American Heart of Poland

Dear Sirs,

The safety and confidentiality of your data is our priority. We ensure that we always have and will make our best efforts to protect your data by using proper technical and organisational means, including adequate data protection during the development of new services and solutions.

These Terms and Conditions are to inform our Clients and stakeholders about the aim, scope and categories of processing of their personal data, the time of data processing, and their rights, according to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (referred to as GDPR/RODO), in force since 25 May 2018.

Data Administrator and Data Protection Inspector

The administrator of your data is American Heart of Poland S.A., ul. Sanatoryjna 1, 43-450 Ustroń (https://ahop.pl).

As the Data Administrator we are responsible for ensuring the safety of your personal data and its processing, under the applicable law and any contractual provisions. For further information please contact the Data Protection Officer at rodo@ahop.pl (Data Protection Officer Anna Pietryga), or at the Company address.

Data security

To guarantee the security of your data, we conduct an assessment of the impact of personal data processing, whereby considering the risks associated with data processing, and risk analysis for the protective measures used by our company.

Presently, we use verified, high-class preventive measures (including mechanisms monitoring the processing methods), information flow and mechanisms of access to information. We do this in order to ensure that your data is processed not only in compliance with the law, but also following best practices for data security and protection of IT systems.

Currently, your information in our database is not shared outside the European Economic Area (EU). We assure you that if such transfer of data occurs, we will inform you immediately, and place relevant information on our website, including in these Terms and Conditions.

Categories of collected personal data

In relation to the operations of our company, we process (or may process) the following types of your personal data:

Patient information

We process such data to provide services related to the therapeutic process (e.g. diagnosis, choice of therapy, tests, procedures), and dedicated medical services (including post-discharge and telemedicine services), according to the following legal acts: the Act on Health Care Activities, the Medical Professions Act; or based on agreements with commercial (private) patients for a period of no more than 30 years. In each case we strive to ensure the highest quality of services. According to the Act on Patient Rights and the Patient Rights Ombudsman, we can process the data for a period of no more than 30 years, depending on the course of treatment.

Personal data of company employees

This information is processed to fulfil legal obligations, such as those resulting from the Labour Code, which regulates the processing of data by our company in the required period of 50 years. Having obtained proper permission, the company may also use the image of employees to promote various services. To ensure the safety of our employees and their property, we can also process this information with relation to visual monitoring, as well as monitoring of phone calls and the company equipment (IT systems) during employment, or to claim damages after termination of employment.

Data of candidates applying for job

We process this data in the recruitment process, based on the consent provided in the application documents, for one year from the date of document reception.

Personal data of contractors and co-operating entities

We process this data to provide high-quality services to our clients (patients), based on a contract, and within the scope determined in such a contract. Personal data of contractors and co-operating subjects are processed, according to the provisions of law (e.g. the Accounting Act), for five years, and later on for the defence of legal claims in administrative, civil, criminal or court procedures.

Data of persons interested in co-operation with our company

We process this data in order to start so-operation with new clients, following request from subjects interested in our offer, only for the period of negotiations and trade talks. Any information we collect is obtained with your permission, and within the scope of such permission.

Personal data of subjects present on visual monitoring

To ensure your safety, and the safety of your property, we use visual monitoring in the form of technical devices that enable image recording in our facilities. This data is processed to ensure the safety of our guests, patients and personnel, as well as to protect their property. The data is processed for a period of no more than three months. After three months it is removed. If the recording is used as evidence in legal proceedings, the duration of storage is extended until the final ending of the proceedings.

Data of injured parties

We obtain this data from written complaints. It is processed only for the purpose of handling your claims for damages, and for the period required to handle the claims in compliance with the Administrative Procedure Code, and then for the applicable period of limitation, or until the administrative, civil, execution, criminal or court procedures are completed, depending on the nature of the claim.

