ESG Report 2023

During the Year, the Information Technology Centre developed the "Emergency Operation Procedures for Power Outage in the Computer Room" to prevent equipment damage or data loss during unexpected power outages. The Information Centre conducts drills for planned power outages, involving the security operations teams from the Information Centre and various branches, to enhance their emergency response capabilities during such situations. The tests are mostly conducted in July and August and are coordinated with power outage fault testing. On the day of the planned power outage, all personnel are required to cooperate by shutting down unnecessary electrical appliances and keeping the computer room access open. During the power outage, all non-business system equipment is required to be shut down to prioritize the uninterrupted operation of the uninterruptible power supply (UPS) and ensure business continuity. 6.3.2 Information Management According to The United Laboratories Information Confidentiality Policy, all the information of the Group is classified into five categories by their level of importance, namely Top Secret, Secret, Confidential, Internal and Public. All personnel need to pass different levels of approval procedures according to the importance level of the information when accessing the information. The use of different information, such as information for internal use, advertising and promotion, medication instruction and after-sale service, is subject to the relevant regulations regarding the use of product information. The purpose and target of the use of information is subject to strict requirements and limitations under related systems. Regarding employees, the employee confidentiality system implemented by the Group requires all the employees to bear confidentiality obligations on our business secrets such as information on technology and operation, and not to allow any third parties to know our business secrets in form of disclosure, release or publishing. In order to further secure the interests of the Group and stakeholders, all employees should bear his/her confidentiality obligations for three years after resignation. On the other hand, when cooperating with suppliers, customers and other partners, the Group shall sign confidentiality agreements with them to ensure that the information of both parties are not disclosed, and the privacy rights are not infringed. 6.3.3 Privacy Protection In the process of business operation, the Group's employees of various departments will be in contact with different personal information such as information of customers, shareholders, employees and employment candidates, thus there is a risk of personal information and privacy leakage. In order to reduce the relevant risks, the Group has established The United Laboratories Patient Information Protection Policy and The United Laboratories Information Confidentiality Policy to ensure the Group legally obtains and uses personal information, protects the legal rights and interests of information providers, as well as prevents the risks incurred from improper management of personal information. The system has regulated the methods on collection, use, transmission and storage of personal information, lowered the risks of employees violating relevant laws when processing personal information, and avoided bringing negative impacts to stakeholders. In order to improve the efficiency and effectiveness of patients' information management, the Group has created a mobile office platform system, namely “Smart United Laboratories”. The system integrates a variety of functions. Among them, big data management allows data utilization and analysis to be mobilized and fully popularized among staff. The patient data micro-file system effectively strengthens patient data management, making it easier for customers to pay return visits and use information more securely. The Group's Information Centre will manage and maintain the platform system and take different management measures to prevent leakage or destruction of patient information, such as managing access rights for patient information personnel, and strengthening network security to prevent cyber virus attacks and intrusion of personal information database. Patient information is stored in the platform system according to the length of after- sales service and expired information will be destroyed by the Marketing Department, in which the process is monitored and documented by dedicated personnel. 6.4 Protection of Intellectual Property Rights The Group has made continual breakthroughs in the research and development of pharmaceuticals and innovative production technologies, and therefore the protection of our commodities' patents and intellectual property rights has become an indispensable part of the protection of our products and assets. In order to promote the Group's management of intellectual property rights and to fully develop the benefits of patented commodities and assets, we have established The United Laboratories Intellectual Property Management Measures in accordance with relevant laws and regulations to regulate the patent application and maintenance work. For new technologies, new processes, new formulas, utility models and product packaging designs, the Group will carry out comprehensive patent rights application and maintenance to create favourable conditions for the Group's research, development and innovation. Patent Law of the People’s Republic of China Trademark Law of the People’s Republic of China Copyright Law of the People’s Republic of China Anti-Unfair Competition Law of the People’s Republic of China Relevant Laws and Regulations Intellectual Property Management Aspects Internal Policies The United Laboratories Intellectual Property Management Measures 33 Environmental, Social and Governance Report 2023 The United Laboratories International Holdings Limited