ESG Report 2023

Whistleblowing and Confidentiality The Group provides various channels for employees or any of the Group’s partners to report corruption and malpractice, such as direct phone calls, e-mails, post, or the whistleblowing channel on the online mobile office platform system “Smart United Laboratories”. All whistleblowing channels allow employees to directly report immoral or dishonest behaviours to the Group’s Audit and Legal Affairs Centre anonymously. The Group has clearly defined the working principles of whistleblowing in “The United Laboratories Anti-Fraud and Whistleblowing Management Policy” to keep the whistleblowers’ identity confidential. Complaints or reports made in person should be interviewed by designated personnel in a secret location. All persons not connected are not allowed to observe, question or record the content of the interview. The principle of confidentiality should be strictly complied with in sending, receiving, opening, filing, transferring, keeping and mentioning of written complaints, and the reception, answering, documentation, and voice recording of telephone complaints. All employees are not allowed to note down, copy, keep, hide or destroy reporting materials without authorization. Other units and departments of the Group have no right to interfere or disturb the reporting and complaining matters to safeguard the independence of the investigation and the privacy of the complainant and the person complained against. In addition, the Group gives full protection to the whistleblowers. We will strictly combat all retaliatory actions if whistleblowers or their family members suffer from damage to person, property or other rights due to reporting. The whistleblowers is also entitled to inform his/her senior managers for timely protection. The entire reporting procedure is protected by law, and serious breaches of the rules will be referred to the judicial authorities. To encourage employees to report corruption or malpractices, the Group will commend and reward the complainant if the complaint is substantiated after investigation. The reward will be given to complainants whose identities have been verified upon the closing of the investigation. 6.3 Information Security Information security infrastructure is an essential method employed by the Group to safeguard internal information and customer privacy. Any leakage of confidential corporate information or customer data can have adverse impacts and lead to losses for the company itself, customers, and other stakeholders. In compliance with relevant laws and regulations such as the Law of the People's Republic of China on the Protection of Consumer Rights and Interests, the Cybersecurity Law of the People's Republic of China, Information Security Law of the People's Republic of China, and Personal Information Protection Law of the People's Republic of China the Group has established The United Laboratories Information Confidentiality Policy and The United Laboratories Patient Information Protection Policy to uphold stakeholders' confidence in the Group's operations and services. The Law of the People's Republic of China on the Protection of Consumer Rights and Interests The Cybersecurity Law of the People's Republic of China Information Security Law of the People's Republic of China Personal Information Protection Law of the People's Republic of China Relevant Laws, Regulations and Guidelines Information security Aspects Internal Policies During the Year, the Group did not experience any information leakage incidents nor were there any legal disputes related to information security concerning the Group or its employees. 31 Environmental, Social and Governance Report 2023 The United Laboratories International Holdings Limited The United Laboratories Information Confidentiality Policy The United Laboratories Patient Information Protection Policy International Internet Usage Management Policy Patient Personal Information Protection Policy Emergency Operation Procedures for Power Outage in the Computer Room

RkJQdWJsaXNoZXIy NTk2Nzg=