Data of people who provided consent for marketing purposes

We process this data when you express your consent. The data can be processed to assess the effectiveness of our services, with relation to the medical services we provided (including follow-up on your health, monitoring and reporting), and to send you marketing information regarding the available services in post-procedural healthcare, outpatient healthcare, and other related services. The data is processed using the media specified in the consent (services provided via electronic means, e-mail or phone calls), until you withdraw the consent.

Personal data of animal owners
This data is processed in relation to the services associated with treatment of animals and conducting of necessary tests. We store it for five years from the moment the service is completed.

Other data provided for execution of the co-operation agreements
Our database contains also personal data for which our company is not Administrator, but as a subcontractor we process them with relation to certain duties and contracts, e.g. organisation of summer internships, subcontracting work as part of NCBiR grants. This data is processed for the duration of contract, and for defence of claims in civil, administrative, criminal and court procedures.

Your personal data may be shared with the following categories of recipients:

a) entities co-operating with us with regard to provision of medical services,
b) entities providing equipment maintenance and servicing,
c) entities providing legal services,
d) entities entitled to obtain information pursuant to the binding legal provisions,
e) other entities providing the company with services necessary to achieve the above objectives.

As the Data Administrator, we make every effort to ensure that your information is correct, updated and limited to the minimum required for the implementation of the company’s goals.

Rights of the individual regarding personal data

At every step of processing your data by our company, you have the right to:

  • access your data, including information about the scope of the data processed by our company, and to receive copy of the data,
  • modify and correct your data, including, if there are no other legal contraindications for limiting the scope of processing,
  • complete removal of your data (so-called ‘the right to be forgotten’), if there are no legal contraindications for execution of this right,
  • not to be subject to automated decision making, including the decisions based on profiling,
  • oppose improper processing of personal data (including withdrawal of consent),
  • transfer your data to a different Data Administrator, if the data is processed with relation to a provided consent or a concluded contract.

In order to ensure proper handling of the enquiries regarding your rights, the company prepared a form through which you can request execution of the rights above. You can download the form from our website https://ahop.pl, from the tab in Terms and conditions, as a link to the document. To facilitate completion of the form, and enable faster handling of your request, we provided instructions for completing the form (also available in the link to the document).

Please submit the completed forms in person, in the company’s registered office, via mail, at the company’s registered address, or via e-mail at sekretariat@ahop.pl. Please provide the form with an electronic signature or send a scan of the signed document. Otherwise, your request may not be considered.

Each request is handled individually, and in compliance with the applicable law. Remember that execution of certain rights may be depend on the legal basis used to justify a given purpose for which your data is processed, especially whether the data processing is conditional upon the performance of a contract or a service.

We assure you that as the Data Administrator we make our best efforts to handle your requests without undue delay. The maximum time of processing a request is one month from the date of its reception. However, due to the nature of the request, in certain cases this period may be exceeded. Should such a situation occur, you shall be informed about the delay and its causes. If your request cannot be accepted and considered, you will also be informed.

The first request you submit is free of charge. In case the requests are unjustified or excessive, we reserve the right to charge fees for providing information in the future. You shall be informed about the reasons of such decision, and the fees associated with requests.

We would also like to inform you that in order to ensure a proper level of information security, if we cannot properly identify and authorise you for data reception, we reserve the right to change the channel via which the information will be provided. You shall also be informed about this fact.

If you decide to exercise your right to transfer your data, as the Data Administrator we will transfer your data directly to the Administrator you indicate in your request, for as long as it is technically possible. Should such transfer be impossible, you shall be informed.

Additional information

You have the right to make a complaint if there are justified premises to suspect that your personal data has not been processed in a secure way. You may file the complaint to the supervisory body for personal data protection. In Poland, the supervisory body is the President of the Personal Data Protection Office.

This Policy is in force from 25 May 2018 until its cancellation, and fulfils the legal obligations resulting from Articles 13-14 of GDPR.

In order to continuously improve the services offered to our clients, whereby respecting your rights and privacy, we reserve the right to introduce changes to this Policy.