- This policy applies to the Website operating at the following url: http://cardiomatics.com/
- The Operator of the Website and the personal data Controller is: Cardiomatics Sp. z o.o. ul. Wojciecha Weissa 7, 31-339 Kraków
- E-mail address of the operator: email@example.com
- The Operator is the Controller of your personal data in relation to the data voluntarily provided in the Website.
- The Website uses personal data for the following purposes:
- Running Newsletter
- Handling of form enquiries
- Presentation of the offer or information
- The Website performs the following functions to obtain information about users and their behaviour:
- Through voluntary data entered in the forms, which are entered into the Operator’s systems.
- By storing cookie files on the users’ devices (“cookies”).
- The places where you log in and enter your personal data are protected in the transmission layer (SSL certificate). This way, the personal data and login data entered on the site are encrypted on the user’s computer and can only be read on the target server.
- Personal data stored in the database are encrypted in such a way that only the Operator who holds the key can read them. In this way, the data is protected in case of the database theft from the server.
- Controller’s passwords are protected by hash function. The hash function is unidirectional – it is not possible to reverse it, which is currently the modern standard for storing user passwords.
- The Operator periodically changes its administrative passwords.
- In order to protect data, the Operator regularly makes backup copies.
- An important element of data protection is regular updating of all software used by the Operator to process personal data, which in particular means regular updates of development components.
- The service is hosted (technically maintained) on the following operator’s server: OVH
- In some situations, the Controller has the right to transfer your personal data to other recipients, if it is necessary to perform the agreement concluded with you or to fulfil the obligation to which the Controller is subject. This applies to the following groups of recipients:
- ○ the hosting company on an entrustment basis
- ○ authorised employees and co-workers who use the data in order to achieve the purpose of the website’s operation
- ○ companies providing marketing services to the Controller
- Your personal data is processed by the Controller no longer than it is necessary to perform the related activities specified in separate regulations (e.g. accounting regulations). With regard to marketing data, the data will not be processed for more than 3 years.
- You have the right to request from the Controller to:
- ○ access your personal data,
- ○ rectify them,
- ○ erase them,
- ○ restrict the processing,
- ○ and the right to data portability.
- You have the right to object within the processing indicated in Section 3.3 (c) to the processing of personal data for the purpose of performing legally justified interests of the Controller, including profiling, however, the right to object cannot be exercised where there are valid legitimate grounds for processing, overriding interests, rights and freedoms, in particular the determination, enforcement or defence of claims.
- You have the right to file a complaint against the Controller’s activities with the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warszawa.
- Providing personal data is voluntary, but necessary for the service of the Website.
- You may be subject to actions involving automated decision making, including profiling, in order to provide services under the concluded agreement and to conduct direct marketing by the Controller.
- Personal data will not be transferred to third countries within the meaning of the data protection regulations. This means that we are not transferring them outside the European Union.
- The Website collects information provided voluntarily by the user, including personal data in so far as they are provided.
- The website can store information about connection parameters (time stamp, IP address).
- In some cases, the Website may store information that facilitates the linking of data in the form with the e-mail address of the user who fills in the form. In such a case, the user’s e-mail address appears within the url of the page containing the form.
- The data provided in the form are processed for the purpose resulting from the function of a specific form, e.g. in order to process a service request or commercial contact, registration of services, etc. The context and description of the form shall from time to time clearly indicate what it is used for.
- Information about the behaviour of users on the Website may be subject to server logs. This data is used to control the Website.
- The operator uses a solution to analyse the behaviour of users by creating heat maps and recording the behaviour on the site. This information is anonymized before it is sent to the operator so that the operator does not know which natural person it relates to. In particular, the entered passwords and other personal data are not recorded.
- The Operator applies a solution automating the operation of the Website in relation to users, e.g. can send an e-mail to the user after visiting a specific subpage, if they have agreed to receive commercial correspondence from the Operator.
