing activity.

How long we keep your data

We process your personal data during the storage period required by law or otherwise during the time it is necessary for the establishment, exercise or defence of legal claims.

What we do and why

We will conduct investigations of misconduct and suspected offenses committed within Mölnlycke's organization in the form of suspected or actual violations of law, with the purpose to properly handle all suspected violations of law within Mölnlycke’s organization. To achieve this we will handle, follow up and document whistleblower reports contents and upcoming questions. We will collect and review information from the IT-equipment and the digital systems you use within your employment and that Mölnlycke controls. We will also interview relevant persons within the investigation, including alleged witnesses of the reported incident and contact the relevant authorities for the investigation.

The personal data that we process

• Contact information, such as name, telephone number, address and e-mail address
• Report history and report
• Employment information (such as job title and role)
• Pictures and audio recordings
• Communication history
• Internet history
• User history from the IT-equipment and digital systems that you as an employee use within the framework of your employment and that Mölnlycke controls
• Personal data related to criminal convictions, suspicion of and/or actual violations of the law in the form of violations of, for example, the Money Laundering Act

Our legal basis for processing

Legal obligation: The processing of your personal data is required by law. If the data is not processed, our legal obligation cannot be fulfilled.

How we share and transfer your data

In order to fulfil the purposes stated above, Mölnlycke will share your personal data with the following recipients;

• With our legal advisors, that assist us in the investigation of whistleblowing reports
• With data forensics experts or other experts on a case by case basis
• Relevant authorities
• IT provider of Whistleblowing channel Convercent by OneTrust

to the extent it is necessary for them to perform their services to us.

Mölnlycke will not transfer your personal data to a country outside the EU/EEA within the scope of this processing activity.

How long we keep your data

We process your personal data for the storage period required by law or otherwise for the time necessary for the establishment, exercise or defence of legal claims.

What we do and why

We will handle reports of violations of internal policies through collecting and administering reports received through the whistleblowing channel. We will also communicate with the persons who the reports concern, including alleged witnesses of the reported incident. We will handle, follow-up and document the content of the report and any upcoming questions. We will do this in order to be able to properly handle all whistleblowing reports concerning potential violations of internal policies. 

The personal data that we process

• Contact information, such as name, telephone number, address and e-mail address
• Birthdate
• Registration history and registration number
• Employment information (such as job title, employee identifier and role of responsibility).
• Pictures and audio recordings
• Personal data related to actions in violation of Mölnlycke's Code of Conduct and internal policies

Our legal basis for processing

Legitimate interest: The processing is necessary to fulfil our legitimate interest in ensuring that our internal policies for our business are complied with.

How we share and transfer your data

In order to fulfil the purposes stated above, Mölnlycke will share your personal data with the following recipients;

• With our legal advisors, that assist us in the investigation of whistleblowing reports
• With data forensics experts or other experts on a case by case basis
• Relevant authorities
• IT provider of Whistleblowing channel Convercent by OneTrust

to the extent it is necessary for them to perform their service to us.

Mölnlycke will not transfer your personal data to a country outside the EU/EEA within the scope of this processing activity.

How long we keep your data

For this purpose, we will process your personal data until the investigation case is completed and for the time necessary to establish, exercise or defend legal claims.

Mölnlycke processes personal data that is collected directly from you when you use the whistleblowing system, or that is stated by another person within the scope of a report.

We strive to always process your personal data within the EU or EEA. However, if we transfer your personal data, in accordance with what is stipulated in the tables above, to service providers who, either themselves or by their sub-contractors, are located or have business activities in a country outside the EU or EEA. In such cases, we are responsible for ensuring that the transfer is made in accordance with applicable data protection legislation before it occurs, e.g. by ensuring that the country in which the recipient is located ensures an adequate level of data protection according to the European Commission, or by ensuring appropriate safeguards based on the use of standard contractual clauses that the European Commission has adopted and other appropriate measures to safeguard your rights and freedoms.

You may access a list of the countries that the European Commission has decided provide an adequate level of data protection at this link.

You may access the European Commission’s standard contractual clauses at this link.

In this section we describe your rights as a data subject. You can exercise them by contacting us using the contact information at the end of this document. Please note that not all rights listed below are absolute and there are exemptions which can be valid. Your rights are the following:

Right of access

You have the right upon request to get a copy of your personal data which we process and to get complementary information regarding our processing of your personal data.

Right of rectification

You have the right to have your personal data rectified and/or complemented if they are wrong and/or incomplete.

Right to erasure

You have the right to request that we erase your personal data without undue delay in the following circumstances: (i) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you withdraw your consent on which the processing is based (if applicable) and there is no other legal ground for the processing; (iii) you object to our processing of personal data, and we do not have any overriding legitimate grounds for the processing; (iv) the processed personal data is unlawfully processed; or (v) the processed personal data has to be erased for compliance with legal obligations.

Right to restriction

You have the right to restrict the processing of your personal data in the following circumstances:
(i) you contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data; (ii) the processing is unlawful, and you oppose erasure of the personal data and request restriction instead; (iii) the personal data is no longer needed for the purposes of the processing, but are necessary for you for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing of the personal data, pending the verification whether our legitimate grounds for our processing override your interests, rights and freedoms.

Right to data portability

If your personal data has been provided by you and our processing of your personal data is based on your consent or on the performance of a contract with you, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format in order to transmit these to another service provider where it would be technically feasible and can be carried out by automated means.

Right to object

You have the general right to object to our processing of your personal data when it is based on our legitimate interest. If you object and we believe that we may still process your personal data, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Right to object to direct marketing

You have the right to at any time object to processing which is done for the purpose of direct marketing. If you object to such processing, we will no longer process your data for such purposes.

Right to withdraw consent

When our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Please note that the lawfulness of any processing based on your consent before its withdrawal is not affected by the withdrawal.

The data protection authority in Sweden is ‘Integritetsskyddsmyndigheten’. If you believe that our processing is performed in breach of applicable data protection legislation, we encourage you in first-hand to contact us in order for us to oversee your complaints. You may at any time also file a complaint with the supervisory authority.

If you have any questions about the processing of your personal data or want to exercise any of your rights, please contact us at:

Phone number: +46 31 722 30 00 
E-mail: privacy@molnlycke.com

Mölnlycke AB,
c/o Mölnlycke Health Care AB
Box 13080
402 52 Göteborg SWEDEN