General information clause

We hereby present information on the processing of personal data of persons using the cardiomatics.com portal:

I. Personal Data Controller

The Personal Data Controller is CARDIOMATICS sp. z o.o. with its registered office in Kraków (address: ul. Wojciecha Weissa 7 lok. C1, 31-339 Kraków), KRS: 0000560887, NIP: 6772389521, REGON: 361659943 (“CARDIOMATICS”).

II. Personal Data Controller’s and Data Protection Officer’s contact details

CARDIOMATICS can be contacted by:

  1. phone: +48 536 917 640;
  2. e-mail: dpo@cardiomatics.com;
  3. in writing, to the address of CARDIOMATICS sp. z o.o., ul. Wojciecha Weissa 7 lok. C1, 31-339 Kraków.

III. Objectives and legal basis for data processing

Depending on the situation, CARDIOMATICS may process your personal data for the following purposes:

  1. for the conclusion and performance of a contract in connection with the use of CARDIOMATICS’ services – since the processing of your personal data is necessary for this purpose (Article 6(1)(b) of the GDPR);
  2. for the conclusion and performance of a contract, e.g. a civil law contract, an employment contract – because the processing of your personal data is necessary for this purpose (Article 6(1)(b) of the GDPR);
  3. for the direct marketing (including direct marketing) of products or services, because the processing of your personal data is necessary in order to pursue a legitimate interest (Article 6(1)(f) of the GDPR), i.e. a possibility of advertising and promotion of own products or services, or on the basis of your consent (Article 6(1)(a) of the GDPR);
  4. for the purpose of establishing, asserting or defending ourselves against claims, as processing is necessary in order to pursue a legitimate interest (Article 6(1)(f) of the GDPR), i.e., if necessary, establishing, asserting or defending ourselves against claims;
  5. for the purpose of fulfilling our legal obligations – as the processing in this case is necessary to fulfil the requirements of the applicable provisions (Article 6(1)(c) of the GDPR);
  6. for the purpose of contacting CARDIOMATICS – because processing is necessary in order to pursue a legitimate interest (Article 6(1)(f) of the GDPR), i.e. being able to contact you in order to answer the questions you have asked or to provide the information you expect, or on the basis of your consent (Article 6(1)(a) of the GDPR).

IV. Categories of data recipients

Your personal data may be made available to the following categories of entities:

  1. entities authorised under the law (courts, state authorities, etc.);
  2. subcontractors and other entities with which CARDIOMATICS cooperates;
  3. entities providing services to CARDIOMATICS, such as accounting, IT, marketing, communication, analytical, legal or debt collection services;
  4. companies affiliated with CARDIOMATICS.

In any case, this shall be done in pursuit of the above-mentioned purposes and within the framework of the relevant legal bases for data processing, as well as under a relevant authorisation, a data processing agreement or applicable regulations.

V. Data storage period

CARDIOMATICS will process your data for specific purposes during the following periods:

  1. for the conclusion and performance of a contract in connection with the use of CARDIOMATICS’ services – until the end of the contract concluded with you, then possibly until such time as the claims that may arise from it become time-barred;
  2. for the conclusion and performance of a contract, e.g. a civil law contract, an employment contract – until the end of the contract concluded with you, then possibly until such time as the claims that may arise from it become time-barred;
  3. for the purpose of marketing (including direct marketing) of products or services – until the termination or expiry of your contract, or until you object to the processing of data for this purpose or withdraw your consent;
  4. for the purpose of establishing, asserting or defending ourselves against claims – until such time as such claims become time-barred;
  5. for the purpose of fulfilling our legal obligations – until the expiry of the legal obligations to store data under the law;
  6. for the purpose of contacting CARDIOMATICS – until the matters to which the contact is related are completed or until the consent is withdrawn.

VI. Your rights

In accordance with the GDPR, you have the following rights:

  1. the right to request access to your data and to receive a copy of your data;
  2. the right to rectify (correct) your data;
  3. the right to erasure of data (if there are no grounds for processing personal data, erasure may be requested);
  4. the right to limit the processing of data (you can request that the processing of personal data be limited only to the storage or to the performance of the agreed operations if the data held are inaccurate or processed without any grounds, or if their erasure is impossible due to the need to establish, assert or defend ourselves against claims);
  5. the right to data portability (the right to receive, in a structured, commonly used machine-readable format, personal data provided on the basis of consent, or to have the data transferred directly to another entity);
  6. the right to lodge a complaint with the supervisory authority (if the data are processed in violation of the law, a relevant complaint may be lodged with the President of the Personal Data Protection Office).

In order to exercise your rights, you can send a request to the following e-mail address: dpo@cardiomatics.com, to the CARDIOMATICS’ mailing address or visit CARDIOMATICS’ headquarters. Before exercising your rights, CARDIOMATICS will need to verify your identity.

VII. Right to withdraw consent

You have the right to withdraw the consent you have given to the processing of your personal data at any time by sending an e-mail to: dpo@cardiomatics.com or a letter to the CARDIOMATICS’ mailing address or by phone, by calling: +48 790 261 534. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.

VIII. Right to object

You may, at any time, object to the processing of your personal data, which are processed by CARDIOMATICS in order to pursue a legitimate interest (Article 6(1)(f) of the GDPR), by sending an e-mail to the e-mail address: dpo@cardiomatics.com or a letter to the CARDIOMATICS’ mailing address, or by calling: +48 790 261 534.

IX. Transfer of the data outside European Economic Area

  1. Cardiomatics will transfer your personal data outside the European Economic Area – to a third country, to which the transfer of personal data will take place on the basis of appropriate legal mechanisms such as relevant decisions of the European Commission, standard contractual clauses or other similar legal instruments provided for in the GDPR.
  2. The recipient of your data in the United States is, specifically, HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA.
  3. At any time you have the right to obtain a copy of your personal data transferred to third countries.

X. Information on the requirement or voluntary nature of providing data and the consequences of not providing them

The provision of personal data is voluntary, but it is necessary for carrying out the relevant purposes indicated in Section III.

The consent to the processing of personal data is not a condition for the performance of the contract, including the provision of services, as long as the processing of these personal data is not necessary for the purpose of performing the contract.