- Cookies are IT data, in particular text files, which are stored in the end device of Website User and are used to use Website pages. Cookies usually contain the name of the site they come from, the length of time they are stored on the device and a unique number.
- The entity placing cookies on the device of the Website User and obtaining access to them is the Website Operator.
- Cookies are used for the following purposes:
- maintenance of the Website User session (after logging in), thanks to which the Website User does not have to enter login and password again on every subpage of the Website;
- the implementation of the purposes set out above under “Major marketing techniques”;
- Two basic types of cookies are used in the Website: session cookies and persistent cookies. Session cookies are temporary files that are stored in the user’s device until the user logs out, leaves the site or switches off the software (web browser). Persistent cookies are stored in the User’s device for a period of time specified in the parameters of cookies or until they are deleted by the User.
- The browser software (Internet browser) usually allows cookies to be stored by default in the User’s device. The Website Users may change their settings in this respect. The Internet browser enables you to delete cookies. It is also possible to automatically block cookies. You can find detailed information on this issue in the help tab or documentation of your Internet browser.
- Cookies placed in the Website User’s device may also be used by entities cooperating with the operator of the Website, in particular the following companies: Google (Google Inc. with its registered office in the USA), Facebook (Facebook Inc. with its registered office in the USA), Twitter (Twitter Inc. with its registered office in the USA).
- To manage your cookie settings, select the web browser you are using from the list below and follow the instructions:
- Mobile devices:
10. Data mapping / data processed by our organisation
Our organisation processes the following data:
1. Data on employed workers;
2. Data on the family members of the employee;
3. Candidates’ data;
4. Contractors’ data;
5. Co-workers’ data;
6. Sensitive data of patients at registering tests;
7. Archival data.
1. For the purposes of employment / including candidates for employment
These data are necessary for the fulfilment of the employment obligation, including the employee’s settlement with public administration bodies and the social insurance institution. For candidates for employment, we receive data based on the candidate’s consent. With the employee’s consent, we also process family members’ data for the purposes of the Social Insurance Institution (ZUS) and other related issues, such as the settlement of annual tax relief.
Data necessary for the execution of the employment contract:
- first name, last name
- residential address
- date of birth and place of birth, PESEL (Personal identification number)
- identity card number
- employment record
Data collected with the employee’s consent:
- the bank account to which the salary is transferred
- employee’s telephone number for contact
- personal image consent
Personal data of family members obtained from an employee with their consent:
- fist names, last names and PESEL
- place of residence
Personal data of candidates for employment received with voluntary consent included in the CV:
- telephone number and email address
- hobbies, interests
- and other data that the candidate includes in the CV
2. For the purposes of services and agreements, the data of contractors.
We process the data of our contractors in accordance with the Vat law and income tax regulations for settlement purposes. Also the data included in the cooperation agreements according to civil or commercial law. These data include:
- first name and last name
- all company details needed to issue VAT invoices
With the customer’s consent, we also process the data needed for contact:
- telephone number
- email address
3. For the purposes of implementing the cooperation agreement
We process the data of our co-workers in order to implement the cooperation agreement. This data is necessary for the settlement of accounts and to protect the interests of the parties:
- first name and last name
- company’s name and details
- residential address
- PESEL – in contracts for a specific task and contract of mandate
For contact purposes, with the consent of co-workers, we process the following data:
- telephone number
- email address
4. Medical data
The basic and most frequent case of medical data processing is the implementation of the service of automatic ECG signal analysis. According to the agreement on the provision of this service, the responsibility for anonymizing the data rests with the customer using the system, however, if the company receives non-anonymized data, they are deleted. The data processed in the company are the following:
- ECG signal recording
Additionally, due to the frequent collaboration with medical device manufacturers in the past, the company may occasionally be involved in clinical trials of products. In such a situation, the company will have access to the medical records of the patients participating in the tests. This data will be previously anonymized. The data may include:
- medications taken
- medical history
5. Data not processed by the company
We do not require or process other data such as sexual orientation, religious beliefs, political opinions or social networking accounts.